Oct 2021 – Nov 2023 · 2 yrs 1 mo

Oct 2020 – Sep 2021 · 11 mos

Aug 2021 – Present · 4 yrs 7 mos · https://boringappsec.substack.com/

• AppSec isn't boring. In fact, it’s fascinating! However, the industry tends to focus a lot of energy on the new shiny object. The latest Critical bug or the latest RASP tool or how AI/ML gobbledygook can make the world a better place. The thing is, in addition to keeping up with the latest trends, successful AppSec programs also do the boring things really well (think building an app inventory). This newsletter is about those “boring” things.
• Subscribe here: https://boringappsec.substack.com/

Dec 2016 – Oct 2020 · 3 yrs 10 mos · Bangalore, India

Aug 2016 – Nov 2016 · 3 mos

• 1. Understand client's application security needs and propose solutions
• 2. Lead execution of complex projects including architecture risk analysis, red teaming, scalable vulnerability assessments, scalable source code review etc.
• 3. Explain security concepts, pen test results etc. to various stakeholders in client organization (including developers, architects, compliance teams, CXOs etc.)
• 4. Assist sales with business development effort across the APAC region

Nov 2015 – Jul 2016 · 8 mos

• I work with Cigital's APAC clients (Financial, Technology, eCommerce etc.) to understand their Application Security needs and propose appropriate solutions.
• In addition, I ensure the quality of deliverables reaching our clients is top-notch.
• I specifically assist clients in the following areas:
• Application Security Testing (web applications, mobile applications, thick clients)
• Source code review, including static analysis using industry standard tools
• Security design reviews
• Building new and improving existing application security programs
• Finally, I work with other leaders in Cigital Asia to grow our consultant pool. This includes assisting in recruitment, training new employees and mentoring our talented consultants.

Feb 2015 – Nov 2015 · 9 mos

Aug 2013 – Jan 2015 · 1 yr 5 mos

• Perform various kinds of software security assessments including Ethical Hacking, Source Code Review and Architecture Analysis
• Assist clients in setting up various software security capabilities
• Work with Developers to mitigate security vulnerabilities
• Effectively communicate software security related information with various parts of the client organizations including business teams and upper management

Jan 2012 – Aug 2013 · 1 yr 7 mos

• Perform various software security duties which help clients improve their application security posture
• Performs Ethical Hacking, Static Code Analysis and develop Threat Models for software
• Help clients develop risk mitigation strategies and implement them.

Jun 2011 – Jan 2012 · 7 mos

• Manual and Automated Static Code Analysis (J2EE)
• Manual and Automated Dynamic Analysis (Penetration Testing)
• Basic Threat Modeling

Mar 2014 – Sep 2015 · 1 yr 6 mos · Bangalore

Jun 2010 – Jun 2011 · 1 yr

• Certify various applications for compliance with the AppSec plan
• Certification involved Web Vulnerability Assessment, Code Scanning, Data Sensitivity Analysis, Network and Firewall Analysis etc
• Performance evaluation of various commercial Web Application Firewall solutions to suit needs of the organization
• Developed and Support Risk Acceptance Proposal System (RAP). A Java-GWT based ticketing system
• Helped different teams with their Application Security Plan. Involves defining various aspects of their security architecture and brainstorm solutions

Jul 2009 – Sep 2009 · 2 mos

• Setup Development and Production servers (Ubuntu) for the PCE tool.
• Designed the backup and recovery mechanisms for PCE tool server.

Sep 2008 – Sep 2009 · 1 yr

• Migrated servers of GWU Wiki and Gelman blogs. These websites run on servers with LAMP (Linux, Apache, MySQL, PHP) architecture
• Maintained GWOmeka and Gelman Library servers.

Sep 2007 – Jul 2008 · 10 mos

• Developed EET (Error Export Tool), a Java/J2EE tool to retrieve files from a remote database and present it in XML format
• EET Improved response time to client queries by over 30%
• Deployed applications on to the UNIX server using the TIBCO Admin tool
• Coordinated with multiple teams spread across the globe as part of the Production Support - Deployment team

Jan 2007 – Jun 2007 · 5 mos

• - Developed a mechanism to detect un-authorized modifications to files using custom Hash algorithm based on MD5