Nov 2024 – Present · 1 yr 4 mos · Asia · Remote

• Review Board Member, BlackHat Asia

Jan 2024 – Present · 2 yrs 2 mos · Bangalore Urban, Karnataka, India · On-site

• In this role, I help design and architect custom, cutting-edge security solutions to safeguard the Adobe's products and infrastructure. Some of current responsibilities include:
• Developing security architecture frameworks and standards.
• Collaborating with cross-functional teams to integrate security into the product home grown development platforms.
• Designing and implementing security controls for cloud-based environments.
• Evaluating and recommending security technologies and design integrations for Adobe environments.
• Leading security architecture reviews and providing guidance on security best practices.
• Providing security expertise and guidance to stakeholders, including executives and engineering teams.

Dec 2023 – Present · 2 yrs 3 mos · Remote

• BSides Goa is a community-driven cybersecurity conference held annually in Goa, India, focusing on providing a platform for networking, knowledge sharing, and skill development in the field of information security. As a reviewer I evaluate submitted papers, ensuring the quality and relevance of content to the security community.

May 2023 – Dec 2023 · 7 mos · Bengaluru, Karnataka, India · On-site

Jan 2023 – Present · 3 yrs 2 mos · India

• br3akp0int-'Exploring the depths of Defensive Security'. The defensive side of Security is a world in itself with teams achieving amazing feats that involve excellent engineering practices and smart optimisation for scale. This is not talked about enough in the industry. Join me in the br3akp0int podcast as we reflect on the methods and approaches these smart teams use to solve practical challenges in information security and innovate their way into the future.
• Who is this meant for? : This podcast is for anyone in InfoSec willing to know more about advances in security techniques. This includes security researchers or professionals, product owners, compliance or cloud, AI/ML, threat intel, SecOps automation, Security Leaders, development teams, pentesters and security practitioners. https://breakpoint.buzzsprout.com/

Jul 2022 – Dec 2022 · 5 mos

• Security Programs
• Security Champions Program:
• Started the largest and foundational program to integrate the security mindset across product teams
• Trained and created a networks of hundreds of sec champs
• Implemented Effective security practices using the sec champ network
• Secrets Management Program:
• Started and ran the security automation program to manage secrets effectively across DevOps lifecycles for hundreds of projects India wide
• Enabled & Implemented Secret Scanning/Secrets manager across pipelines
• Tracked Secrets check-in and managed check-in prevention in most cases
• Information Security:
• Oversaw various other security functions such as Incident Response, risk management
• Created procedures for security review of other internal support functions
• Created processes for review and assessment for Thoughtworks' non-client products
• Oversaw the development of internal security tools for vulnerability management
• Security Demand Generation & Fulfillment
• Kick-started business unit for security within TWI to meet external and internal demand for Security
• Created and executed multiple security offerings around security assessments, Vulnerability Assessments and Penetration testing, mobile security, Threat Modelling, Source Code Reviews, cloud security, DevSecOps & trainings.
• Created and grown the security team and catered to multiple short/long term engagements/year

Apr 2020 – Sep 2022 · 2 yrs 5 mos

• Security Practices
• Matured the existing security practices for secure delivery of products
• Created multiple trainings and workshops for secure code handling, development practices and security automation(DevSecOps).
• Grew and curated a large security community(of developers & security champions) within India
• Started TW’s own security conference SecConf in 2021 and Youtube channel SEConnect
• Threat Identification & Management
• Established & regularized Threat identification through Iterative Agile Threat Modelling.
• Established effective threat tracking & management for 73% of accounts India wide
• Enhanced Threat Modelling frequency from adhoc to at least once a quarter or more for 39% of the accounts
• Identified hundreds of threats across applications and helped resolved High/Critical threats for projects

Feb 2019 – Mar 2020 · 1 yr 1 mo

• Started working as AppSec Specialist for Thoughtworks India. Work involved assessing security for various projects and helping resolve security challenges across tech stacks, designs and business scenarios using manual and automated techniques.

Apr 2022 – Present · 3 yrs 11 mos

• BSides Singapore is an annual information security conference. It is a conference by the community for the community. As part of the Review board at BSidesSG, I like to identify and promote practical and advanced cyber security research through talks and workshops.

Nov 2020 – Feb 2024 · 3 yrs 3 mos · https://cs-coe.iisc.ac.in/marketplace-expert-panel/

• Volunteering to share my experience to ensure students and professionals get exposed to the best in quality trainings available in the market. This initiative is driven in collaboration with IISc & Govt. of Karnataka.

Mar 2020 – Present · 6 yrs · https://nullcon.net/review-panel/neelu-tripathy

• As part of the Review board at Nullcon(Asia's largest Security Conference), I am contributing to finding and promoting cutting edge research in information security. I like to bring forth the best and most impactful research from the awesome submissions we get at Nullcon.

Jul 2018 – Jan 2019 · 6 mos

• For this period I was leading and structuring red teaming & external penetration testing engagements for these larger organizations. This involved not only conducting the testing involving hundreds(thousands) of applications/IPs but also structuring the engagement, ensuring coverage, motivating teams to find relevant entry points into the network, reporting and communicating with the team and client all through the engagements.

May 2016 – Jun 2018 · 2 yrs 1 mo

• Through this time I was actively involved in carrying out mass reconnaissance, red teaming, external penetration tensing for some of the larger organizations. This involved conducting engagements involving 100s of applications and thousands of IPs (very large network ranges) for the clients.

Jun 2011 – Jul 2011 · 1 mo · Mumbai Area, India

• Conducted and supported trainings for Web Application Security courses at IIS.

Jan 2008 – Sep 2011 · 3 yrs 8 mos

• Conducted Vulnerability assessments and penetration tests for Network and web applications
• Interacted with clients to process the engagement, find estimates and worked on proposals
• Worked as a developer and tester for VC++, MATLAB platforms