Ashwin K K

Product Manager

Bengaluru, Karnataka, India12 yrs 9 mos experience

Highly Stable

Key Highlights

Led SDLC processes reducing vulnerabilities by 50%.
Achieved 95% resolution of critical issues in penetration testing.
Conducted threat modeling mitigating 80% of critical risks.

Stackforce AI infers this person is a Cybersecurity Architect specializing in secure product development and risk management.

Contact

Skills

Core Skills

Product SecuritySecurity Architecture DesignSecurity Risk ManagementSecurity EngineeringVulnerability AssessmentSecurity AnalysisVulnerability Management

Other Skills

DevSecOpsLeadershipRisk AssessmentThreat ModelingWeb Application Security AssessmentCloud SecurityPenetration TestingTime ManagementWeb Application SecurityTeam BuildingEU Cyber Resilience Act (CRA)Security ManagementProject ManagementDICOMHL7 Standards

About

With over 12 years of experience in product security, I specialize in designing and implementing secure solutions that align with global standards and best practices. As a Product Security Architect at Honeywell, I focus on secure-by-design principles, threat modeling, risk assessment, and security risk management to develop resilient systems. My contributions include leading the deployment of Secure Product Development Lifecycle (SDLC) processes and conducting comprehensive risk assessments to mitigate vulnerabilities effectively. Committed to fostering a culture of cybersecurity awareness, I enable teams to align security strategies with organizational goals. By leveraging expertise in security engineering, I aim to safeguard products against evolving threats while ensuring compliance with the EU Cyber Resilience Act. My mission is to drive innovation in cybersecurity, contributing to robust and secure product ecosystems.

Experience

12 yrs 9 mos

Total Experience

3 yrs 3 mos

Average Tenure

2 yrs 11 mos

Current Experience

Honeywell

Product Security Architect

Jun 2023 – Present · 2 yrs 11 mos · Bengaluru, Karnataka, India

With over a decade of dedicated experience in product security, I have committed myself to designing, implementing, and sustaining secure products that adhere to global standards and industry best practices. My expertise lies in secure-by-design principles, threat modeling, risk assessment, and comprehensive security risk management.
Key Achievements:
I led the creation and deployment of Secure Product Development Lifecycle (SDLC) processes, driving a 50% reduction in product vulnerabilities within two years—a testament to the power of proactive security integration.
By conducting comprehensive threat modeling and risk assessments for high-impact releases, my teams and I successfully identified and mitigated 80% of critical risks before deployment, ensuring safer products for customers.
Tackling security incidents head-on, I directed root cause analyses and introduced proactive strategies, cutting post-release patching efforts by 40% and improving operational efficiency.
Collaboration has always been at the heart of my work. Partnering with multidisciplinary engineering teams, we introduced advanced security features, shrinking product attack surfaces by 60% and fortifying our defense mechanisms.
Spearheading new security architectures for legacy systems, enhancing resilience against common cyber threats by 70%.
Championing DevSecOps methodologies, which integrated security seamlessly into CI/CD pipelines, shortening deployment timelines by 20%.
And working alongside global teams to implement cutting-edge cryptographic mechanisms, safeguarding data confidentiality and integrity in 100% of new products.
Security is more than just processes and frameworks; it’s about people. I’ve had the privilege of delivering workshops to developers and engineers, enhancing secure coding practices and adopting secure by design principle.
As a leader, I’m not just committed to solving today’s challenges but also to envisioning a secure and resilient future.

DevSecOpsLeadershipProduct SecuritySecurity Architecture Design

Philips

Senior Security Specialist

Nov 2018 – Jun 2023 · 4 yrs 7 mos · Bengaluru, Karnataka, India

With over 8 years of strategic leadership in product security, I demonstrated expertise in threat modeling, security process implementation and standardization, vulnerability assessments, and comprehensive security reviews. My experience spans diverse platforms, including web and desktop applications, network infrastructure, cloud environments such as AWS and Azure, containerized solutions with Kubernetes and Docker, and mobile device management (MDM) security, driving robust and scalable security strategies across organizations.
Conducted penetration testing on 100+ applications, delivering high-quality vulnerability reports, which resulted in 95% resolution of critical and high severity issues.
Designed and implemented threat modeling methodologies, reducing security vulnerabilities in new products by 50%, ensuring "secure by design" principles.
Developed and standardized security processes across the organization, aligning with industry best practices and achieving a 30% improvement in the security posture of products.
Reviewed and optimized security configurations for AWS and Azure environments, enhancing cloud security posture by 40%.
Conducted in-depth reviews of Docker and Kubernetes security configurations, ensuring containerized applications adhered to security standards.
Identified and mitigated security risks in medical devices containing PHI and PII, preventing potential data breaches and regulatory penalties.
Collaborated with engineering teams to embed security features and controls in the SDLC, achieving 20% faster vulnerability resolution timelines.
Implemented a new SDLC security process, significantly improving the overall security framework for product development and delivery.
Proactively addressed emerging security threats by staying current with the latest trends and technologies, sharing insights with cross-functional teams.

Web Application Security AssessmentCloud SecuritySecurity EngineeringVulnerability Assessment

Cognizant

Security Analyst

Aug 2016 – Nov 2018 · 2 yrs 3 mos · Bangalore

Successfully defined, planned, implemented, maintained, and upgraded security measures, policies, and controls, improving the organization’s overall security posture by 30%, as evidenced by reduced critical vulnerabilities across projects.
Worked on 50+ projects, delivering tailored security solutions and ensuring robust protection against vulnerabilities in 100% of applications assessed.
Handled multiple projects primarily focused on web application security testing and source code reviews, identifying 90%+ compliance with security standards post-remediation.
Performed mobile source code reviews for Android and iOS applications, uncovering and remediating 95% of critical vulnerabilities within agreed timelines.
Identified and reported critical issues, including SQL Injection, DOM-based Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), hardcoded passwords, weak cryptography, and best practice violations, reducing the risk exposure by 40%.
Provided solutioning and remediation for vulnerabilities that were bottlenecks for customer projects, resulting in a 20% improvement in project delivery timelines by aligning development teams with secure coding practices.
Collaborated with development teams to implement tailored solutions and remediation strategies, reducing recurring vulnerabilities by 50% and enhancing overall code security.
Managed reports and metrics for each release, achieving 100% on-time delivery of security assessments, ensuring stakeholder satisfaction.
Received tokens of appreciation for identifying and addressing 100% of showstopper vulnerabilities, which significantly reduced project risks and improved delivery outcomes.

Web Application Security AssessmentTime ManagementSecurity AnalysisVulnerability Management

Mphasis

Security Engineer

Aug 2013 – Aug 2016 · 3 yrs · Greater Bengaluru Area

Conducted vulnerability assessments and penetration testing on web applications to identify security weaknesses, ensuring alignment with industry standards such as OWASP Top 10.
Performed black-box testing using advanced tools like Burp Suite Pro and IBM AppScan, successfully identifying and mitigating critical vulnerabilities.
Executed source code reviews to identify insecure coding patterns and utilized platforms like Veracode to enhance application security.
Managed the complete vulnerability management lifecycle, from detection to remediation tracking and reporting, ensuring effective risk mitigation.
Delivered knowledge-sharing sessions as an internal trainer, focusing on secure coding practices and advanced security testing techniques to upskill team members.
Conducted interviews to recruit and mentor new team members, leveraging deep expertise in the Security Analyst domain to build high-performing teams.
Specialized in securing applications within the Banking & Financial industry, ensuring compliance with industry standards and minimizing risks to critical systems.

Web Application Security AssessmentTeam BuildingSecurity EngineeringVulnerability Management