Jan 2023 – Mar 2023 · 2 mos

• -Served as a substitute part-time faculty member at University of Portland in spring of 2023 and delivered lectures on Ethics, Cybersecurity laws and privacy, IAM, OSINT and Social Engineering.

Oct 2021 – Oct 2022 · 1 yr

May 2021 – Dec 2021 · 7 mos

• Collaborating and acting as a security advisor to the Product teams when new digital technologies and/or business needs are identified.
• Establishing product security roadmap of deliverables and milestones including incremental onboarding of in scope online banking products and services.
• Evaluating product security (posture) against emerging security threats and industry trends.
• Conducting user experience, product security modernization and enhancement reviews.
• Managing security risks through contract reviews and negotiations (e.g., data breach notification, damage reparation, data ownership, access controls and safeguarding requirements).
• Advisory and Consulting support on First Line Governance, Risk and Compliance Strategy, Threat Modeling, Azure Security Compliance and Microsoft 365 Security Compliance.
• Educating and providing transparency to key stakeholders through distributing regular communications about online banking product management practices, security control status and maturity improvements.
• Collaborating and working with the relevant team(s) to identify solutions to security control gaps (breakdowns), process improvements (control automation) and/or facilitating the risk acceptance process as needed.
• Tracking, coordinating and monitoring bug fixes and garnering support for security feature enhancements including active participation in vendor feature roadmap discussions.
• Understanding the interactions between systems, applications, and services within the environment, and evaluating the impact of security changes or additions.
• KPI/KRI Reporting to Senior Management and Key Stakeholders.

Apr 2017 – Mar 2020 · 2 yrs 11 mos · The Randstad, Netherlands

• Contributed in maintaining IT Risk within the Overall Risk Appetite with a focus on risk mitigation and prevention to achieve sustainable IT risk measurement score for the IT assets.
• Advisory and Consulting support on Business Impact Assessments, Threat Modeling, Security Architecture Review, Cloud security, Business Continuity, Security Operations, Vulnerability Management, Security Assessments, GDPR Compliance, Security Event Monitoring, Identity and
• Access Management, Change Management and Vendor Risk Governance with a focus on “Security and Privacy by design” to minimize risks.
• Managed the expectations of diverse stakeholders including Business Owners, Data Owners, IT Management, Risk Managers, Third party suppliers, Internal/External Auditors and DevOps teams.
• Facilitated “Advanced Persistent Threat” Analysis with a diverse set of stakeholders for mission-critical applications to proactively identify and document potential fraudulent activities and business logic vulnerabilities and to mitigate them before actual occurrence.
• Balanced the themes of "Compliance" and "Security" in the overall risk strategy and spearheaded training for diverse set of stakeholders including DevOps teams and management in collaboration with Bank CISO to promote the culture of "Security is everyone's priority and responsibility".
• Supported the DevOps teams on Secure Architecture & Design Review, Secure Code Review and integrating Security in the CI/CD pipeline.
• Conducted Vulnerability Assessment & Penetration Testing for Applications, Infrastructure, APIs.
• Presented IT Risk and Security business proposals to clients in Belgium, Spain and Netherlands.
• Winner of two major hackathons focused on Automating IT Risk Processes and minimizing manual effort for repetitive tasks.

Jan 2012 – Jan 2017 · 5 yrs · India

• Penetration testing, Secure Code Review and Security Consulting and Advisory support for clients across Banking and Financial Services, Retail, Telecom and Health Care domains in India, Indonesia and Europe.
• Alignment with customer/business for security strategy definition and adoption of “Shift left” approach. Adherence to required regulatory requirements.
• Identifying and Exploiting network and application level vulnerabilities in order to illustrate risks and provide prioritized recommendations to clients.
• Conducted 100+ hours of Information Security Awareness sessions on OWASP Top 10 and Security Programming with specialized topics on Authentication, Authorization , Session Management, Data Security , Client Side Attacks , Data Validation.
• Presented 10+ TCS – Security presales and expertise sessions to CXO’s, Director, Senior Technical Manager, Senior Executive members of companies
• Alignment with customer/business in order to define the requirements for the websites, requirement analysis and design approach definition and security strategy definition.
• Testing, Identifying and Exploiting network and application level vulnerabilities in order to illustrate risks and provide prioritized recommendations to clients.
• Handling the Request For Proposals, Estimation and Resource Loading for Security test assessments.
• Business requirements gathering and translation into sales and marketing collaterals.
• Creating brand visibility and customer touch points through integrated brand campaigns, account based marketing, media relations, industry partnerships and thought leadership.
• Designing Process, Roadmaps, Strategy, Plans, RACI for Application Security Programs.

Jun 2011 – Aug 2011 · 2 mos

• Worked on the project titled "RSA Encryption and its Acceleration Using Random Precalculation" which compared the algorithmic complexity of RSA & Random Precaculation model of encryption in real time.