PROFESSIONAL SUMMARY

  • Information Security professional with 10+ years of work experience and master’s degree in Information Assurance.
  • Strong experience of Infrastructure Security handling VA | PT, Red team activities, DFIR & Security Engineering.
  • Experienced in threat modeling and performing various security assessments and analyzing security posture.
  • Experienced in developing and implementing GRC program across the organization.
  • Experienced in identifying and implementing opportunities to drive effectiveness and efficiency into the IT risk Management process with strong knowledge on NIST 800-37 (RMF).
  • Strong understanding about control objectives, cyber security frameworks, compliance and regulatory requirements from NIST CSF, NIST 800-53, ISO27k, NYCRR Part 500, PCI DSS and GDPR.

SKILLS

OFFENSIVE SECURITY

Penetration Testing

  • I have conducted penetration tests against organizations ranging from 150 – 5000 employees with thousands of assets and billions of dollars in revenue.
  • Scoped and determined rules of engagement with senior security leadership.
  • Executed and managed team execution of network infrastructure, web application, and physical penetration testing engagements.
  • Plan and manage low to mid-size security assessments.
  • Assess the security posture of various internal and third-party products and services through penetration tests document findings explaining the steps to recreate the vulnerabilities found and the mitigation strategy perform threat and risk analysis for various internal products and services.
  • Interact with customers to provide cyber security solutions.
  • Help defense teams better secure the corporate network through purple team exercises and friendly hacking.

Social Engineering

  • Social engineering assessments in conjunction with penetration tests but tested the limits of the customer by utilizing advanced tactics and techniques.
  • Bypass email security controls to increase campaign efficacy.
  • Draft highly targeted phishing campaigns based on audience and mission objectives.
  • Apply OSINT to identify key recipients of targeted campaigns design and implement phishing infrastructure.

Red Teaming (Adversarial Simulation)

  • Develop comprehensive attack threads indicative of target industry, relevant adversarial objectives (Advanced Persistent Threats), playbook development, attack chaining and automation.
  • Manage red team operators – positioning team members based on mission objectives, tradecraft and expertise.

DEFENSIVE SECURITY

  • On many occasions, incident responders, security leadership, and consumers of offensive engagement deliverables would require perspective and additional consultation
  • Determining courses of action based on defense objectives and using frameworks such as MITRE ATT&CK
  • Developing Indicators of Compromise and implementation placement for detection

Digital Forensics

  • Identify, collect, examine and analyze the data while preserving the integrity of data and maintaining strict Chain of Custody (CoC) following industry standard guidelines.
  • Forensic techniques are used for retrieving evidence from computers following NIST SP 800-86 and ISO 27037 Standards.
  • Acquisition and preservation of digital evidence to ensure its integrity.