Result-driven & Certified Cyber Security Specialist & Professional with 5+ years of experience, possessing great strength in Threat Hunting & Management, Incident Response, Offensive Security, Red Team, Ethical Hacking, Penetration testing, Vulnerability Assessment, Malware analysis and Security Audits & Assessment.
Always ready to take challenges and adaptable to change. Believe in flawless execution of administrative activities, with high attention to detail, organization, and process, along with exception teamwork skills, and a strong ability to offer suggestions and improvement to process and to work effectively with all personalities, whilst maintaining and respecting a high level of confidentiality, discernment, and judgment, with flexibility in response to changing priorities and needs.
Life Philosophy: “नातिक्रान्तानि शोचेत प्रस्तुतान्यनागतानि चित्यानि ।”
✔ Spearheading Threat Hunting initiatives, proactively identifying And mitigating threats through advanced threat intelligence and anomaly detection.
✔ Leading swift and effective responses to security incidents, enhancing overall resilience. Made various Automations, resulting in reduced response times and valuable insights.
✔ Conducting comprehensive threat hunting activities across 10+ entities and verticals, encompassing over 200,000 endpoints and assets using a combination of threat intelligence feeds with enrich security event data with contextual information, including IOCs and TTPs, behavioral analytics, and machine learning models to proactively identify and investigate potential security threats.
✔ Developing and executing advanced threat hunting queries and playbooks to detect and respond to sophisticated cyber threats, including APTs and zero-day attacks.
✔ Developing and maintaining custom correlation rules, queries, and dashboards within the SIEM/XDR platform to identify patterns indicative of malicious behavior.
✔ Working with L2-L3 analysts to fine-tune XDR and SIEM detection/correlation rules and signatures to reduce false positives and increase the accuracy of threat detection, leveraging insights gained from incident analysis and threat intelligence.
✔ Participating in red team exercises and simulated cyberattack scenarios to validate the effectiveness of detection and response capabilities and identify areas for improvement.
✔ Assisting in the development and implementation of security policies, procedures, and controls to ensure compliance with industry regulations and standards.
✔ Carrying continuous learning through certifications and courses to maintain a proactive stance against evolving threats, contributing significantly to overall security effectiveness.
✔ Leading Project Member, Designed and developed multiple tools for Penetration Testing, Security Assessments, and targeted attack simulations, especially in Windows environment.
✔ Automated 18 -20% of operational tasks & activities involved on regular basis.
✔ Built multiple Windows Apps and Tools to assist in Red Teaming & Offensive Security.
✔ Performed and reported Multiple Application Audits, Vulnerability Assessments / Penetration Testing for IT infrastructure including network devices, operating systems, Databases, applications.
✔ Developed multiple PoCs for past vulnerabilities as well newly discovered vulnerabilities & exploits.
✔ Conducted various Red & Blue Teams Operations in Authorized Simulated Environment.
✔ Worked on Multiple Red teaming based advisory TTPs Frameworks, Tested & implemented various APT’s TTP’s, Recent Exploits & Vulnerabilities Re-buildings & Demonstrations with working results & output with their mitigative procedures & solutions.
✔ Performed Server management as well Infra-Structure Security Maintenances.
✔ Dark Web & Forums Monitoring & Analysis of trends & Report Breaches & Incidents to Org.
✔ Conducted penetration testing engagements and simulated Red teaming Ops for org’s clients in various industries, including law enforcements, defense, government, healthcare, and finance sector.
✔ Identified & exploited multiple associated vulnerabilities in OS, web apps, and network infrastructure, then presented findings/recommendations to clients in detailed written and verbal reports.
𝐂𝐥𝐢𝐞𝐧𝐭𝐬: Various Law Enforcement Agencies, Defense Personnel, & Academic Institutions.
𝐏𝐫𝐨𝐣𝐞𝐜𝐭𝐬 & 𝐏𝐫𝐨𝐩𝐨𝐬𝐚𝐥𝐬: (Confidential)
✔ 𝟏. Threat Intelligence Report: Conducted in-depth research & analysis on emerging cyber threats, providing actionable intelligence to inform their cyber security operations.
✔ 𝟐. Malware Research & Development: Worked on Malware & C&C Frameworks, exploring TTPs of APT groups into developing Tools to assist in Red Teaming & Offensive Security.
✔ 𝟑. Vulnerability Assessments: Conducted vulnerability assessments for various clients, identifying potential weaknesses & providing recommendations to mitigate risks.
✔ 𝟒. Penetration Testing: Performed comprehensive penetration testings, identifying vulnerabilities & providing recommendations to enhance their network security.
✔ 𝟓. Incident Response Plan: Developed customized incident response plans, ensuring they were prepared to respond to cyber security incidents effectively.
✔ 𝟔. Cyber Security Trainings: Designed & delivered cyber security training programs, focusing on threat hunting, digital forensics, & Incident response.
✔ 𝟕. Proposals Writings: Written multiple proposals for different cyber security projects, highlighting their capabilities & approach to addressing the client's requirements.
✔ 𝟖. Compliance Audit: Performed compliance audits for clients, ensuring their cyber security practices aligned with relevant regulations & standards.
✔ 𝟗. Security Architecture Design: Designed & implemented secure architecture solutions for clients, incorporating best practices & industry standards.
✔ 𝟏𝟎. Cyber Security Strategy: Developed comprehensive cyber security strategies for clients, aligning their security posture with their objectives.
Subjects Studied:
Mathematical Foundation for Cyber Security, Cyber Crimes/Ethics and Laws, Research Methodology and IPR, Constitution of India, Defense Programming in Python, Digital Forensic, Ethical Hacking, Web and Database Security, Malware Analysis, Operating system and Host Security, Business Analytics, Machine LearningSubjects Studied:
Computer Programming and Utilization, Data Structure, Database Management Systems, Operating System, Object Oriented Programming With C++, Computer Organization, Numerical and Statistical Methods for Computer Engineering, Computer Networks, Cyber Security, Design Engineering, Analysis and Design of Algorithms, Object Oriented Programming using JAVA, Microprocessor and Interfacing, System Programming, Software Engineering, Theory of Computation, Advanced Java, Web Technology, Distributed operating system, Compiler Design, Information and Network Security, Mobile Computing and Wireless Communication, Python Programming, Data Mining and Business Intelligence, Artificial Intelligence✔ Adversary ATTACK's Simulation wrt TTP’s
✔ Building RedTeaming & Pentesting Related Tools & Frameworks
✔ Specialised in Web Apps & Windows Related
✔ Implementing Prototypes, POCs and Exploits for testing Infra Security
✔ Vulnerabilities Scanning and Assessments
✔ Exploiting & Pentesting Vulnerable Web Apps
✔ Php, JS, json, API, based Web Solution Pentesting & Assessments
✔ Providing mitigation And relevant security measures & solutions
✔ Windows & Android Forensics
✔ Systems & Network Forensics
✔ Identify, Preserve, Analyze, Document & Reporting of Digital Evidences/Assets
✔ Advanced Incident Response & Threat Hunting
✔ Evidences/Assets Handling, Risk Analysis & Mitigations
✔ Examine, Identify & helping understand nature of Cyber-Threats/Malwares
✔ Analyze & Reversing Malwares Samples Related to Windows, Linux, Android & Web Apps
✔ Researching & Dissecting recent trending malwares
✔ Implementing Detection & Prevention Methodologies
✔ Getting into Red Teaming
{*for permitted & Ethical Purposes Only}
✔ Offensive Security Concepts & Methodologies
✔ Ethical Hacking & Pentesting
✔ Malware Analysis & Reverse Engineering
✔ Exploring Dark Web & Deep Forums
✔ Enterprise & Industrial levels Customizations
* All Courses & Trainings includes & focuses majorly on Practicals & Live Hands-On Labs/Challenges.✔ Helping folks to dive into ocean of CyberSec
✔ Spreading cybersec awanreness & vigilance and contribute to community for all, enriching their secskills n expertises
✔ Providing dedicated Solutions & Frameworks to Law enforcements entities, Defense personals, Academic Universities & Institutions