SUMMARY:

Creative and experienced cyber security professional with 8 years of experience across diverse industries. Proven ability to combine vision, ingenuity, and technical capabilities with well - developed project management and leadership qualities to support organization cyber security.

AREAS OF EXPERTISE:

• Security Assessments Application Security Cloud Security
• Social Engineering Policies Development Threat Management
• SIEM Risk and Compliance Management Devsecops / CI/ CD
• Vulnerability Assessments Penetration Testing Source Code Review

TECHNICAL SKILLS:

Operating Systems: Windows Desktop and Server, Kali Linux, Ubuntu, Parrot OS, WIFISlax

Programming Languages: C, C++, Java

Scripting Languages: Java script, Perl, PHP, Python, Bash, Power Shell

Data Analytics: R, Python Pandas, Weka

Networking: TCP/IP, IEEE 802.11, Wireless, Cisco Routing & Switching, IoT Protocols

Databases: My SQL, MS SQL, Mongo DB, Dynamo DB

DAST Tools: Veracode, Burpsuit, OWASP ZAP, Netsparker, IBM App Scan

SAST Tools: IBM AppScan Source, Checkmarx CxSAST, HP Fortify, SonarQube

Network Scanners: Nessus, Open Vas, Metasploit, Armitage, Nexpose, Qualys Guard, Accunetix

Penetration Testing Tools: NMAP, WIFI Phisher, AirCrack-ng, SQLMAP, Powersploit, BeEF, Impacket, THC- Hydra, OllyDBG, Immunity Debugger, Mona py, Social Engineering Tool Kit, w3af, wireshark, TCPDump Syslog-ng, rsyslog, OWASP ZAP, multiple opensource tools

Version Control System: Git, SVN

CI/CD tools: Ansible, Bamboo, Chef, Puppet, Jenkins, AWS CodeDeploy, CodePipeline and CloudFormation, Cloud Watch and GIT lab

SIEM: Splunk, Sumologic and ELK stack

Cloud Computing: Amazon Web Services (AWS)

Audit Standards: PCI DSS, SSAE-16, NIST, CIS, HIPAA, HITRUST, ISO -27001 and 27002

EMPLOYMENT DETAILS:

Confidential, Plano, TX

Cyber Security Consultant

Responsibilities:

• Conducted Information Security awareness training and email phishing campaign to promote security practices for Health Care client (4000+ employees).
• Participated in collaborative projects with Data Mangement, Networking, Cloud Security and Development teams regarding patch management, vulnerability remediation and application source code review.
• Developing inhouse Vulnerability Assessment plans, Penetration Testing methodologies and automation tools to achieve DevSecOps using python programming language and DevOps concepts.
• Developed IT operational policies, processes, methodologies applicable to organizational security, management and complaince. Collaborative work with multiple teams to answer HIPAA compliance audit questionnaire for Heath Care Client.

Confidential, Buffalo, NY

Cyber Security Consultant

Responsibilities:

• Designed and implemented vulnerability assessments and penetration testing for multiple clients in Western New York region to achieve SOX, ISO 27000, PCI and HIPAA Compliance.
• Designed and deployed multiple applications using IDS/IPS, Firewalls, WAF, AWS stack (Including EC2, Route53, S3, RDS, Dynamo DB, SNS, SQS, IAM) focused to run penetration testing on Cloud Infrastructure.
• Conducted Web Application Scanning (Internal and External) and API Testing (Postman) for multiples clients, developed road maps and remediation plans following OWASP Top-10 vulnerabilities and SANS Top-25 Vulnerabilities.
• Configured and Integrated SIEM into clients existing enterprise logging solutions, SAST tools (Checkmarks, Fortify) and DAST Tools (IBM App Scan, Nessus, Netsparker) into client’s CI/CD Infrastructure.
• Developed organization security awareness programs for social engineering and conducted email phishing campaigns.
• Designed, developed and implemented several IT security policies and procedures for multiple clients.

Confidential, Dallas, TX

Information Security Intern / DevSecOps

Responsibilities:

• Configured and integrated multiple SAST and DAST tools with DevOps infrastructure for secure code reviewing and vulnerability assessment.
• Worked on Sumologic, Splunk and multiple SIEM tools for internal and external network log monitoring, auditing and analysis.
• Conducted periodic penetration tests on cloud, network and web applications.

Confidential, TX

Research Assistant

Responsibilities:

• Worked on “IoT Security Analytics: DDoS Detection using Machine Learning” project with DPSL lab, TAMUC.
• Collaborated research with Trojan Hardware Research Team on Anomaly Detection Project, University of Alabama, Birmingham.
• Designed and Implemented 'Cyber Security and Project Management in STEM education' independent study course curriculum for Master’s and Bachelor’s degree graduates.
• Led TAMUC cyber security team for various collegiate and national level CTF's and Hackathons.

Confidential

Security Analyst

Responsibilities:

• Performed attack simulations, vulnerability assessments and penetration testing on client network, web applications and mobile applications to detect threat agents and security flaws.
• Created exploitation strategies for web applications and networks which identified technical and operational vulnerabilities.
• Experienced in Installing Firmware upgrades, kernel patches, systems configuration, performance tuning on windows/Linux systems.
• Maintained system hardening, antivirus, firewalls, and techniques for analyzing TCP/IP network traffic and event logs.