Creative and experienced cyber security professional with 8 years of experience across diverse industries. Proven ability to combine vision, ingenuity, and technical capabilities with well - developed project management and leadership qualities to support organization cyber security.
AREAS OF EXPERTISE:
- Security Assessments Application Security Cloud Security
- Social Engineering Policies Development Threat Management
- SIEM Risk and Compliance Management Devsecops / CI/ CD
- Vulnerability Assessments Penetration Testing Source Code Review
Operating Systems: Windows Desktop and Server, Kali Linux, Ubuntu, Parrot OS, WIFISlax
Programming Languages: C, C++, Java
Scripting Languages: Java script, Perl, PHP, Python, Bash, Power Shell
Data Analytics: R, Python Pandas, Weka
Networking: TCP/IP, IEEE 802.11, Wireless, Cisco Routing & Switching, IoT Protocols
Databases: My SQL, MS SQL, Mongo DB, Dynamo DB
DAST Tools: Veracode, Burpsuit, OWASP ZAP, Netsparker, IBM App Scan
SAST Tools: IBM AppScan Source, Checkmarx CxSAST, HP Fortify, SonarQube
Network Scanners: Nessus, Open Vas, Metasploit, Armitage, Nexpose, Qualys Guard, Accunetix
Penetration Testing Tools: NMAP, WIFI Phisher, AirCrack-ng, SQLMAP, Powersploit, BeEF, Impacket, THC- Hydra, OllyDBG, Immunity Debugger, Mona py, Social Engineering Tool Kit, w3af, wireshark, TCPDump Syslog-ng, rsyslog, OWASP ZAP, multiple opensource tools
Version Control System: Git, SVN
CI/CD tools: Ansible, Bamboo, Chef, Puppet, Jenkins, AWS CodeDeploy, CodePipeline and CloudFormation, Cloud Watch and GIT lab
SIEM: Splunk, Sumologic and ELK stack
Cloud Computing: Amazon Web Services (AWS)
Audit Standards: PCI DSS, SSAE-16, NIST, CIS, HIPAA, HITRUST, ISO -27001 and 27002
Confidential, Plano, TX
Cyber Security Consultant
- Conducted Information Security awareness training and email phishing campaign to promote security practices for Health Care client (4000+ employees).
- Participated in collaborative projects with Data Mangement, Networking, Cloud Security and Development teams regarding patch management, vulnerability remediation and application source code review.
- Developing inhouse Vulnerability Assessment plans, Penetration Testing methodologies and automation tools to achieve DevSecOps using python programming language and DevOps concepts.
- Developed IT operational policies, processes, methodologies applicable to organizational security, management and complaince. Collaborative work with multiple teams to answer HIPAA compliance audit questionnaire for Heath Care Client.
Confidential, Buffalo, NY
Cyber Security Consultant
- Designed and implemented vulnerability assessments and penetration testing for multiple clients in Western New York region to achieve SOX, ISO 27000, PCI and HIPAA Compliance.
- Designed and deployed multiple applications using IDS/IPS, Firewalls, WAF, AWS stack (Including EC2, Route53, S3, RDS, Dynamo DB, SNS, SQS, IAM) focused to run penetration testing on Cloud Infrastructure.
- Conducted Web Application Scanning (Internal and External) and API Testing (Postman) for multiples clients, developed road maps and remediation plans following OWASP Top-10 vulnerabilities and SANS Top-25 Vulnerabilities.
- Configured and Integrated SIEM into clients existing enterprise logging solutions, SAST tools (Checkmarks, Fortify) and DAST Tools (IBM App Scan, Nessus, Netsparker) into client’s CI/CD Infrastructure.
- Developed organization security awareness programs for social engineering and conducted email phishing campaigns.
- Designed, developed and implemented several IT security policies and procedures for multiple clients.
Confidential, Dallas, TX
Information Security Intern / DevSecOps
- Configured and integrated multiple SAST and DAST tools with DevOps infrastructure for secure code reviewing and vulnerability assessment.
- Worked on Sumologic, Splunk and multiple SIEM tools for internal and external network log monitoring, auditing and analysis.
- Conducted periodic penetration tests on cloud, network and web applications.
- Worked on “IoT Security Analytics: DDoS Detection using Machine Learning” project with DPSL lab, TAMUC.
- Collaborated research with Trojan Hardware Research Team on Anomaly Detection Project, University of Alabama, Birmingham.
- Designed and Implemented 'Cyber Security and Project Management in STEM education' independent study course curriculum for Master’s and Bachelor’s degree graduates.
- Led TAMUC cyber security team for various collegiate and national level CTF's and Hackathons.
- Performed attack simulations, vulnerability assessments and penetration testing on client network, web applications and mobile applications to detect threat agents and security flaws.
- Created exploitation strategies for web applications and networks which identified technical and operational vulnerabilities.
- Experienced in Installing Firmware upgrades, kernel patches, systems configuration, performance tuning on windows/Linux systems.
- Maintained system hardening, antivirus, firewalls, and techniques for analyzing TCP/IP network traffic and event logs.