
Security Consultant
London, United Kingdom

Security Consultant
London, United Kingdom
Information security professional with more than 5 years of experience in security architecture, risk analysis and management, application security, network security, vulnerability assessments, penetration testing, secure software development and compliance. Has worked for multiple clients including banks, insurance companies, government agencies, conglomerates and internal company projects.
Currently holds the CISSP, CSSLP and CEH certifications. Has passed the CISM exam and expects to get certified soon as soon as the endorsement process is completed.
Security architecture, risk analysis and management, application security, network security, vulnerability assessments, penetration testing, secure software development and compliance.
(Public Company; IBM; Information Technology and Services industry)
August 2009 — January 2010 (6 months)
(Public Company; Information Technology and Services industry)
January 2009 — August 2009 (8 months)
I am the “embedded” security expert for a large development team consisting of 4 sub-teams, about 15 project managers and approximately 140+ developers and other members. My job consists of primarily the following functions:
(a) Security evangelism
(b) Guidance for secure application development
(c) Incident handling assistance
(d) Third-party (supplier/vendor) Security Reviews
(e) Security evaluations of new technologies and tools
(Public Company; Information Technology and Services industry)
April 2008 — December 2008 (9 months)
I Was one of the primary security architects and project leaders on the security team of my client company responsible for:
(a) Secure SDLC support
(b) Defense in depth (network, application, OS, processes, people etc.) security assessments
(c) Security tool evaluations
(d) Incident handling assistance
(e) Security policy reviews and formulation
(f) Third-party (supplier) security reviews
(Public Company; Information Technology and Services industry)
April 2007 — March 2008 (1 year )
Was responsible for:
(a) Security research
(b) Security tool evaluations
(c) Network security architecture
(d) Application security architecture
(e) Secure SDLC support
(Public Company; Information Technology and Services industry)
October 2006 — March 2007 (6 months)
Was the customer-facing service leader for the application vulnerability assessment service of the Application Security Center of Excellence in the client’s company. I was responsible for:
(a) Application vulnerability assessments
(b) Automated application vulnerability scans
(c) Security tool evaluations
(Public Company; Information Technology and Services industry)
February 2006 — September 2006 (8 months)
I was a member of the GCP-IRM (Global Consulting Practice – Information Risk Management) team of TCS. I worked on a number of short-term and medium-term security projects for various Indian companies, foreign companies as well as the TCS CSO (Chief Security Officer). Primary responsibilities included:
(a) Network vulnerability assessments and penetration testing
(b) Network security architecture
(c) Application vulnerability assessments and penetration testing
(d) Application security architecture
(e) Security source code reviews
(f) Security policy formulation
(Public Company; Information Technology and Services industry)
August 2004 — January 2006 (1 year 6 months)
Was a member of the Software R&D wing of TCS (TRDDC) that focused on software (tools and methodologies) to make software better and faster.
(Privately Held; Computer & Network Security industry)
January 2004 — April 2004 (4 months)
Worked on developing Blackout, a host-based anti-nmap tool that would mislead nmap's OS fingerprinting capability.
(Educational Institution; Higher Education industry)
August 2002 — December 2002 (5 months)
Teaching assistant for DBMS course offered to 2nd year BTech undergraduate students.
MS (IT) , 2002 — 2004
B.C.A (Bachelors of Computer Applications) , 1999 — 2002
Information security, web technologies, web design, usability, economics, politics, sociology, new media