Kunal Makwana

Leadership & Mentoring for Cyber Defence:

• Mentoring team of Level 1 and Level 2 analysts within Cyber Defence Operations teams to upskill in various streams of Cyber.
• Managing one direct report and two in-process of hiring with seven indirect reports.

Cyber Defence Capability Uplift:

• Assess and review current Cyber Defence incident response capabilities and identify opportunities for improvement.
• Identify Automation and Orchestration gaps in efforts to reduce manual tasks and improve productivity.
• Review and uplift Cyber Defence metrics for technical and executive audiences.

Threat Intelligence Capability Uplift:

• Develop & implement Transurban’s internal threat intelligence function by defining the end-to-end Intelligence lifecycle, i.e. process for Intelligence requirements, collection, processing, analysing, and dissemination to the relevant stakeholders.
• Establish relationships with external sources, including law enforcement agencies, threat intel-sharing partners & vendors, to receive early warning/information on potential threats against Transurban.
• Develop threat metrics for monthly, quarterly & yearly reporting for business & technology stakeholders.

Security Testing Capability Uplift:

• Coordinate & conduct external penetration testing activities to identify the vulnerabilities and misconfigurations in Transurban systems/applications
• Establish adversary emulation capability by operationalising Mandiant Security Validation
• Uplift Transurban’s Cyber threat detection & response capability by conducting Red & Purple team exercises.
• Uplift Transurban's vulnerability management standard to assist in Patching prioritisation.

Metrics and Documentation related to:

• Cyber Threat Intelligence (framework, processes, technical/tools documentation)
• Vulnerability Management & Penetration Testing
• Cyber Defence playbooks

Ongoing FY 23-24 Projects Involvement:

• Establish and manage MITRE Threat modelling framework aligned to business risks.
• Lead Vulnerability Management Project for successful delivery by providing technical leadership to the project team.
• Lead Threat Intelligence uplift project by providing the requirements and use cases for people, process, and technology uplift.
• Lead and review Cyber Incident response playbooks.
• Lead and review Third-party incident response playbooks.

• Cyber Threat Intelligence strategy and framework development based on Intelligence Lifecycle
• Threat actor/adversary attribution to assist Law enforcement agencies.
• Intelligence Analysis and collection of threats and mapping TTP based on MITRE and identifying patterns for controls assessments
• Malware and Phishing Analysis
• Assisting Fraud operations with client-side detection and mitigation strategies
• Assisting Financial crime operations and the Anti-money laundering team by providing intelligence on trends and techniques in financial crime.
• Supporting SOC operations during Incident Response.
• Vulnerability and patching prioritisation methodology.
• Assisting the Offensive Security team by providing intelligence on threat actor trends and TTP and providing threat scenarios and attack paths
• Assisting physical security team with regards to executive intelligence gathering and monitoring
• Third-party and venture assessment.
• Operationalising threat indicators via threat intel platform and configurations
• Responsible for operational and strategic reporting.
• Review and lead threat management aspects during Audit - SWIFT and CPS234. Assistance in designing organisation-wide incident response playbooks and leading threat management team controls assessments.
• Quarterly user access review and process management aligned with compliance and regulatory requirements.
• Use of GRACE as an internal risk register.
• Mentoring junior analysts.

• Threat hunting - Successfully establishing a threat hunting model and strategy within Westpac.
• Threat Intelligence - Successfully established Threat Intelligence lifecycle-based strategy and framework within Westpac.
• Closed sourced intelligence gathering to improve security posture.
• Malware and reverse engineering: Assisting team with malware cases and extracting observables by analysing malware, especially those targeting financial organisations.
• SOC policies and procedures: Consulting the SOC team regarding various aspects of SOC policies and procedures and assisting in defining incident handling processes.
• SIEM Content development: Consulting SIEM team with required content within SIEM to proactively detect suspicious/malicious activities and assist in tuning SIEM rule sets.
• Assisting Fraud and Financial Crime operations team to improve client-side detection of malware and other abnormal behaviour.
• Assisting management during Audit and Royal Commission.

• A key role in Cyber Risk Service as a Senior Threat Intelligence and Incident Response Specialist-Manager, managing Cyber Intelligence Center's day-to-day operations and consultation and service delivery.
• Consulting point of contact across local and global teams for RISK assessments and industry standards such as ISO27001 and PCI standard process and documentation, including NOC/SIEM team with required architecture to deliver the services.
• Responsible for researching/deploying third-party security feeds, monitoring underground forums and mailing lists to gather information on vulnerabilities and exploits.
• Design, develop and draft operations manual, incident handling processes, and playbook mapped with kill chain methodology.
• Develop specific expertise, discern complex threat actor behaviour patterns, and communicate an understanding of current and developing cyber threats to various levels of customers across disparate industries.
• Security research and open-source intelligence collection to identify indicators of compromise and attack patterns (mapped to MITRE) and operationalising using tools such as MISP, Security Onion, Elastic Search and visualising via kibana.
• Responsible for producing intelligence outputs depicting the current threat landscape and associated risk through customer, community, closed-source and open-source reporting.

• Led the SOC Security Analyst team - Local and international - total 16.
• Responsible for the day-to-day business as usual delivery by SOC security analysts.
• Assisting the team in delivering security analysis, investigations, reporting, and detection strategies and methodology.
• Contracted deliverables were ensuring SLAs.
• Coordinating and scheduling shift resources, prioritising daily security operations tasks and leading security incident response efforts.
• Coordinating with clients and internal teams for ongoing security response actions.
• Maintaining and optimising security operations process and procedure documentation. Travelled overseas (3 months) to set up operations in India and mentor security analysts.
• Conducting skill assessment and gap analysis to determine training requirements.
• Handling internal and client escalations by engaging with key stakeholders.
• Overseeing the team following published SOC policies and procedures.
• Be a subject matter expert across the business' security monitoring service (RTM) and be able to articulate deliverables, limitations, feasibility, etc.
• Conducting verification and validation of reporting security incidents to minimise false positives and increase incident detection rates
• Delivering timely reports to management.
• Vulnerability Assessment and Reporting: Provide detailed analysis and recommendations to the client regarding the vulnerabilities in the network by analyzing reports generated by McAfee, SourceFire or Cisco scan engines.
• Fault & Performance Management Services: Review real-time alerts associated with critical events and system health indicators. Depending on the alert, we engaged a relative team after a thorough investigation.
• Real-Time Threat Monitoring, Incident Response and forensics: Real-time monitoring of the events and device logs from devices like Cisco ASA, McAfee, SourceFire etc., including Firewall/IDPS/WAF/Load Balancer/SCADA logs. Analyze the events thoroughly using external information-gathering tools and apps, packet analysis and device KB to identify whether they are actual or false-positive scan/attack/activity on the network. After thorough forensics and investigation, post-incident reports were provided to the client with actionable recommendations.
• IPS/IDS Tuning: Doing a thorough investigation of triggered signatures from multiple vendor IPS devices such as McAfee, Cisco, Palo Alto, Sourcefire, FortiGate, Juniper, and snort and then provide recommendations to customers. Also, have extensive hands-on experience in using above mentioned IDP systems.
• Threat Intelligence Reporting: Gathering information regarding malicious activities and cybercrime worldwide, filtering those activities down to the Australian market, and providing actionable intelligence to customers by comparing and analyzing the events and trends. Have hands-on experience with products such as Arbor, FireEye and Cisco intellishield.
• RSA net-witness security analytics and ArcSight: Have undergone official training and hands-on product experience. Currently using internally to identify issues and gather further information for investigations and forensics. Successfully passed the certification examination for RSA.

• As an InfoSec and Intelligence analyst worked on information gathering and tactical social engineering cases supporting offensive security team and managing three analysts.
• Designing red team scenarios.
• Managing and validating third-party and service providers' access. Responsible for security-related consultancy and investigation, including responding to alerts generated by network monitoring and vulnerability assessment tools.
• Security Policy guidance and maintenance. Successfully drafted and implemented organisation-wide port-based access control.
• 2nd Level Technical support for the CISCO VIP/Exec employees.
• Active Directory Administration. Creating workgroups and providing access to users.