A Global Talent Visa (GTV) and Permanent Resident (PR) holder with extensive leadership experience in Information Security and DevSecOps.
I specialize in managing comprehensive cybersecurity initiatives and leading high-performing teams to safeguard digital assets. My expertise includes:
Recognized for consistently delivering results, I align security protocols with evolving business needs by leveraging cutting-edge technologies to strengthen overall security posture and operational integrity.
Governing and Uplifting the Maturity of Security Controls
This initiative focuses on enhancing the maturity of cyber security controls through strategic governance, collaboration, and continuous improvement. The goal is to strengthen the organization's security posture by proactively managing risks, ensuring compliance, and fostering a strong security culture.
Key Objectives & Responsibilities
DevSecOps, Automation, and Security Maturity
This initiative focuses on enhancing the organization's cybersecurity posture by integrating security directly into the software development lifecycle, automating key processes, and fostering a strong security-first culture. As a Lead Security Specialist, I have driven multiple projects to mature security controls and ensure proactive risk management.
Core Projects and Achievements
Key Responsibilities & Impact
Agile Security & Security in DevOps Implementation
As a Lead Security Expert, my work centered on integrating agile security principles and DevSecOps practices to enhance cybersecurity and streamline development processes. I provided strategic guidance on technologies, tools, and processes, acting as a key liaison between business leadership and technical teams to ensure security was a core component of every initiative.
Key Objectives & Responsibilities
Information Security Specialist Services
Provided expert security services to major global clients, including TALKTALK, WALMART, and BMW, specializing in application and infrastructure security, vulnerability management, and secure software development lifecycles (SDLC).
Key Projects and Contributions
Access Management: Implemented key security features, including Single Sign-On (SSO), Risk-Based Authentication, and Two-Factor Authentication (2FA).
Vulnerability & Penetration Testing:
Conducted in-depth vulnerability assessments and penetration testing with a 12-member team.
Mitigation Planning: Analyzed scan reports and provided actionable plans for mitigation and corrective measures.
Secure Implementation of Monitor Warning Functionality for Falcon Aircraft
Roles and Responsibilities:
Vulnerability Assessment and Auditing:
As a Security System Engineer I have performed a vulnerability assessment and audit of the product to identify security flaws.
System Safety Requirements Development: Developed system safety requirements based on direct interaction with the customer.
Information Delivery System Implementation: Implemented a system to provide pilots and co-pilots with information in the form of messages, alerts, and warnings.
Software Modelling of a Railway Ticket Vending Machine (RTVM)
Roles and Responsibilities:
System Design: Designed the RTVM system using UML.
Software Development: Developed the RTVM system using C++.
Vulnerability Management: Identified and mitigated security vulnerabilities within the system.
Project Management: Handled almost the complete project, including both modeling and security assessment.
As a Training Consultant, you have a proven ability to develop and deliver technical training programs, enhance team capabilities, and strategically improve learning outcomes.
Key Responsibilities
Cybersecurity & DevSecOps: Proficient in DevSecOps, Container Security (CWPP), and Application/Mobile Security Expertise spans Risk Analysis, Threat Modeling, and securing complex environments, including Embedded Systems
Cloud & DevOps: Extensive experience with Cloud Computing on AWS Skilled in DevOps methodologies and utilizing a wide array of CI/CD tools such as Jenkins, Docker, and Kubernetes
Tools & Platforms:
CI/CD: AWS, Jira, SVN, GIT, GITHUB, GITLAB, Jenkins, Aqua Trivy, Nexus IQ, JFrog Artifactory, SonarQube, Nagios, Ansible
Security Scanning: Burp Suite Enterprise & Pro, Contrast (IAST), Netsparker, Kryptowire, Checkmarx, HP-Webinspect, HP-Fortify SCA, IBM-Appscan, Synopsys – Seeker, Kenna, CyberPort, IriusRisk
Standards & Frameworks: Well-versed in key industry standards and frameworks, including NIST CSF, ISO 27001, PCI DSS, and Metasploit Experience with DO178B, OOPS, and UML for structured development and documentation
Specialized Knowledge: Practical knowledge of Model-Based Development (MBD) and Real-Time Operating Systems (RTOS)
Key Recognitions and Achievements