Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
International Recognitions / National Talks / Mentoring Appreciations from renowned Org’s
Publications
Timeline
Generic
SAI DEVULAPALLI

SAI DEVULAPALLI

Sydney,NSW

Summary

A Global Talent Visa (GTV) and Permanent Resident (PR) holder with extensive leadership experience in Information Security and DevSecOps.

I specialize in managing comprehensive cybersecurity initiatives and leading high-performing teams to safeguard digital assets. My expertise includes:

  • Implementing advanced security controls to mitigate risks and prevent breaches.
  • Developing robust security strategies and crafting effective incident response plans.
  • Proactively identifying vulnerabilities to enhance organizational resilience through innovative risk management.

Recognized for consistently delivering results, I align security protocols with evolving business needs by leveraging cutting-edge technologies to strengthen overall security posture and operational integrity.

Overview

18
18
years of professional experience
1
1
Certification

Work History

Senior Manager – Cyber Security

HSBC
06.2022 - Current


Governing and Uplifting the Maturity of Security Controls
This initiative focuses on enhancing the maturity of cyber security controls through strategic governance, collaboration, and continuous improvement. The goal is to strengthen the organization's security posture by proactively managing risks, ensuring compliance, and fostering a strong security culture.


Key Objectives & Responsibilities

  • Risk & Vulnerability Management: Govern the closure of identified external and internal vulnerabilities across all business functions. This includes leading Data at Rest (DAR) scanning of shared drives and SharePoint sites to identify and fix data-related vulnerabilities.
  • Compliance & Assurance: Utilize the NIST Cybersecurity Framework to perform Control Monitoring and Assurance (CMA) on key controls. The objective is to assess the current risk posture and address gaps by raising issues for remediation. Additionally, map HSBC controls to CPS 234 regulations to ensure regulatory compliance.
  • Threat Intelligence & Incident Response: Identify design-level threats using tools like Irius Risk and analyze emerging threats to provide strategic recommendations for system improvements. Direct incident response teams to manage security breaches efficiently, reducing response time and minimizing impact.
  • Security Strategy & Protocols: Lead the development and implementation of comprehensive cybersecurity strategies to mitigate risks. This involves collaborating with cross-functional teams to enhance security protocols and conducting regular audits to identify and fix gaps promptly.
  • Third-Party & Vendor Security: Evaluate third-party vendor security practices to maintain high standards of data protection and manage associated risks.
  • Cybersecurity Awareness & Training: Increase cyber awareness across all teams and business functions by conducting regular training sessions. Develop comprehensive training programs for employees and mentor junior cybersecurity professionals to foster skill development and knowledge sharing.
  • Business Continuity: Coordinate disaster recovery exercises to validate the effectiveness of business continuity plans and ensure organizational resilience against cyber incidents.


Sr. Associate Director - Cyber Security

HSBC
04.2018 - 05.2022


DevSecOps, Automation, and Security Maturity
This initiative focuses on enhancing the organization's cybersecurity posture by integrating security directly into the software development lifecycle, automating key processes, and fostering a strong security-first culture. As a Lead Security Specialist, I have driven multiple projects to mature security controls and ensure proactive risk management.


Core Projects and Achievements

  • Project Shunya: As the project lead, I guided the team toward a state of Zero Defects, Zero Outages, and Zero Effort. This initiative successfully streamlined operations and improved overall efficiency by focusing on automation and quality at every stage.
  • Cyberflows: I was the key architect and a primary driver behind Cyberflows, a custom-built abstraction layer. This innovation standardized communication with diverse cybersecurity tools, eliminating inconsistent implementations and delivering a more effective and consistent security output.
  • Cybersecurity Awareness & Automation: I designed and implemented a comprehensive awareness program to educate employees on recognizing and mitigating malware attacks. To support this, I developed a custom Outlook add-on that automates the reporting of suspicious emails, empowering the Security Operations Center (SOC) to respond to threats more efficiently.


Key Responsibilities & Impact

  • DevSecOps Integration: Championed the transition to a robust DevSecOps pipeline by embedding Static, Dynamic, and Interactive Application Security Testing (SAST, DAST, IAST) tools directly into the CI/CD process.
  • Compliance & Frameworks: Ensured the organization's adherence to industry frameworks, including NIST, ISO 27001, and PCI DSS. I successfully led a PCI DSS compliance assessment to protect cardholder data and prevent potential breaches.
  • Security Enablement: Provided expert guidance and training to development teams and business stakeholders, keeping them informed of the latest security insights and fostering a collaborative, security-conscious environment.

Lead Consultant - Cyber Security

Cigniti
03.2017 - 04.2018


Agile Security & Security in DevOps Implementation

As a Lead Security Expert, my work centered on integrating agile security principles and DevSecOps practices to enhance cybersecurity and streamline development processes. I provided strategic guidance on technologies, tools, and processes, acting as a key liaison between business leadership and technical teams to ensure security was a core component of every initiative.


Key Objectives & Responsibilities

  • DevSecOps Pipeline Implementation: I designed and implemented a comprehensive, end-to-end DevSecOps pipeline on AWS, from initial requirements gathering to final deployment, ensuring security was embedded at every stage.
  • Business Analysis & Strategic Translation: I served as the primary Business Analysis Point of Contact (POC) for a 25-member Advisory & Transformation Services (ATS) team. In this role, I effectively translated business goals and feature concepts into prioritized product requirements and user stories, working directly with C-suite executives and the management team of a U.S.-based startup.
  • Process Improvement: I conducted in-depth gap analyses to identify and address inefficiencies within test processes, including Defect Management, Metrics, Requirement Traceability, and Release Management, leading to significant improvements in overall workflow and product quality.

Senior Security Consultant

Infosys Limited
12.2012 - 03.2017


Information Security Specialist Services
Provided expert security services to major global clients, including TALKTALK, WALMART, and BMW, specializing in application and infrastructure security, vulnerability management, and secure software development lifecycles (SDLC).


Key Projects and Contributions


  • TALKTALK (Telecommunications, UK)
    Focused on securing web applications by embedding a Secure SDLC to identify and mitigate vulnerabilities early in the development process.
    Architectural Security: Actively participated in architectural discussions to ensure security was built into the design from the ground up.
    Security Audits: Performed comprehensive architecture and process audits on all online applications to identify security gaps.
    Remediation & Training: Reviewed security scan reports, provided detailed action plans for remediation, and delivered targeted security training to developers, testers, and architects.
  • WALMART (Dashboard Applications)
    Led the implementation of robust security features for Walmart's dashboard applications using OpenAM (ForgeRock' Open Identity Stack).

Access Management: Implemented key security features, including Single Sign-On (SSO), Risk-Based Authentication, and Two-Factor Authentication (2FA).

Vulnerability & Penetration Testing:

Conducted in-depth vulnerability assessments and penetration testing with a 12-member team.

Mitigation Planning: Analyzed scan reports and provided actionable plans for mitigation and corrective measures.

  • BMW (Infrastructure & Applications)
    Secured and monitored BMW's internal and external infrastructure and application estates, with a focus on strategic Vulnerability Management and penetration testing.
    Team Leadership: Led an 18-member team to perform comprehensive vulnerability assessments and penetration testing on their infrastructure and portals.
    Vulnerability Remediation: Reviewed scan reports and developed effective action plans to mitigate identified vulnerabilities and ensure continuous security.

Senior Engineer

Honeywell Technologies Pvt. Ltd
08.2008 - 12.2012


Secure Implementation of Monitor Warning Functionality for Falcon Aircraft


Roles and Responsibilities:
Vulnerability Assessment and Auditing:

As a Security System Engineer I have performed a vulnerability assessment and audit of the product to identify security flaws.
System Safety Requirements Development: Developed system safety requirements based on direct interaction with the customer.
Information Delivery System Implementation: Implemented a system to provide pilots and co-pilots with information in the form of messages, alerts, and warnings.


Software Modelling of a Railway Ticket Vending Machine (RTVM)

Roles and Responsibilities:
System Design: Designed the RTVM system using UML.
Software Development: Developed the RTVM system using C++.
Vulnerability Management: Identified and mitigated security vulnerabilities within the system.
Project Management: Handled almost the complete project, including both modeling and security assessment.

Training consultant

Silver Software (Silver Atena)
06.2007 - 05.2008


As a Training Consultant, you have a proven ability to develop and deliver technical training programs, enhance team capabilities, and strategically improve learning outcomes.


Key Responsibilities

  • Delivered comprehensive training on foundational and advanced topics, including C, C++, Real-Time Operating Systems (RTOS), and Embedded systems concepts for new hires and junior staff.
  • Developed and implemented impactful training programs by conducting needs assessments to identify knowledge gaps and create targeted learning solutions.
  • Mentored junior trainers and facilitated workshops to foster collaboration and improve the consistency and quality of training delivery across the team.
  • Analyzed participant feedback and learning metrics to continuously refine course content, ensuring high engagement and a measurable improvement in employee skills and performance.

Education

Master of Science - Engineering

Coventry University
Coventry City
01-2007

Master of Science - Electronics And Communications Engineering

Andhra University
01-2004

Bachelor of Science - Electronics And Communications Engineering

Andhra University
01-2002

Skills

    Cybersecurity & DevSecOps: Proficient in DevSecOps, Container Security (CWPP), and Application/Mobile Security Expertise spans Risk Analysis, Threat Modeling, and securing complex environments, including Embedded Systems
    Cloud & DevOps: Extensive experience with Cloud Computing on AWS Skilled in DevOps methodologies and utilizing a wide array of CI/CD tools such as Jenkins, Docker, and Kubernetes
    Tools & Platforms:
    CI/CD: AWS, Jira, SVN, GIT, GITHUB, GITLAB, Jenkins, Aqua Trivy, Nexus IQ, JFrog Artifactory, SonarQube, Nagios, Ansible
    Security Scanning: Burp Suite Enterprise & Pro, Contrast (IAST), Netsparker, Kryptowire, Checkmarx, HP-Webinspect, HP-Fortify SCA, IBM-Appscan, Synopsys – Seeker, Kenna, CyberPort, IriusRisk

    Standards & Frameworks: Well-versed in key industry standards and frameworks, including NIST CSF, ISO 27001, PCI DSS, and Metasploit Experience with DO178B, OOPS, and UML for structured development and documentation
    Specialized Knowledge: Practical knowledge of Model-Based Development (MBD) and Real-Time Operating Systems (RTOS)

Accomplishments

  • Exceptional Talent Recognition: Awarded the Global Talent Visa by the Australian Government for exceptional skills in the field of information security and Information technology.
  • Academic Excellence: Graduated with a Gold Medal from Coventry University, U.K., for an M.Sc. in Engineering in 2007. I received a cash award for the successful publication in the SHODHA journal and a Best Paper Award from Balaguruswamy for a publication in the NCCT-06 National conference.
  • Research & Publications: Published five research papers in various academic journals and national conferences, including a certified paper on "Low-Cost Anti-collision avoidance on ground" in the Freedom to Innovate '06 Contest.
  • Innovation & Impact: Engineered the Cyberflows Abstraction layer, a solution that documented and resolved security platform-related problems for developers, leading to platform independence and an estimated savings of $1 million over five years.
  • Professional & Team Recognition: Received multiple accolades, including a Bravo and Team Excellence Award for successfully completing a program in Defense & Space. I also received a Spot Award from Honeywell Technologies for outstanding performance and commitment in the Defense & Graphics sector, including recognition for working extended hours to complete a program successfully.

Certification

  • CISM (Certified Information Security Manager) from ISACA in March 2022
  • Certified Lead ISO 27001 Security Auditor from TUV SUD in June 2021
  • Certified AWS Security Speciality from AWS in Feb 2021
  • Certified AWS Solution Associate Architect from AWS in Dec 2020
  • CCSP (Cloud Certified Security Professional) from LinkedIn in March 2020
  • Cyber Stars for Business Certificated from ProQual Governing Body in June 2020
  • CEH (Certified Ethical Hacker) Certification version 7 from EC-Council
  • COBIT 5.0 (Control Objectives for Information & Related Technologies) Certified from ISACA
  • CP-DOF (Certified Professional in DevOps Foundation) from Agile Test & DevOps++ Alliance
  • PGDCA (Post Graduate Diploma in Computer Application) Certification from APEL, Hyderabad, India

International Recognitions / National Talks / Mentoring Appreciations from renowned Org’s

Key Recognitions and Achievements

  • Cybersecurity and Technical Excellence: I have been recognized for identifying dangerous security vulnerabilities in major international systems, including those of United Airlines, Ariel, and Barracuda. My work has earned me prestigious awards, such as the Pioneer Award from HSBC's Head of Security and CISO, as well as multiple spot awards from Honeywell for my outstanding contributions.
  • Thought Leadership and Public Speaking: I am one of the respected voices in the industry, having delivered technical talks on security and other topics at prominent forums like IETS, CSI, and Infosys. My technical talks have earned me accolades, including an Appreciation from the AVP and BU Head of Infosys for a "Best Technical Talk on Security" in 2016.
  • Training and Mentorship: I have a strong background in education and mentorship, having trained diverse groups from engineering students to corporate employees.I have received appreciation letters from both Andhra University and Raghu Engineering College for my work training M.Tech and Engineering students on a wide range of technologies, including Linux Kernel, RTOS, and Secure Coding Principles. I have also conducted workshops on MATLAB and provided extensive training on Embedded Systems and VxWorks in various engineering college and premier institutes.

Publications

  • Saikumar D, et.al. “Bringing up PowerPC Core of Xilinx-V2P30 using Linux”, SCTII-2007, Rourkela, Orissa, India Pp.189-192
  • Saikumar D, et.al. “Low-cost collision avoidance on ground” Freedom to Innovate ‘2006 contest at Honeywell Technology Solutions Lab, Bangalore, March 24, 2006
  • Saikumar D, et.al “Real Time Software modeling of Railway Ticket Vending Machine for Reservation”, The Technical Journal of MSRSAS, SASTECH, Vol. V, No.1, April 2006, Pp.24-29
  • Saikumar D, et.al.“Real Time Software Modeling of Railway Ticket Vending Machine for Reservation Using Unified Modeling Language” NCCT-06, Sivakashi, India Pp.494-498
  • Saikumar D, “Internet: The Information super-Highway” Computer Society of India (CSI) on Emerging Technologies in IT, SCIT-2000, Visakhapatnam, India. Serial. No-53

Timeline

Senior Manager – Cyber Security

HSBC
06.2022 - Current

Sr. Associate Director - Cyber Security

HSBC
04.2018 - 05.2022

Lead Consultant - Cyber Security

Cigniti
03.2017 - 04.2018

Senior Security Consultant

Infosys Limited
12.2012 - 03.2017

Senior Engineer

Honeywell Technologies Pvt. Ltd
08.2008 - 12.2012

Training consultant

Silver Software (Silver Atena)
06.2007 - 05.2008

Master of Science - Engineering

Coventry University

Master of Science - Electronics And Communications Engineering

Andhra University

Bachelor of Science - Electronics And Communications Engineering

Andhra University
SAI DEVULAPALLI