Sairam Jetty

• Spearheaded Cyber Security initiatives within the program team, elevating the agency's security posture through innovative strategies and proactive measures.

• Collaborated closely with the program manager, guided by the CISO, to devise and execute time-sensitive security initiatives, effectively addressing identified audit gaps.

• Functioned as a SME, supporting the implementation of Protective Markings using Microsoft Purview Information Protection across the agency, ensuring comprehensive data security.

• Coordinated communication with external agencies and Microsoft, identifying and swiftly rectifying critical flaws in the Microsoft Information Protection (MIP) framework to safeguard sensitive information.

• Lead cross-agency collaboration, mitigating project impact and facilitating successful project deliveries through meticulous coordination and stakeholder engagement.

• Worked with the Director of Risk Management to architect and implement a robust Privileged Access Management (PAM) standard, bolstering internal security protocols.

• Led the technical implementation of CyberArk PAM tool, refining operational processes and improving access controls.

• Helped design a hybrid Security Operations Center (SOC) model, optimizing digital asset coverage and improving incident response capabilities.

• Assisted in the development of SOC and Security Information and Event Management (SIEM) requirements, driving the deployment of a SIEM solution.

• Developed SIEM use cases and contributed to the development of comprehensive incident response playbooks, enhancing organizational resilience in the face of cyber incidents.

• Collaborated closely with the Security Architect to define requirements and devise high-level designs for Secure Access Service Edge (SASE) / Secure Service Edge (SSE) frameworks, ensuring robust network security.

• Assisted with Information Value Assessments and Security Risk Assessments in collaboration with security advisors.

• Lead technical changes in collaboration with Managed Security Service Providers (MSSPs), ensuring alignment with organizational security objectives and standards.

• Played a pivotal role in the development of business requirements, technical documentation, testing materials, and security policies, ensuring adherence to regulatory mandates and industry best practices.

• Assisted with Security Awareness projects across the organization where required.

• Assisted in achieving compliance with OVIC, ISO 27001:2022 and Essential 8 where required.

• Provide pre-sales support for project proposals, RFP/RFQ responses, budgeting, and SOW preparation for sales teams.
• Collaborate with government and private entities to perform third-party risk assessments.
• Advise clients on security-inclusive network/application architecture design.
• Participate in client security roadmap development, policy/SOP development.
• Create threat models using MITRE ATT&CK, STRIDE, and OWASP frameworks.
• Map threats to vulnerabilities for Secure SDLC.
• Lead technical security assessments: Web/Mobile/Infrastructure.
• Conduct Red Team assessments for security weaknesses.
• Perform Cloud Security Assessments with tools like AWS Inspector, Tenable Nessus.
• Assist clients with compliance: ISO, NIST, Essential 8, or custom standards.
• Conduct third-party risk assessments.
• Enhance cyber security awareness through training and phishing campaigns.
• Lead secure code reviews using SAST tools like Checkmarx, HP Fortify.
• Present outcomes to Director & "C" level executives.
• Lead client remediation meetings for security control establishment.

• Helped the pre-sales team to budget various activities and create SOW's.
• Liaise with client to understand individual project requirements and prepare project plan.
• Liaise with various teams involved in the project to gather audit requirements.
• Create and publish threat models and test cases specific to each project - Create, review and publish security audit reports.
• Performed CTF model red team exercises for various clients and successfully achieved outcomes within 4-5 days of testing.
• Discuss and assist various teams involved in the project to understand and remediate reported vulnerabilities.
• Helped organizations design vulnerability management programs along with mitigation strategies.
• Manual and automated web/mobile/API application penetration testing based on OWASP Top 10 standards.
• Perform/Lead secure code reviews using SAST tools like checkmarx or HP Fortify. Review the results with developers and helping with their remediation activities.
• Performed wireless network penetration testing for various clients to identify weakness and provide solutions to mitigate them.

• Managed end to end security testing as a third-party consulting company with a team of 10 security testers - Report to Director of IT Security (Biggest Telecom operator in UAE) with a budget of 1.2 million US dollars.
• Liaise with client to understand individual project requirements and prepare project plan.
• Liaise with various teams involved in the project to gather audit requirements.
• Create and publish threat models and test cases specific to each project - Create, review and publish security audit reports.
• Discuss and assist various teams involved in the project to understand and remediate reported vulnerabilities.
• Helped organizations design vulnerability management programs along with mitigation strategies.
• Help client achieve ISO and PCI certifications and act as SME on behalf of the client to evaluate third parties.
• Manual and automated web/mobile/API application penetration testing based on OWASP Top 10 standards.
• Internal and External Network penetration testing using Nessus, Openvas, Qualysguard, Nmap, Kali Linux.
• Performed wireless network penetration testing for various clients to identify weakness and provide solutions to mitigate them.
• Secure Network Architecture Review and Firewall Rule Base Audits.
• ATM Security Assessment and Exploitative Penetration Testing.
• Secure Code Reviews, Spear Phishing and Social Engineering Activities.