|
Objective
|
|
| |
Looking for a challenging position in the field of Information Security to utilize my talent and training in contributing to organizational goals.
|
|
|
Personal Statement
|
|
| |
I believe that my proactive nature and ability to think out of the box will help me design better polices, assess vulnerabilities, mitigate threats and risks, build a dynamic, future-proof network topology and maintain productivity of the environment all at the same time.
|
|
|
Work Experience
| |
| |
|
Ntranga Solutions Pvt. Ltd, India, Hyderabad, Andhra Pradesh
|
Sep 2010 - Present
|
Designation: Information Security Engineer
Responsibilities:
Vulnerability Assessment of Business critical assets such as Web, Application & Data Base Servers.
Conduct Routine Penetration test on critical assets as well as workstations.
Incident investigation and response
Windows Patch Management.
Review Windows event logs
Manage Unified Threat Management System, IDS and VPN connection
Monitor the compliance of Security policies and process.
Audit Coordination (ISO 27001).
ISMS Security Gap analysis.
Participated in internal audits (IS).
Writing policies and processes to ensure continued compliance and to determine rigid methods on security.
Build tools and design controls to automate compliance needs.
Projects:
Server Resource Monitoring Tool
Role: Project Designer and Developer
Monitor over all CPU, RAM & VRAM consumption of a Server.
Monitor same parameters for individual process also.
Send email alerts in case the monitored parameter cross a defined threshold.
Cross platform code for Windows, Linux, UNIX & Solaris.
Windows Event Log Archiving Tool
Role: Project Designer and Developer
Archive Windows event logs automatically from all servers and workstations to meet certification needs of log retention policy
Writes the Logs to either a database or a .csv file
Builds static visual reports of day-to-day activity and emails them to the custodian of the assets
|
Academic Research Project: Race Condition Exploitation on 802.11
|
Mar 2009 - Jan 2010
|
Role: Project Lead
Developed the logic for creation and injection of the next data-packet into the wireless network topology.
Maintain incognizance of attacker by not associating to the Access Point and instead use Layer-2 packet injection techniques to communicate with the victim.
Project documented at http://rcx.sf.net
|
Academic Research Project: Exploiting Vulnerabilities of Two-Fact
|
Feb 2009 - Nov 2009
|
Role: Project Lead
Studied the current security implementation of client login system by network traffic analysis.
Developed Proof-Of-Concept code to demonstrate the exploitation of the vulnerability.
Reported the Problem to all major Internet Service Providers in India to patch the vulnerability.
Project is Documented at http://ijack.sf.net
|
|
|
Technical Skills
|
|
| |
Platforms - Windows, Linux, FreeBSD
Programming Languages - Python, Ruby, C, C++, Java
Scripting Languages - JavaScript, HTML, Nessus Attack Script Language (NASL)
Security Tools - Snort Intrusion Detection System
Core Impact
Canvas
Rapid 7 NeXpose
Rapid 7 Metasploit Framework
Nessus Vulnerability Assessment
Nmap
Scapy
Linux IPTables
WireShark Network Packet level Analysis
Aircrack-ng suite for 802.11 Network Vulnerability Assessment and Mitigation
W3AF Web Application auditing
|
|
|
Education
| |
| |
Guru Nanak Engineering College
Bachelor, Computer Science
|
Sep 2006 - May 2010
|
Little Flower Junior College
Intermediate, Math Physics Chemistry
|
Jun 2003 - May 2005
|
Johnson Grammar High School
SSC
|
May 2003
|
|
|
|
Achievements
|
|
| |
|
Secured 1st place in the event 'Hackorama'
|
Sep 2008
|
A National level Web Hacking challenge, organized by Jawaharlal Nehru Technological University, as part of the National level symposium, 'Quest, 2008'.
|
Secured 3rd place in the event 'Binary Pirates'
|
Feb 2009
|
A National level "Capture the Flag" network security challenge, organized by BITS Pilani (Goa Campus), as part of the National Level Technical Fest, 'Quark, 2009'.
|
Secured 2nd Place in the event 'Paper Presentation'
|
Oct 2008
|
A State level technical paper presentation competition , organized by Guru Nanak Engineering College, as part of the State level Technical fest, 'Technofest, 2008'.
|
Participated in the event 'Avant Garde'
|
Sep 2008
|
A National Level technical paper presentation competition, organized by Jawaharlal Nehru Technological University , as part of the National level symposium, 'Quest 2008'.
|
Secured 2nd Place in Inter College Basket Ball Tournament
|
Oct 2007
|
|
|
|
Certifications and Training
|
|
| |
|
Certified Ethical Hacker (CEH)
|
May 2008
|
E-Commerce Council Certified Ethical Hacker.
|
Cisco Certified Netowrk Associate (CCNA)
|
Jul 2008
|
Underwent Cisco Certification Training at Zoom Technologies, Hyderabad.
|
|
|