Vulnerability Management Cyber Security

Page * of *

Prasad Yada

818-***-**** (Mobile) ad5pmg@r.postjobfree.com Linkedin

Professional Experience:

12+ years of experience in Cyber Security Vulnerability Management and Remediation with raising awareness and assist in the enforcement of security policies and regulatory requirements within the organization.

Specializing in implementation and development of security programs. Skilled in identifying infrastructure and application vulnerabilities.

Experienced in documenting and implementing incident response plans, threat intel and application security best practices.

Hands on experience in creating and managing key security metrics & dashboards that measures the VM program

Strong Experience in defining roadmap and program for mitigation of identified cybersecurity risks and implementation of cybersecurity strategy

Strong defense-in-depth principles along the kill chain to eliminate risk and vulnerabilities and improve security controls

Expertise in vulnerability management tools and strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in multiple operating system platforms, database, application servers and cloud.

Strong Experience with core vulnerability management scanning tools (e.g. Tenable, Qualys, etc.).

Strong Experience with web application scanners (e.g. RiskIQ, MS Defender EASM, Xpanse, etc.).

Strong demonstrated experience with Risk Management Framework (RMF) requirements.

Skilled in SCCM operations like SCCM Client Installation, Client remediation, Hardware Inventory, Software Inventory, and software metering.

Expertise in security industry standards and frameworks, such as ISO 27001, NIST Cybersecurity Framework, and CIS Controls.

Developed threat models and risk assessments, in a regulated environment with global privacy regulations

(GDPR etc.).

Extensive experience in cross-functional concurrent project management and co-ordination with various groups including PMO, Stakeholders, Technology, Executive Management, On-shore, Off-shore, Quality Assurance and End-User Teams. Experience in interacting with auditors and regulators.

Over 15+ years SAP R/3(SD, MM, FI-CO, PM, HR) focusing on conceptualizing business needs and transforming them into viable technical solutions with rich understanding of business practice and technology solutions and 2 years in Microsoft technologies.

Certification – Microsoft Certified Professional (Visual Basic)

– Sun Certified Java Professional

Education

• M.C.A (Master of Computer Applications), 1998 Osmania University, Hyderabad, INDIA.

• B.Sc (Bachelor of Science - Electronics), 1994 Osmania University, Hyderabad, INDIA. Professional Experience

Organization Duration Designation / Role

Western Union August 2023 to Present Leader, Attack Surface Reduction Warner Bros Discovery June 2012 to July 2023 Manager, Vulnerability Management Warner Bros Entertainment Inc December 2006 to May 2012 Technical & Security Lead Hewlett Packard August 2003 to September 2006 Senior Consultant Accenture September 2002 to August 2003 Software Engineer ARC Universal Consultants April'2000 to August’2002 ABAP Consultant Sunshine Software Services November’1998 to March’2000 Software Engineer Page 2 of 4

• Current Role Description: Responsible for strengthening the security posture of the Western Union Environment. Oversee the execution of recuring vulnerability scans of WU systems. Responsible for identifying risk in the environment and influencing the information technology teams to remediate that risk. Generating monthly metrics and reports to Senior Management. Professional Experience:

Western Union – Denver, CO August 2023 to Present

Leader, Attack Surface Reduction/Vulnerability Management

• Lead the identification of risk in the environment, focusing primarily on infrastructure vulnerabilities and other control failures.

• Incorporated risk management principles into Security by proactively assessing asset values/loss consequences, threats, vulnerabilities, and countermeasures effectiveness to maximize efficiencies and contain security.

• Created a Vulnerability risk rating based in SNow-VM on Vulnerability Exploit, Asset Zone, Severity, Asset criticality, Compensating controls and mitigating controls on assets.

• Identified key security challenges and opportunities related to VM program and established a strategic roadmap to address them in timely fashion.

• Lead technology vulnerability remediation efforts through cross functional working committees.

• Provided strategic enhancement recommendations to the Attack Surface Reduction stack.

• Created a development plan and long-term strategic plan for each reporting individual

• Took appropriate measures to drive technical risk down in the environment and report to senior management.

• Implemented industry best practices for most effective tactical security practices.

• Took initiative to group and prioritize remediation findings in a manner that increases efficiency.

• Developed trends and high level themes related to lessons learned, and communicated this feedback to security teams, leadership, and the larger information security community.

• Oversee the implementation of and adherence to standardized security tools, templates, and processes to support continuous process improvement across the enterprise.

• Created the business cases and set the roadmap for securing additional data and services needed to address key business issues related to process and solutions design.

• Ensured KPIs are defined, up-to-date, and aligned to higher level organizational KPIs.

• Given insight and influenced the executive management and business leaders on how to integrate security requirements with current systems and business processes across the enterprise.

• Empowered security teams to identify sustainable best practices which aligned with the strategic and tactical goals of cross-functional business units.

• Developed KRI & KPI metrics/reporting for executive management and stakeholders. Warner Bros Discovery/Warner Media – Burbank, CA June 2012 to July 2023 Vulnerability Manager

• Designed, developed, and implemented Vulnerability Management Program which included the deployment and management of the SCCM Patch Management System.

• Manage the entire lifecycle of vulnerabilities from discovery, triage, advising, remediation, and validation.

• Consistent review of established vulnerability procedures to assess areas in need of improvement.

• Developed and maintained server software inventories and managed application whitelisting solutions.

• Performed vulnerability assessments on systems or applications for various units before going live rollouts.

• Participated in the major vulnerability process to coordinate the WM response to critical vulnerabilities like Log4j.

• Triage patch Tuesday releases and make recommendations on required remediations.

• Managed day-to-day vulnerability management services

• Developed processes for reviewing and refining vulnerability findings to reduce false positives and other issues.

• Provided mentorship for prioritizing remediation and mitigation activities using risk criteria such as CVSS, exposure, and asset criticality.

• Ensured vulnerabilities were identified and prioritized to resolve sev 1 and sev 2 vulnerabilities resulting in decreasing the backlog of existing vulnerabilities on network.

• Performed deep-dive analysis of vulnerabilities leveraging data from various sources; analyzed data sources and provided recommendations for optimal reports and providing recommendations on remediation to customer. Page 3 of 4

• Served as an escalation point on issues, dependencies, and risks related to vulnerability scanning.

• Built relationships with client's security team and IT system and application owners to decrease the likelihood of friction or roadblocks.

• Developed key metrics reports, tracking projects, develop corrective action project plans.

• Conducted security vulnerability assessments using multiple vulnerability and penetration tools to evaluate attack vectors, identify vulnerabilities, and collaborate with team leads to develop remediation plans.

• Drove projects cross functionally, build trusted partnerships with other organizations, and work proactively with business teams to ensure security objectives are met.

• Performed vulnerability assessments, penetration tests, and security audits, produced reports of findings, and worked cooperatively with engineers to implement remedial measures.

• Performed daily operational monitoring, analysis, and reporting of security events from multiple Security Information Monitoring tools and methods for malicious or suspicious activity.

• Communicated and escalated issues and incidents as required by process or management.

• Recommended security solutions and processes to improve overall company security.

• Interpreted remediation activity and devised plans for appropriate resolution. Identified potential threats and responded to security violations, determined causes and recommended corrective actions to ensure data security.

• Researched, recommended, and implemented changes to procedures and systems to enhance data systems security, and assist in communicating security procedures to users.

• Identified, prioritized, reported and drove the mitigation of security vulnerabilities via patching and other security remediation efforts to manage risk across critical applications and infrastructure.

• Defined vulnerability management policies, processes, and drove adoption of the vulnerability management program throughout the enterprise.

• Developed program roadmaps and delivery plans for various aspects of the Security Vulnerability Management Program, managed conflict and dynamically addressed the problems to enable effective management and remediation of emerging and known vulnerabilities.

• Worked proactively with application owners across the organization to align expectations around SLAs for remediation and managing the related vulnerability management.

• Participated in Business Continuity and Disaster Recovery planning and design. Warner Bros Entertainment Inc – Burbank, CA December 2006 to May 2012 Project Manager & SAP Tech Lead

Managed various SAP projects as a technical lead for the execution of the projects including development, testing and cutover phases to delivery ensuring alignment with WB’s established methodologies and standards to remediate SAP application vulnerabilities by applying SAP notes and OS Patches. BRM Project (IPM Enterprise Rights)

• Created and managed project plan, Applications matrix, overseeing quality control team to ensure quality of the interfaces are not deviated from their initial designed business functionality.

• Collaborated with business process owners to ensure on-time completion of deliverables and verify that tasks on project critical path were on track as per plan.

• Monitored and reported the progress of the project to the higher management of issues, risks, and change requests.

• Captured key project learning’s and conducted knowledge sharing session with practice teams.

• Managed Unit, integration, and user acceptance testing.

• Manage a team of SAP, Middleware and LOB system on weekly basis, delegate work, and resolve issues to meet weekly goals.

WB Data Privacy Project

Designed and developed the SAP function modules to encrypt and decrypt the data in the Payroll Interface files based on the direction of the interface (Outbound Inbound). Using implicit enhancement developed a code to mask the sensitive data in SAP Financial transactions (FBL3N & FBL5N).

• Developed Data Masking guidelines to be followed in SAP programs which dealt with RPII information. Identified SAP tables, transactions, programs which have RPII information across SAP landscape.

• Copied and developed a custom transaction to view file directory only to the authorized users to access the HR payroll files.

HCM - HR Payroll Integration Project

Page 4 of 4

Managed team of developers to design, develop and implement a custom development process. Remediated TLS related vulnerabilities to connect with 3rd party applications.

• Addressed all SAP app vulnerabilities by remediating before moving to higher environment. Led the implementation of RICEF process, functional and technical templates for RICEF requests. Hired and retained a team of module specialists with varied skills, defining and implementing the SAP development Standards.

• Owned the application development technical process. Provide process training to development team.

• Managed estimations for realization phase and staffing model to align with estimates.

• Participated in business discussion with business functional team in understanding the business requirements. Played a key role by delivering excellent solutions related to the project interfaces.

• Direct oversight of end-to-end solution architecture and integration of SAP system with external applications. PEGA-INCEPTION Project

• Managed overall delivery of the product against an agreed Release Plan. Designed and developed custom programs to send BOM, DLT, CCR, PRICING, MCR and PRODUCT information to PEGA INCEPTION for business to have visibility of the process as whole.

• Designed and developed interface to provide a tracking mechanism for the Purchasing Information Record

(PIR) within SAP, specifically tracking when a PIR was created for a particular FERT.

• Designed and developed to send DIM Licensee Information to PEGA so that WHV can track the progress of Licensees provision of audio and subtitles for in progress disc images as well as past performance of the same.

• Created custom IDOC structures for each interface to send the required information to PEGA. Hewlett Packard: Project DHL Dashboard (Onsite) November 2003 to September 2006 Sr Consultant/Team Lead

• Designing and configuring SAP systems to meet client requirements.

• Developing and maintaining custom SAP solutions, including interfaces, reports, and enhancements.

• Troubleshooting technical issues and providing technical support to users.

• Integrating SAP systems with other non-SAP systems and data sources.

• Designing and implementing data migration strategies.

• Staying current with new SAP technologies and industry trends.

• Collaborating with functional consultants to ensure that technical solutions align with business requirements.

• Supporting the testing and training phases of SAP projects.

• Managing technical aspects of SAP projects, including project timelines, budgets, and resources. Accenture: DuPont September 2002 to August 2003

Developer

• Enhanced the existing transaction as per the new requirement before going to production.

• Developed various reports.

• Created Interactive report for List of Invoice report.

• Created a Classical Report to display Price list report is required to provide the business with the ability to review the current pricing strategies across the entire enterprise.

• Developed a Report to display all materials that go out-of-stock - Only Finished Goods.

• Interactive report which displays all the sales orders for one particular customer, the items order for that particular order, quantity ordered, goods issue date and contact information about that customer.

Contact this candidate