Sign in

Manager Security

San Jose, CA
December 02, 2019

Contact this candidate




**** ********* ** *****:// 510-***-**** San Jose, California 95129


Highly energetic customer focused seasoned engineering leader, who blends product strategy, technology, analytical and people management skills, with hands-on style of management to bring many successful products to market. Demonstrated expertise in spearheading key innovations with wide ranging experiences including defining architecture, leading agile innovative products, manage and motivate people to excel. Hands-on result-oriented leader with can-do attitude along with more than 20 years of progressive experience in Cloud and Enterprise Infrastructure and Application Services, ADC L4-L7 services, Network/Cloud/Application Security, Cryptography, SDN/NFV, IoT, DataScience, Storage and Optical technologies. PROFESSIONAL EXPERIENCE

KETOS INC, San Jose, California • 2018 – Present

Vice President, Software Engineering & Analytics (Apr’2018 – Present) Ketos provides users with real-time, actionable data and predictive insights on several water metrics (both volumetric & quality related) through remote, continuous unmanned smart monitoring for water grid management and water safety. Ketos is the one of the 1st in the Industry to integrate Water, Internet of Things (IoT), Blockchain, Full Stack SaaS Platform, AI/ML, Predictive Analytics and Data Science with a comprehensive patented solution of hardware devices (IoT sensor node with AI powered robotics arm for automating laboratory process), secure IoT connectivity and an intelligent SaaS software platform for customer analytics while maintaining the reliability and data accuracy demanded in the Industry. Responsibilities and Achievements,

• Leading a scrum team responsible for highly secure IoT Sensor and Edge Software, Blockchain, SaaS/PaaS Platform on Public Cloud with UI/UX and Mobile, Backend, Big Data, Data Science (AI/ML/NLP), Devops, SRE and QA teams.

• Build and drive the product roadmap by closely working with the CEO and founding team.

• Designed & orchestrated cloud platform architecture transformation from monolith to containerized distributed micro services with the Kubernetes for the massive scale and implemented CI/CD pipeline with Jenkins, Ansible, Chef.

• Architected next generation smart fabric platform on AWS with S3, DynamoDB, Aurora/RDS, Elasticsearch, Redis, SQS/SNS/SES, Kafka, Kinesis Data Streams/Firehose/Analytics, EMR (Spark, Hadoop), ELK, Splunk, ECS, Dockers, EKS, Kubernetes, Angular/Node.js, Flask/Python, TensorFlow, Keras, Ngnix, Java, Ionic/React Native for mobile app

• Leading IoT team to build various connectivity solutions using 3G, 4G LTE, WiFi, LoRaWAN (Sub 1GHz RF) for Battery operated low power sensors with self-power and OTA FW update capabilities along with Gateways for edge analytics.

• Built data science team with multiple PhD’s with research background and launched first AI/ML Predictive Analytics modeler from the ground up.

• Launched iOS and Android apps for Ketos to help accelerate sensors deployment, provisioning and monitoring.

• Spearheading the effort to integrate Ketos sensors w/ Siemens Mindsphere and VTScada platform for the Industrial IoT deployments using OPC-DA, OPC-UA and SCADA/Modbus interfaces with different Operational technology (OT). RUCKUS WIRELESS, San Jose, California • 2013 – 2018


Director, Software Engineering (Dec’2015 – Mar’2018) Group Manager, Software Engineering (Jan’2013 – Nov’2015) Led Ruckus Enterprise Datacenter R&D team (split across three geo sites) of 70+ engineers, managers and leaders who are responsible for distributed platform system software, stacking and forwarding infrastructure, virtualization, security services, programmability & manageability software development along with the federal certifications effort including FIPS 140-2, CC, JITC and USGv6 and product sustaining activity for Brocade’s highly successful Enterprise/Datacenter stackable, fabric enabled L2/L3 switching/routing product line ICX, FCX and SX which generates around 250M revenue per year. My responsibilities include,

• Build and drive the product roadmap by closely working with Product Management and Sales team.

• Manage execution and associated risks of all engineering deliverables.

• Work with Silicon partners to drive and influence ASIC roadmap. Resume

• Manage critical customer escalations and engagement.

• Spearheading product security initiatives by closely working with CISO office for secure SDLC, security audit with penetration testing, designing metrics by adopting UCF and standardize process including addressing OWASP Top 10 vulnerabilities, PSIRT threat response, security compliance/audit and internal/external security assessments .

• Responsible for SDN, NFV, Security, IoT, Cloud and Analytics, open networking initiatives for the product line.

• Leading network visibility and analytics solution which is based on network packet broker that provides network aggregation, filtering, replication, load balancing and monitoring for service providers and mobile network operators.

• Leading In-band telemetry solution using active probes for network monitoring, optimization and automation.

• Spearheading Brocade and Ruckus integration with cloud management (SaaS) solution on Hybrid/Google Cloud with zero touch provisioning where managed VNF’s including SDN controller running on the public cloud and authenticating each devices using PKI/TPM with local certificate management, application visibility, SCI network analytics and cloudpath (NAC) integration to provide seamless wired and wireless experience. Defined the vision for this architecture with self-discovery, auto-provision, self-monitoring, self-analyze, self-correction, self-optimize and auto-reporting capabilities to reduce the complexities for admin. Managed DevOps activities to support large scale cloud services.

• Prepared and managed annual budgets of approximately $2 million for offshore software development. Key Management and Technical Achievements:

• Demonstrated leadership with hiring, retaining, mentoring and managing high performance talent. Scaled teams from 50 to 72 people. Skilled in fostering innovation and empowering talent to unleash full potential.

• Proven record of managing and engineering of cutting-edge products from ground up and defining and delivering strategic technology roadmaps.

• Overhauled the engineering process to improve quality and better align it with business needs. Introduced processes to provide predictability around timing and content of production deploys with detailed design review with gate-keeper team and unit test frame work to reduce the amount of regression defects.

• Successfully transformed the organization from waterfall to delivery focused agile teams incorporating various aspects of SCRUM methodology within a year. Worked with cross functional team to drive the adoption of agile processes and methodologies. Adopted SAFe for large scrum projects.

• Successful delivered Ruckus wired switches and wireless 802.11ac wave 2 access point integration with Multi- gigabit NBASE-T technology (1G/2.5G/5G/10G) and 802.3bt PoE up to 90W.

• Proven track record of pro-actively improving engineering best practices and demonstrating measured improvements in productivity and quality of enterprise grade software products and services.

• Successfully managed several key customer escalations which had CEO level visibility by working closely with the customer and the account team.

• Architected, managed and delivered complex innovative multimillion $ revenue technology products & services from concept to reality of satellite switching (IEEE 802.1BR based distributed scale-out networking clusters with up to 4000 access/TOR ports) with single pane of glass management using OpenStack along with YANG/NETCONF and Restful API Web services which helped to increase the product revenue by 20%.

• Delivered SDN/OpenFlow v1.3.0 hybrid mode development for the data center and access switches which helped to secure multiple new customer base from university and traditional datacenter. Led the effort to implement SDN applications, Flow-aware Real Time SDN Analytics w/DDoS Attack Detection and Mitigation.

• Delivered many enterprise security features from concept including SSL/TLS, IPSec, MACSec, protocol inspection, DDoS attack prevention, sflow, Identity management, NAC (Dot1x, Macauth and webauth using external captive portal), SSO/SAML.

• Successfully integrated ICX product line with Aruba Clearpass policy server and external captive portal which helped to bring multimillion $ revenue from APAC and Americas customers. CISCO SYSTEMS INC, San Jose, California • 2000 – 2013 Senior Engineering Manager (Aug’2012 – Jan’2013)

Led a team responsible for developing L3 forwarding features including QoS and ACL on Cisco’s flagship product Nexus 7000, which is highly modular, scalable datacenter core/aggregation/end of the row switches.

• Led L2 CoS and L3 DSCP based QoS support for Nexus 2000, which is a ToR fabric extender (satellite switch) and it is typically connected with End of the row switches Nexus 7000 or Nexus 5000.

• Led some of the ACL enhancements including WCCP enhancements for load balancing across several WAN web cache engines.

Senior Engineering Manager (Oct’2010 – Aug’2012)

Led a cross geographical team of smart, high caliber engineers and technical leaders who are responsible for developing and delivering various Cloud Security, ADC, Firewall services including fastpath, flow manager, L7 generic protocol Resume

parser, network/cloud security services (NAT, DPI, DDoS Protection, IDS/IPS, WAF, Identity Access Mgmt/AAA), web application acceleration/optimization and platform software development including processor investigation, board

(BSP) and kernel bring up, driver development for Application Control Engine (ACE) product families, which uses Cisco NX-OS. ACE is a multiservice high performance virtualized module for the Cisco Nexus 7000, Catalyst 6500 switches and 7600 routers as well as in appliance form factor (1RU and 2RU) with datacenter L4-7 switching capabilities including Sever Load Balancer, Security, SSL cryptography, PKI, data security and TCP offload, Application acceleration / optimization and compression CDN services.

• Delivered multiple releases and delivered on time with outstanding quality appreciated by upper management.

• Led virtual ACE development effort using agile software development methodologies with multiple sprints, which can be deployed with VMware ESXi 5.0 and 4.1, ESX4.1 and RHEL KVM. This is targeted as an application delivery services platform for the Amazon Web Services cloud (EC2) and provide SaaS for ADC and security services from the public cloud. The vACE software integration with hypervisor includes hardware integration for physical appliance which leverages off-the-shelf UCS rack servers with SR-IOV, VM DirectPath innovation for Intel NIC’s (Niantic, Powerville and Kawela), Cisco converged network adapters CNA (Palo/Sereno/Cruz) and Cavium Nitrox3.

• Delivered virtual ACE and Nexus 1000v (VSM and VEM) vpath integration efforts with UCS C220/240 M3 rack servers.

• Responsible for driving performance optimization for data plane components with Sandy Bridge/Romley architecture. Led cross-functional team effort with series of brainstorming sessions and investigation using various tools including Intel VTune, DPDK, ICC, oprofile, perf etc to conclude on the final approach for meeting L4-L7 performance goals for next generation appliance.

• Led Intel Spring Fountain as well as Cavium Nitrox3 adapter development activities starting from giving requirements, hardware qualification, errata’s review, manufacturing activities, software integration and software testing.

• Led hardware component selection process with close interaction with various vendors including Intel, Cavium, Netlogic, and Broadcom etc and provided External Technical Requirements Document (ETRD) to the ODM partner Foxconn to define the hardware platform and requirements.

• Most recently managed next generation appliance development effort including board bring up with VMware ESXi4.1 and 5.0, WindRiver OS 4.1 with virtualized kernel, platform specific kernel module development, performance profiling with Intel DPDK and improvements for Intel Westmere and Sandy Bridge CPU architecture.

• Led the effort to design fastpath accelerator card and closely work with vendors like Netlogic and Cavium to scale several millions of connections and transactions per second.

• Led the effort to integrate ACE with Cisco Telepresense Exchange System (TXBU) with native SIP and HTTP protocol support. Provided streaming support by proxying and inspecting RTSP flows which uses RTP in conjunction with RTCP for media stream delivery for integrating with streaming media servers.

• Led the effort to add new protocol parsing and deep packet inspection support for FTPS, SFTP, SMTP, Radius/Diameter and enhancing generic protocol parser to support specific applications on top of existing protocols native support.

• Managed offshore virtual team in Saratov, Russia and most of the engineers are responsible for ACE platform software development activities.

Architect, Technical Leader (Mar’2004 – Sep’2010)

As a key architect for ACE10, ACE20, ACE30 service modules and ACE4710 appliances, responsible for defining hardware and software architecture and Datapath, control plane and security services design. ACE30 is most successful flagship product, which is Cisco’s most recent highly secure Application Delivery Controller for datacenter and cloud architecture.

• Responsible for defining ACE30 hardware and software architecture. The hardware architecture responsibility includes providing requirements to hardware and ASIC teams and close interaction throughout the development.

• Led the dataplane team for designing on Cavium Octeon Architecture for dataplane features included very high-speed L4 fastpath, Security features (NAT, DPI, DDoS Protection, IDS/IPS, WAF, Identity Access Mgmt/AAA), complete TCP/UDP proxy to support L7 load balancing, packet inspection with HTTP parsing and SSL termination.

• Led the effort for adding support for various protocols including HTTP, SIP, RTSP, FTP, SCCP, DNS and ICMP on the deep packet inspection engine.

• Involved on the design and development of HTTP, SIP and RTSP protocol parser. And involved on the design and development of inspection application code on QNX, which is in running on the Xscale processor.

• Responsible for enabling IPv6 load balancer support for various protocols and platform software.

• Involved on the design and development of Generic Protocol parsing for ACE, which is similar to FPM (Flexible Packet Matching) in Cisco IOS.

• Involved on the design and development of HTTP header rewrite/insert features for HTTP load balancer.

• Led ACE30 hardware bringup activities including NX-OS bring up with MontaVista Linux kernel 2.6.10, 2.6.18 on Broadcom Sibyte, which is used for control plane processing and Cavium Octeon architecture, which is used for datapath processing, CDE (IPv4 and IPv6 Classification and Distribution Engine) and Verni FPGA (Xilinx) bringup.

• Led ACE30 integration effort with Catalyst 6500 switches and 7600 routers.

• Responsible for low level programming on the Octeon hardware as well as IXP2800 micro engine coding. Resume

• Lead the tiger team to work on core collection improvements, hardware (mips and x86 Processors, FPGA and ASIC) and kernel debugging improvements and various other debug infrastructure improvements.

• Responsible for defining end-to-end system flow control and Quality of Service (QoS). Also responsible for datapath performance profiling and improvements.

• Involved on the design and development of QoS class based policer for connection and bandwidth rate limit for ACE20 hardware on the IXP2800 Network processor with Intel IXP micro code programming.

• Led the effort for design and development of Configuration Manager for the centralized configuration for all features including SLB, SSL, NAT and Security features.

• Involved on the development and porting of software infrastructure for various subsystems and kernel infrastructure from NX-OS/DCOS.

Senior Consultant (Jul’2003 – Feb’2004)

SNAP is a next generation data center blade server/switching platforms with security features like Firewall, SSL termination, VPN and Intrusion detection/prevention systems and Involved on the Authentication/Authorization subsystem design and development for management.

Senior Consultant (Dec’2001 – Jun’2003)

Involved on the ONS15530 (Metro DWDM optical aggregation platform) Fibre Channel driver development for the 1G/2G FC/FICON/ISC storage aggregation and FC aggregation FPGA verification. Involved on the brand new highly modular and scalable next-generation DWDM (ONS15540 - Metro DWDM optical transport platform) development. Senior Consultant (Oct’2000 – Nov’2001)

Involved on the Catalyst 8500 - Layer 3 enhanced ATM switch development including development testing and debugging of RP Redundancy and ATM traffic shaping which supports VBR, UBR, UBR+ and ABR services. NETWORK ASSOCIATES INC, Rockville, Maryland • Mar’2000 – Sep’2000 Consultant (Mar’2000 – Sep’2000)

Involved on the WebShield 300 E-ppliance (Gauntlet6.0 Firewall and VPN) Security Appliance development including development/enhancements of FTP, HTTP and LDAP proxy servers. OTELNET INC, Berkeley, California • Nov’1999 – Feb’2000 Consultant (Nov’1999 – Feb’2000)

Involved on the ONS (One Number Service) development, Interface development between OTelCore and Multiservice connect which is the gateway for the product and the outside world SS7, ISDN, GSM networks. NOVELL, Bangalore, India • Jan’1999 – Oct’1999

Senior Software Engineer (Jan’1999 – Oct’1999)

Involved on the Novell Directory Services (NDS 8) for Solaris/Linux development. Involved on the design, development and performance improvement of Novell LDAP server v3 with SSL to access Directory contents. SAS SOLUTIONS PVT LTD, Bangalore, India • Sep’1997 – Dec’1998 Software Engineer (Sep’1997 – Dec’1998)

Involved on various tools development using C in UNIX for all phases in the Project Life cycle of the Y2k project such as Analysis, Coding, Conversion, Unit Testing and date roll up testing in UNIX, C, C++, and Visual Basic. EDUCATION

• Master of Science in Software Systems from Birla Institute of Technology and Science, Pilani. INDIA

• Bachelor of Engineering in Computer Science and Engineering from PSG College of Technology. INDIA PATENT



Programming Languages C, C++, Python, Java, JavaScript, XML, Restful API with JSON, Perl Protocols/Standards

SDN/OpenFlow, HTTP, FTP, SIP, RTSP, SCCP, SMTP, SSL, TCP, IPv4, IPv6, DNS, ICMP, Fibre Channel, SNMP, Ethernet, FDDI, LDAP, TL1, IPX/SPX, SS7 Protocols ISUP, Routing Protocols (RIP/EIGRP/OSPF/ISIS), AAA (Radius/Tacacs+/Diameter) Technologies

Deep understanding with all layers of enterprise technology architectures like SaaS, PaaS, IaaS, Micro services, BigData/FastData, Clustering as well as enabling technologies like virtualization, LxC, Docker, Node.js, Hadoop, Spark, Ruby, Python, PHP, REST, OpenStack

(Nova, Swift, Neutron) API’s, AWS, NoSQL, SOAP Web Services, Messaging/JMS, Caching, Puppet, Chef, JSON, XML, Java, google protocol buffer, zeromq, redis, kafka, zookeeper, Object Oriented Programming etc.

Contact this candidate