Security Operations & Incident Response
InfoSec Data Science/Analytics
With 15+ years of IT experience in large scale environments and with obtained industry certifications, I am interested in pursuing a career in Information Security – security incident response, security operations, analytics, dealing with immerging and advanced threats; security research, using innovative and strategic approaches to revolutionize security posture.
Primary area of interest is Information security Bigdata (information security event log)/Data Science for proactive and automated approaches for improving intrusion detections & incident response, intelligence driven analytics & optimizing SIEM solutions, web application security, malware analysis and Advanced Persistent Threats (APT).
The experience has enabled me to find and address security issues effectively, and efficiently resolve security problems. With having strong network communications, systems & application security (software) background looking forward for implementing, creating, and maintaining information security frameworks for large scale challenging environments. To elevate organization’s security posture to new levels.
Natural assets – Abstract thinking & reasoning ability, analytical, logical, a good problem solver, motivated & self-starter, thrives on challenges & complexity, quick learner, diverse and versatile, innovative/creative, and initiator. Ability to think critically, conceptualize ideas and form own conclusions independently with certainty. Ability to think in patterns and to produce order out of chaos enables me to handle complexities, articulate and see logic in everything.
Personal interest in study, to do research & invention in Cognitive science, psychology, Artificial Intelligence.
Microsoft Certified Systems Engineer (MCSE- NT4) – Year 1999
Cisco Certified Network Associate (CCNA) – Year 2000
Remote Access (CCNP - BSRAN) – Year 2003
Certified Ethical Hacker (CEH) – Year 2006
Completed GIAC Certified Forensics Analyst (GCFA) training. – Year 2008
Completed SourceFire 3D IDS/IPS training. – Year 2010
Completed Network Forensics Training (LMG Security) – Year 2012
OVERVIEW OF TECHNICAL ABILITIES & EXPERIENCE
Security Operations & Incident Response – As an influential and primary individual involved in growing a Security Operations Center from it’s infancy for one of the largest ISPs in the country, I helped in building a security operations center and establishing incident response plan.
Advanced Persistent Threat (APT) – In this role I was the sole individual dedicated to handle Advanced Persistent Threats for Comcast that includes around 150k+ devices. This responsibility included to track, monitor, correlate and analyze security events for identification and mitigation of targeted high-profile cyber-attacks.
In this role I initiated a project of customized APT Correlation & Automation Engine written in perl to gather, normalize and process security events from security log sources (Sourcefire, Fireeye, Lancope, ActiveDirectory etc) to identify malwares, threat actors from network activity footprint, and system events. The design included scalable Google File System’s open source implementation Hadoop (HDFS), NoSql database (hypertable) scalable for bigdata, and perl code for log collection, processing, integrating security intelligence and correlation. The objective behind this creation was to have an intelligent system to do the basic log collecting, processing and correlation in real time; to save man power, and to present meaningful actionable security intelligence for the engineer to do deep diving efficient investigations.
Security Information and Event Management (SIEM) and Custom Correlation Engine, Big Data Analytics.
NetForensics – installation and configuration & troubleshooting - installation of its components (Master, oracle database, Engine, agents, correlation engine), log analysis/real time analysis, incident investigation, incident correlation and vulnerability assessment
eIQ - and configuration of eIQ for security and compliance analysis of network and security devices.
Security tools (Network Forensics / System Forensics / Web-application Security Checks) – Manual application behavior analysis, WebScarab, HP WebInspect, YARA, SourceFire/Snort, Burp proxy, sqlmap, Core impact, Metasploit, Samurai/Backtrack, w3af, nikto, SOAP clients, and many more tools depending on the individual case. Wireshark, IDA Pro, HBGary Responder CE, Mandiant Redline,Volatility and other tools for static and dynamic Malware analysis.
Intrusion Detection - Custom signature writing, Threat analysis, writing custom correlation engines for specific requirements. Highly interested in research and creating innovative new ways of threat detection using automated correlations, integrated threat intelligence, using network and system behavioral analytics.
Web-application Security - Strong understanding & experience of Web-application Security - Interested in web application vulnerability assessments, penetration testing. Ability to identify OWASP vulnerabilities, and conduct penetration testing for well known technologies and known security flaw concepts (XSS, SQL injection, etc).
Server platforms – Linux, Windows.
Networking - Good knowledge of command line interface of Cisco IOS, to configure, monitoring and troubleshooting Routers & switches.
Install, configure and operate Routed WAN and switched LAN (L2, L3) -
Cisco Routers 1700, 1800, 2600, 2800, 3600, 3700, 7200
Cisco Switches Catalyst 1900, 2900, 3550, 5500, 6509 and 6513 core switches
WAN switching – Cisco IGX
Network Security devices - Installation and configuration
Firewalls - Cisco PIX/ASA/FWSM, CheckPoint, Netscreen, Cisco VPN Concentrator 3000
Intrusion Detection Systems - Cisco IDS 4200, Snort/SourceFire, ISS Proventia, Arbor, Cisco Security Agents (CSA).
Protocols – Strong understanding of TCP/IP protocol stack, Routing protocols RIP, OSPF, EIGRP. Switching - VLANs on Cisco switches, VTP (ISL, 802.1q), STP and various features. HSRP on Cisco routers and switches for high availability features.
WAN - Designing IP addressing scheme, Configuring WAN protocols like PPP, HDLC, frame relay on Cisco routers, Implementing, Configuring and troubleshooting Cisco routers for WAN links– E1, ISDN BRI/PRI.
RightStone (A division of, Cornerstone Staffing Solutions, Inc.) - www.rightstone.com
(formally, Valtech Solutions Inc – www.valtech.us)
From Sep 2013 till present - Cyber Security consultant
Working for various projects in Cyber security and security engineering; The consultant role requires involvement in Security Operations responsibilities, web app security, identify and mitigate vulnerabilities, vision, design and create frameworks of security systems to meet the complex security needs, perform analytics on security event data, track and address new and emerging complex cyber threats. Below is the list of projects/clients -
Current Client: Cisco Systems Inc. – www.cisco.com
San Jose, CA
From Dec 2015 till present – Security Consultant
Working for Security & Trust Organization, this role involves working multiple applications (SaaS) implemented on Cisco cloud, AWS, Google cloud, Microsoft Azure, and many other major Cloud platforms, also IaaS and PaaS. This role performs Information/Cyber Security assessment and consultation on various technology products, and development projects. The primary responsibility of this role is to secure the infrastructure, applications and provide guidance to prevent cyber security attacks, and perform assessment to issue security approvals. These projects include various new services and products developed and offered by Cisco Systems Inc, and also the tools, analytics platforms, and development environments hosted required to support Cisco System’s business.
Client: eBay Inc. – www.ebay.com
San Jose, CA
From Oct 2015 Nov 2015– Security Consultant
Working for Global threat Management team’s Security Operations Center (SOC), this role involves researching threats and writing search and optimizing correlation rules for security operations to improve Intrusion Detection.
Client: Hewlett-Packard – www.hp.com / Nationwide Insurance Company - http://www.nationwide.com www.nationwide.com
From Sep 2013 Mar 2015– Security Consultant
Working for Valtech Slutions as a Security Consultant, the client Hewlett-Packard (HP) involved me for Cyber Security Engineering responsibilities for Nationwide Insurance Company in Columbus, Ohio. Primary role of the project is to work with Nationwide’s Infrastructure & Operations (I&O), and Information Risk Management (IRM) to facilitate Cyber Security Roadmap. Play an advisor and strategic role.
High level categorization of tasks –
-Research and design SIEM use cases, identify gaps, optimize, suggest improvements in SIEM infrastructure, and methods of intrusion detection.
-Tuning & optimization of event sources, log sources for improve event log collection for more detail and accurate analysis & correlation in SIEM
-Architected, designed “Defense-in-depth” mechanism for comprehensive utilization of security tools and infrastructure
-Assist in building a security operations center and incident response plans
-Work on setting up Redseal infrastructure, tuning, configuration and optimization; the tool will help in identifying network level security gaps, identify internal and external network level security threats, assist largely in compliances, auditing and risk assessment.
Comcast Corp - www.comcast.com
From 1st Dec 2008 to July 2013
As a Security Engineer, working in Security Intelligence & Prevention Services (SIPS) - Responsible for organization’s service provider infrastructure security, and primarily responsible for Advanced Persistent Threats (APT). Prior to the challenging responsibility of APT offered to me, I was part of Security Response Center (SRC), primarily involved in Incident response, and performing analytics for intrusion detection.
Received “Excellence Award” & “Star Award”- for the initiative towards undertaking advanced infrastructure security assessments to proactively identify security issues for improvement in organization’s infrastructure security
Security monitoring and tools used frequently –
For Vulnerability Detection - NCircle / nmap / WebInspect, and various manual methods & open-source tools depending on the technology
For Intrusion Detection - SourceFire (snort), FireEye, and Arbor (anomaly based detection)
Penetration Testing – Core Impact / Metasploit / WebScrap / Burp / Paros / Sqlmap / Storm and many open source tools.
Log Management – LogLogic, Splunk
For Network Activity Monitoring – Lancope StealthWatch, WebSence, Symantec Data Loss Prevention (DLP)
Reverse Engineering/Analysis – IDA Pro, HBGary Responder CE, Mandiant Redline, Volatility
Day-to-day responsibilities include –
oMonitor & Incident Response, Analyze and respond to security incidents in the infrastructure. Investigate and resolve any security issues found in the infrastructure according to the security standards and procedures.
oActively search for potential security issues and security gaps that are beyond the ability of detection by any security scanner tool. Initiate and develop new mechanisms to address unidentified security holes & challenges.
oPerform configuration updates for user access requests, connectivity requests and security policy change controls. Support & troubleshoot hardware issues, configuration policy issues, business applications performance and availability.
Advanced Persistent Threats (APT) - Analysis, correlation, and tracking of advanced threats, either state sponsored or organized crime. Designed and have been developing a custom correlation engine in perl, NoSQL (hypertable), and Hadoop HDFS specifically for detection of network activity of advanced threats and malwares.
Design & Development of APT Correlation & Automation Engine -
oThe scope and scale of the project is large, it requires a new innovative approach to efficiently address this. Man power is inadequate.
oAll malwares, advanced threats speak IP. Network footprints are primary source of identifying threats. Reach the level of inspection where every packet on the network is examined.
oCollect security events from sources such as – IDS, Active directory, malware analysis tools, network monitoring, web proxy and network activity monitoring tools. Collect and Create Metadata of network activity.
oIdentify the threats, behaviors and objective; track them across longer time frame, multiple event categories and across large number of systems.
oSecurity logs are processed, and stored as “events” with the abstract meaning. Raw logs are not stored, the automated searching and correlation is run on processed events. A machine running 24 hr is more efficient to analyze network & system activity, alert and provide real time picture of the activity as it happens.
oCustom made complex correlation rules will signify the Indicators of Compromise; concept of behavioral IOCs using network activity Meta data, events, communication patterns.
oLet the engineers spend more time on gathering security intelligence, and investigations. Rather than manually going through giant pile of logs.
oSaves expensive investment on commercial products for APT. This solution is scalable, low cost, efficient and high performance.
oSuitable for detecting unknown threats, malwares. Zero Days.
oSecurity intelligence and the knowledge of the environment are integrated in the automation.
oKeeping up with the latest and advanced threats is as easy as to keep the system’s security intelligence, and complex correlations updated. The system will keep on maturing over a longer period of time.
Web Application Security – Designed a methodology and a procedure for active system & web-app security assessments on company’s infrastructure, to be performed proactively, scheduled, and rapid on request. During this initiative elevated Comcast’s web application security posture to a new level.
In recent responsibilities of security assessments assigned to me, I conducted several penetration tests, incident handling and web application assessments for internet facing and internal applications.
oWeb application security holes are unique the application, an effective assessment of a web application requires significant manual examination.
oProactively identify security holes in web applications that are not commonly known, and can not be easily identified using commercial scanning products.
oWeb applications are the front end of the information systems, and are accessible for large and public network, any security hole in a web application is a straight through door way to the protected data.
SecurView Inc. (Sister company of NetCom Systems Inc. – Original Developer of netForensics) - www.securview.com
From 1st Jan 2008 till Nov 2008
As Security Consultant, working on client projects of network, security assessment, designing network and security infrastructure, implementation.
Project: Estée Lauder Companies, Inc - Sep 2008 to Nov 2008
As a part of Global Security Operations (GSO) team, dedicatedly working on Cisco, Juniper firewalls in corporate network for PCI compliance firewall remediation project.
Includes studying the business applications in the corporate network - analyzing the traffic flow and reconfigure the firewalls according to the application need, make them PCI standard compliant.
Project: Fortent Inc, NY and London UK – Feb 2008 to Aug 2008
Network and security assessment – study network structure firewalls, routing, switching, VPNs across the US, Europe and Asia
Provided a new solution of network and security using Cisco ASA, Cisco Routers and Cisco switches to improve network reliability, performance and security
Redesigned WAN and LAN infrastructure with new Cisco devices and MPLS and IPsec VPNs for redundancy, Restructured internal DNS architecture for performance and security, improved network security with segregating segments and adding firewalling.
NetCom Systems Inc. - www.netcom-sys.com
From 3rd Oct 2007 to 31st Dec 2007
As Security Consultant, Providing managed security services (MSSP) using netForensics and eIQ SIM infrastructure; worked on firewalls, Intrusion Detection/Preventions systems, Cisco Security Agents and management center.
Project: SSP Government of Mexico – Nov 2007 to Dec 2007
This project includes remote location of Mexico Government connecting to centralized data center. This implementation has Cisco ASA firewalls, Cisco IPS, MARS to manage Security devices. CAS (Clean Access Server), NAC (Network Access Control).
Amdocs Inc, (DVCI - Development Center India) - www.amdocs.com
From 1st Dec 05 to 24th Sep 07
As a Senior Network Engineer, Managing US telecom clients, service providers, large enterprise, mission critical network infrastructure for high availability and network security build on Cisco and other products. Major part of the job profile is to manage firewalls. This network infrastructure is one of the biggest and critical setups in North America.
Project: Sprint/Nextel and NPI (Nextel Partners Inc) Datacenter Environment
From: April 05, 2006 to May 30, 2006, Champaign IL USA.
And from: August 25, 2006 to October 19, 2006, Champaign IL USA.
This Included Network infrastructure recreation of 1 million dollars investment in devices for Amdocs client Sprint (Nextel) and Nextel Partners. Whole infrastructure based on Cisco devices, More than 150 high end devices, Catalyst 6513, catalyst 6509, PIX firewalls, Firewall Switch Modules (FWSM), Cisco CSS load balancers and Array Encryption and load balancing devices. ACS authentication server, other devices included Cisco Catalyst 5000, 3500, 3750 switches, 2600, 3700, 7200 series routers and Check Point Firewalls.
Each 6500 series switch is equipped with Sup II/Sup720, Network Analysis Module (NAM), Firewall Switch Module (FWSM), Content Switching Module (CSM), Gigabit copper fiber and FE copper modules.
KPIT Cummins Infosystems - www.KPITcummins.com
From Jan 05 to Nov 05
As Security Engineer in Security Operations Center (SOC)
Working on network/information security, as a part of Netcom Systems (SecurView - Security services – www.securview.com). Providing managed security services
Real-time Analysis and defense
Vulnerability assessment (VA), Security policy, and network and security audit
Configuration and management of Cisco IDS, Checkpoint firewall, Snort.
Managing NetForensics SIEM infrastructure - database, master, engine, correlation engine and agent installation, troubleshooting and integration with security devices
Baseline analysis for client’s network and fixing weaknesses of the network infrastructure to protect it.
Achieved Performance Award twice in 2005 for contribution in Security Operations Center (SOC).
TATA InfoTech Ltd. ( On February 20, 2006 Tata Infotech Limited was acquired by Tata Consultancy Services) - www.tatainfotech.com / www.tcs.com
From Jan 04 to Dec 04
As a network engineer behalf of a contractor company InfoTech Network Systems Ltd (www.infotecindia.com).
Project – Exl Services Pune - www.exlservice.com
Provided initial LAN and WAN connectivity - This was using IGX 8430, Catalyst 5500, 3500, 2900 and 1900 switches; 2600, 1700 series routers. Installation of these devices and configuration of the as per clients requirements – VLANS, trunking, remote access using frame relay, Internet connectivity
IGX 8430 – configuration for voice and data connections,
Catalyst 6509 (with SUP 720) core switches for L3 switching, 3500 switches in stacks for L2 switching, VLAN and trunking, STP and its various features.
3745, 2611 routers for WAN connectivity, Frame relay and VPN on routers, HSRP, Policy based routing (PBR).
Cisco IDS 4215 – installation and configuration to detect actual threats.
Checkpoint firewall basic installation and configuration.
Additional configuration as per customer requirement, complete support for network.
Data & Service Management Infotech Company (DSM Infotech co.) - www.dsmindia.com
From Aug 03 to Dec 03
As Senior Network Engineer and manager of Pune (Maharashtra State, India) region.
Project details: Clients were many co-operative and nationalized banks in India. To centralized banking application all branches and zonal offices were connected to datacenter. WAN connectivity setup for co-operative banks - Implementing and maintaining data (WAN) circuits - Leased lines, E1, ISDN PRI, BRI and Cisco routers, RAD and Atrie CSU/DSU, Cisco switches - LAN.
From Oct 2002 to Mar 2003
As network specialist worked on WAN/LAN, Novell for many banking clients
Nortel routers, installing, troubleshooting and maintaining E1, ISDN PRI, BRI WAN network, Novell Netware servers
Indicom Softech Pvt Ltd.
From May 2002 to Sep 2002
As network engineer in Pune, Maintaining network setup of client VIT engineering collage Pune, setup included LAN/WAN, Intel, 3com switches, Wndows NT and Linux servers.
S.S.C. from Maharashtra, India State Board of Education - March 1996 (61%)
Diploma in Industrial Electronics, Pune, India - May 2002 (66%)
Work authorization: H1B
Birth Date: 11th Apr 1981