Post Job Free

Resume

Sign in

Security Engineering

Location:
Portales, NM
Salary:
fnhy
Posted:
October 15, 2020

Contact this candidate

Resume:

Blockchain

Mary Jennings **** Eagles Nest Drive Sacramento CA 95814 adgztn@r.postjobfree.com 530-***-****

*Looking for Fully Remote Roles Only*

Ajay is a senior cyber security professional offering nearly 15 years of experience that includes both leadership roles and technical experience in software development, penetration testing, and compliance. As a Co-founder of LedgerOps, Ajay’s responsibilities include developing and executing business strategies, aligning teams, and leading project engagements. His technical security expertise includes blockchain, network traffic/malware analysis, behavioral security analytic development, vulnerability analysis, penetration testing, threat hunting, protocol analysis, and security assessments.

Ajay’s career history includes ten years at the Department of Defense. He also leads the Government Blockchain Association Cybersecurity Working Group where he brings together disparate groups of people to tackle tough ideas around Blockchain Security.

Authorized to work in the US for any employer

Work Experience

Penetration Tester, Architect, Blockchain Security Tester

LedgerOps Inc

September 2018 to Present

• Security Architect - Developed LedgerOps cloud-based testing infrastructure used to support all security testing activity that features redundant and secure connections with the ability to quickly deploy appliances into any customer infrastructure.

• Penetration Testing - Manage and perform security testing for federal and commercial clients to include penetration testing, web application testing, vulnerability scanning, and static source code analysis.

• Blockchain Security – Perform security testing for blockchain applications to include penetration testing of applications, nodes, wallets, etc. Also, perform static source code reviews of framework, wallet, client, and smart contracts to identify and vulnerabilities.

Penetration Tester and Lead Compliance Assessor

Stratus Cyber LLC

November 2016 to Present

• Penetration Testing - Performs Red Team Penetration Testing for web applications, external/internal networks, wireless networks, and social engineering for federal information systems. Performed in-depth dynamic application and system testing for commercial and federal clients to reveal security flaws leveraging diverse tools sets.

• Technical Security Training - Designed, developed, and maintained a virtual enterprise lab network for hands- on security training. Developed and taught a series of trainings on topics that included Linux/Kali Linux Basics, Networking and Scanning, Web Application Testing, Database Testing, and tool trainings for IBM App Scan, Nessus, Qualys, McAfee SIEM, and Kali Linux.

• Security Architecture - Designed, implemented, and managed full security programs for clients to include security training, phishing assessments, network security, endpoint security, and company security policy.

• Security Assessment and Authorization - Perform IT Security Assessments for federal information systems and applications leveraging NIST SP 800-53 and other federal security directives. Assessed diverse systems to include web applications, network devices, Linux platforms, database management systems, financial systems, and enterprise content and management applications. Reviewed and assessed agency-wide security controls

as well as external service providers and critical interconnections and interfaces.

• Independent Verification and Validation - Provide technical expertise to the OCC to remediate security findings discovered during security assessments. Analyze secure configuration baselines, vulnerability scans, firewall configurations, router configurations, and encryption configurations for adherence to agency and industry security standards including FIPS 140-2. Leverage technical knowledge of encryption standards and protocols, network protocols and topology, and operating systems to ensure effective and rapid remediation of security risks and vulnerabilities.

• Blockchain Security – Perform security testing for blockchain applications to include penetration testing of applications, nodes, wallets, etc. Also, perform static source code reviews of framework, wallet, client, and smart contracts to identify and vulnerabilities.

Principal Software Developer

Proteus Technologies

May 2015 to November 2016

• Cyber Threat Analytic Development - Developed streaming behavioral analytics to detect advanced cyber threats in defensive and offensive environments globally. Collaborated with Cyber Threat analysts to identify emerging threats and difficulties in identification. Developed sophisticated behavioral analytics that identified malicious activity. Tested, optimized, and deployed streaming analytics to high-speed sensors. Performed rigorous performance testing, resource optimization, and analytic refinement to maximize analytics effectiveness and efficiency.

• Software Development - Designed and developed novel capabilities for rapidly developing and deploying analytics to remote sensors and retrieving remote data in Agile development environments. Created custom web applications with Ruby on Rails, JavaScript, AJAX, and jQuery that provided analytics and visualizations.Designed and implemented two-way data communication from the Web Application to remote sensors to enable deploying of analytics, monitoring of health and wellness, and retrieving analytic results. Executed production software deployments employing regression, functional, and acceptance testing.

• Systems Engineering - Managed several CentOS machines hosting Apache web servers, Ruby on Rails web applications, and custom streaming analytic software.

Developer

Galaxy Solutions LLC

January 2014 to January 2016

• Secure Website Development - Developed and supported secure WordPress Content Management Systems for several customers. Implemented security technologies such as web application firewalls, automated backup services, and identity access management into websites. Provided incident response and remediation for hacked websites.

Cyber Threat Analyst, Signal Analyst

Department of Defense

June 2005 to May 2015

• Computer Network Defense - Defended sensitive government networks from cyber espionage, crime, and threats. Analyzed threat vectors, vulnerabilities, and risks. Performed deep packet analysis, network traffic analysis, malware reverse engineering, network mapping, open source research, and social engineering analysis to analyze various cyber threats/actors. Used Hypothesis Testing techniques supported by data analysis to develop the Tools, Techniques, and Procedures (TTPs) of identified threats. Developed technically detailed reports, diamond models, and cyber kill chains of threats to share with the community. Developed and launched defenses against identified threats to include IP blacklisting, signature-based defenses, and behavioral analytics. Created sophisticated analytic automations to rapidly identify advanced threats.

• Cyber Threat Analytic Development - Developed streaming behavioral analytics to detect advanced threats. Deployed analytics to sensors globally for offensive and defensive use cases. Filled gaps in signature-based detection through development of custom behavioral analytics.

• Malware Reverse Engineering - Captured and triaged malware traversing sensitive government networks. Analyzed malware using virtual machines, Wireshark, Windows Sysinternals, IDA Pro, Olly Dbg, and in-house tools to determine registry/system changes, call back domains, and other malicious behaviors. Leveraged identified characteristics to aid in the characterization of cyber-threat TTPs.

• Network Analysis - Mapped and characterized global adversary networks. Utilized a deep knowledge of network protocols and router configuration analysis to characterize networks. Developed custom BASH scripts that performed advanced protocol correlations across disparate data sets utilizing Linux command line tools (sed, grep, et al.) and Tshark.

• Signals/Protocols Reverse Engineering - Diagnosed, processed, reverse engineered, analyzed and characterized wireless, satellite, and fiber communications. Used tools such as down converters, modems, receivers, spectrum analyzers, and oscilloscopes to diagnose and process raw communication signals.Leveraged data analysis and mathematical techniques and tools to reverse engineer signals. Analyzed bit streams to reverse engineer known and unknown protocols and performed further characterizations. Developed custom signal and protocol processing modules in C. Created documentation and presentations on newly developed analytic techniques and software for unknown signals/protocols.

• Systems Engineering - Integrated a behavioral streaming detection engine into a globally distributed architecture on a Linux Platform. Designed and implemented various components of the system to include infrastructure monitoring with Nagios, process management with Monit, software version control with Git, data visualization with Splunk.

Research Intern

NASA Goddard Space Flight Center

August 2005 to June 2006

• Signal Processing - Developed a damage detection algorithm and GUI for space shuttle heat shielding. Processed thermal images of shuttle tile with developed image processing algorithm in MATLAB to identify location of damage. Applied for a provisional patent for the algorithm.

Education

B.S. in Electrical Engineering

University of Maryland College Park - College Park, MD

Master's in Cybersecurity

University of Maryland-College Park

Skills

Cybersecurity (10+ years), Penetration Testing (3 years), Compliance (3 years), Blockchain (3 years)

Links

http://linkedin.com/in/ajay-chandhok

https://ledgerops.com/articles

Certifications/Licenses

CEH

December 2018 to December 2021

CNDA

December 2018 to December 2021

Certified Blockchain Security Professional

Groups

Cyber Security Working Group Leader

October 2017 to Present

• Lead a working group focused on the cybersecurity issues in blockchain. Working on the development of a Security Authorization (ATO) process for blockchain systems in partnership with federal agencies and commercial enterprises. Develop blockchain security training resources for compliance and technical areas.

DHS Public/Private Analytic Exchange Program

April 2014 to September 2016

• Led a subcommittee on the Importance of Small and Medium Business (SMB) Cyber Security for the Public-Private Analytic Exchange Program (AEP). The AEP is a program sponsored by the Department of Homeland Security’s Office of Intelligence and Analysis (DHS/I&A), on behalf of the Office of the Director of National Intelligence (ODNI) that facilitates collaborative partnerships between members of the private sector and experienced IC analysts. The subcommittee engaged diverse public and private organizations to discuss the policy, political, economic, technical, and social issues surrounding cyber security for SMBs.

Publications

Blockchain Assessment and Authorization

https://www.gbaglobal.org/resources/listing/assessment-and-authorization-of-blockchain-systems

2018-10

Blockchain technology continues to gain attention and generate excitement throughout industry and Government. This emerging technology has the potential to disrupt current business practices, by streamlining many government business processes and instituting trust within the process itself, but with this change comes risk. Security is a major concern for both Government and Government partners. The goal of this paper is to provide insight and considerations to promote and inspire discussion regarding the process of assessment and authorization of blockchain systems for use in Government, how it aligns with the current FISMA requirements and NIST frameworks and how it can address blockchain systems and applications.

Additional Information

SKILLS

• Tools: Nmap, Netcat/SoCat, BEEF, Wireshark, Metasploit, BurpSuite, PowerShell, Nessus, Nmap, Splunk, Snort, McAfee SIEM, IBM AppScan, Qualys, Sophos, Trend Micro, Core Impact

• Languages: Ruby, Python, Ruby on Rails, Javascript, JQuery, Bash, Web3.js

• Protocols: IP, TCP/UDP, DNS, SSH, SSL, IKE, ISAKMP, BGP, OSPF, SMB, NetBIOS, HTTP, FTP, DHCP, Telnet, RTP, SIP, SMTP, SNMP, ICMP, IGMP, ARP, REST, RPC, LDAP

• Operating Systems: Windows, Ubuntu, RedHat, Centos, Kali, Debian

• Regulatory & Compliance: NIST Special Publications (SP), DISA STIGs, CIS Benchmarks, OWASP, FIPS 140-2, HIPAA, PCI-DSS, GDPR

Publications & Whitepapers

• 2018 Blockchain Security Threat Report – LedgerOps

• Assessment and Authorization of Blockchain Systems – Government Blockchain Association

Media, Panels & Interviews

• Panelist – Is simplification the future of Cyber? – Future of Technology Summit - April 8, 2019

• Podcast – Securing Your Blockchain – HackerCulture.FM - March 14, 2019

• Presenter - NRC Hack - What is Blockchain? October 31, 2018

• Panelist - Tysons2050 – Cybersecurity & Blockchain - October 24, 2018

• Panelist – Blockchain East - Enhancing Enterprise Security with Blockchain - October 10, 2018

• Presenter - GBA Reston and GBA DC - Blockchain Security - 2018

• Podcast - Blockchain Security – Blockchain360 - July 10, 2018

• Panelist - NOAA Cybersecurity Day - Blockchain and Cybersecurity - May 2, 2018



Contact this candidate