PRANAV NARAIN
Cyber Risk Manager
Location: San Francisco, CA
Tel: +1-832-***-****
E-mail: adxbr8@r.postjobfree.com
Education
Master of Science (M.Sc.),
Information Systems Security -
University of Houston
Bachelor of Technology (B.Tech.),
Computer Science Engineering – NIIT
University
Work Experience
Cyber Risk Manager
Deloitte & Touche LLP
Sep 2018 – Present
Lecturer, College of Technology
University of Houston
Jan 2017 – May 2018
Senior Analyst, Cyber Risk
PricewaterhouseCoopers Pvt. Ltd.
Jan 2016 - August 2016
Specialization
Cyber Strategy Assessment
Governance, Risk and Compliance
Penetration Testing
Threat Modeling and Risk Maturity
Assessment
Network Security
Vulnerability Management/Assessment
Application Security
Security Audits
Certifications / Courses
CISSP
GIAC GPEN
Adversary Tactics: Red Team
Operations Training - SpecterOps
SANS SEC560 Penetration Testing and
Ethical Hacking
AWS Cloud Security training
Lean Six Sigma Green Belt Training
Summary:
Pranav Narain is a Cyber Risk Manager with Deloitte & Touche LLP. He is aligned with Deloitte’s Cyber line of services focused on proactive security. Pranav holds a Master of Science degree in Information Security, concentrating on Vulnerability Management and Risk Assurance from University of Houston; and a Bachelor of Technology in Computer Science Engineering from NIIT University. He is a certified GIAC GPEN practitioner, CISSP holder and has continually enhanced his analytical and problem-solving skills. During his career with Deloitte, Pranav has led Applications security programs, Vulnerability Management, Penetration Testing, Secure Development Review, and currently leads the Offensive Security Testing team for Deloitte US nationally. He has implemented security programs and enhanced Information security postures across Cross Sector industries including but not limited to Healthcare, Technology & Media and Energy Resources and Industrial Control Systems sector. He has received multiple Outstanding Performance awards at Deloitte. Pranav is also an instructor and has guided many undergraduate & graduate students’ towards learning key cyber concepts while provided practical training to help hone the skills required to excel in the cyber security field. Professional Experience:
Threat & Vulnerability Management projects undertaken:
Heavily engaged in Pre-sales activities for Breach and Attack Simulation service offering and built proposal decks, sales sheets, and placemats along with maintaining a strong customer base for continual revenue generation. Built and led the Threat Modeling and BAS practice for Deloitte Cyber
Managed remote testing team, to perform Web application and Network penetration testing - identify vulnerabilities in the web applications and tested network zone separation that can potentially lead to exfiltration of PCI data stored in the internal segmented network
Led Breach & Attack Simulation based attack automation exercises using Safe Breach and define remediation actions to resolve the weaknesses identified based on the Cyber Kill Chain model
Assumed oversight role for Printer based penetration testing and Active Directory penetration testing for a global financial sector firm
Conducted Threat Modeling activities using industry standards and frameworks (MITRE ATT&CK, STRIDE-DREAD etc.) by assessing the threat landscape for the entire application and security infrastructure ecosystem to identify and mitigate issues Application Security projects undertaken:
Led multiple work streams (IS Policies and Secure Software Development Lifecycle, Training and Awareness, Risk Management, Risk Reporting, Security Compliance) for the various applications being implemented by the client as a part of the Application Security Program.
Led a cyber risk assessment of the security architecture and platform with the manager at client. The review was conducted to assess various internal controls that had been put in place. Interacted closely with the CISO and various stakeholders to understand the architecture and assess the risk
Led Network Security based IT audit as Subject Matter Specialist for a major healthcare client identifying key areas of improvement for segmentation of critical zones
Performed controls assessment and deployment activities for SOC 2 Type 1 and 2 Readiness for a client Cyber Governance and Strategy projects undertaken:
Led an assessment for the process control infrastructure and information security program against NIST 800 series and industry leading practices to develop high-level recommendations for closing the gaps identified.
Guided client internal teams to implement NIST SP 800-53 based controls and remediations for key security practices defined within the cyber strategy framework established by Deloitte to meet the goals defined within the organization’s IT 2025 plan.
Security Architecture Design and strategy development along with assessment of current security posture with the intent to promote security culture within the organizational structure and strengthen against latest threats within the cyberspace
Tools
Red Team Operations and Adversarial Simulation - Kali Linux, Cobalt Strike, Covenant, Mimi Katz, Splunk, PlexTrac, Bloodhound, Hydra, Nmap, Wireshark, Nessus, Metasploit, Sherlock etc.
Web Application Security - Burp Suite, Fortify SSC, WebInspect, IBM AppScan, Nikto
Programming Languages - C, C++, Java, MySQL, JavaScript, Python