PRANAV NARAIN

Cyber Risk Manager

Location: San Francisco, CA

Tel: +1-832-***-****

E-mail: adxbr8@r.postjobfree.com

Education

Master of Science (M.Sc.),

Information Systems Security -

University of Houston

Bachelor of Technology (B.Tech.),

Computer Science Engineering – NIIT

University

Work Experience

Cyber Risk Manager

Deloitte & Touche LLP

Sep 2018 – Present

Lecturer, College of Technology

University of Houston

Jan 2017 – May 2018

Senior Analyst, Cyber Risk

PricewaterhouseCoopers Pvt. Ltd.

Jan 2016 - August 2016

Specialization

Cyber Strategy Assessment

Governance, Risk and Compliance

Penetration Testing

Threat Modeling and Risk Maturity

Assessment

Network Security

Vulnerability Management/Assessment

Application Security

Security Audits

Certifications / Courses

CISSP

GIAC GPEN

Adversary Tactics: Red Team

Operations Training - SpecterOps

SANS SEC560 Penetration Testing and

Ethical Hacking

AWS Cloud Security training

Lean Six Sigma Green Belt Training

Summary:

Pranav Narain is a Cyber Risk Manager with Deloitte & Touche LLP. He is aligned with Deloitte’s Cyber line of services focused on proactive security. Pranav holds a Master of Science degree in Information Security, concentrating on Vulnerability Management and Risk Assurance from University of Houston; and a Bachelor of Technology in Computer Science Engineering from NIIT University. He is a certified GIAC GPEN practitioner, CISSP holder and has continually enhanced his analytical and problem-solving skills. During his career with Deloitte, Pranav has led Applications security programs, Vulnerability Management, Penetration Testing, Secure Development Review, and currently leads the Offensive Security Testing team for Deloitte US nationally. He has implemented security programs and enhanced Information security postures across Cross Sector industries including but not limited to Healthcare, Technology & Media and Energy Resources and Industrial Control Systems sector. He has received multiple Outstanding Performance awards at Deloitte. Pranav is also an instructor and has guided many undergraduate & graduate students’ towards learning key cyber concepts while provided practical training to help hone the skills required to excel in the cyber security field. Professional Experience:

Threat & Vulnerability Management projects undertaken:

Heavily engaged in Pre-sales activities for Breach and Attack Simulation service offering and built proposal decks, sales sheets, and placemats along with maintaining a strong customer base for continual revenue generation. Built and led the Threat Modeling and BAS practice for Deloitte Cyber

Managed remote testing team, to perform Web application and Network penetration testing - identify vulnerabilities in the web applications and tested network zone separation that can potentially lead to exfiltration of PCI data stored in the internal segmented network

Led Breach & Attack Simulation based attack automation exercises using Safe Breach and define remediation actions to resolve the weaknesses identified based on the Cyber Kill Chain model

Assumed oversight role for Printer based penetration testing and Active Directory penetration testing for a global financial sector firm

Conducted Threat Modeling activities using industry standards and frameworks (MITRE ATT&CK, STRIDE-DREAD etc.) by assessing the threat landscape for the entire application and security infrastructure ecosystem to identify and mitigate issues Application Security projects undertaken:

Led multiple work streams (IS Policies and Secure Software Development Lifecycle, Training and Awareness, Risk Management, Risk Reporting, Security Compliance) for the various applications being implemented by the client as a part of the Application Security Program.

Led a cyber risk assessment of the security architecture and platform with the manager at client. The review was conducted to assess various internal controls that had been put in place. Interacted closely with the CISO and various stakeholders to understand the architecture and assess the risk

Led Network Security based IT audit as Subject Matter Specialist for a major healthcare client identifying key areas of improvement for segmentation of critical zones

Performed controls assessment and deployment activities for SOC 2 Type 1 and 2 Readiness for a client Cyber Governance and Strategy projects undertaken:

Led an assessment for the process control infrastructure and information security program against NIST 800 series and industry leading practices to develop high-level recommendations for closing the gaps identified.

Guided client internal teams to implement NIST SP 800-53 based controls and remediations for key security practices defined within the cyber strategy framework established by Deloitte to meet the goals defined within the organization’s IT 2025 plan.

Security Architecture Design and strategy development along with assessment of current security posture with the intent to promote security culture within the organizational structure and strengthen against latest threats within the cyberspace

Tools

Red Team Operations and Adversarial Simulation - Kali Linux, Cobalt Strike, Covenant, Mimi Katz, Splunk, PlexTrac, Bloodhound, Hydra, Nmap, Wireshark, Nessus, Metasploit, Sherlock etc.

Web Application Security - Burp Suite, Fortify SSC, WebInspect, IBM AppScan, Nikto

Programming Languages - C, C++, Java, MySQL, JavaScript, Python

Contact this candidate