Threat Intelligence Incident Response
Resume:
PROFILE
TECHNICAL SKILLS
EXPERIENCE
Collaborated with the CISO to define and execute a comprehensive cybersecurity strategy aligned with business objectives and risk appetite.
Directed day-to-day cybersecurity operations, ensuring compliance with organizational goals and efficient team performance across threat detection, response, and governance functions. Led cross-functional cybersecurity projects from initiation to completion, delivering within scope, budget, and timeline, while maintaining high-quality standards.
Authored, updated, and enforced cybersecurity policies and procedures in alignment with NIST, ISO 27001, and regulatory frameworks.
Identified and mitigated enterprise-wide cybersecurity risks through continuous risk assessments, vulnerability management, and threat modeling.
Acted as the key liaison between cybersecurity and business stakeholders, ensuring alignment, transparency, and efficient incident communication.
RAHUL KHANI
SENIOR CYBERSECURITY EXECUTIVE CISSP CCSK ISO 27001 MBA (IT) CYSA+
+1-952-***-**** *************@*****.***
Cybersecurity leader with 12 years of experience strengthening enterprise security operations, threat intelligence, incident response, and risk management across financial services and government sectors. Holder of CISSP, CCSK, and CySA+ certifications. Proven success building and running Security Operations Centers (SOCs), driving regulatory compliance, and aligning cybersecurity initiatives with business priorities. Led threat intelligence initiatives, improving proactive threat detection by 25%. Oversaw daily SOC operations, ensuring continuous monitoring and rapid incident response. Developed threat profiles that enhanced organizational resilience to emerging threats. Automated response processes, reducing incident response times by 30%.
Partnered with executive leadership to integrate cybersecurity strategies with business objectives. Developed and maintained threat intelligence feeds and IOCs, enhancing SOC detection capabilities and increasing early threat detection rate by 40%.
Integrated threat intelligence into SOC workflows, collaborating with cross-functional teams to strengthen defenses— contributing to a 25% reduction in false positives and faster triage. Conducted in-depth analysis of cyber threats (malware, phishing, APTs), delivering actionable intelligence that improved IR decision-making and reduced average response time by 20%. Developed Threat Modelling and Security Strategy using the MITRE ATT&CK framework, enabling proactive defense and strategic mitigation of high-risk TTPs.
Authored detailed threat reports and executive briefings, influencing leadership decisions and enhancing board-level visibility into the evolving threat landscape.
Consolidated and managed cyber threat data sources, producing weekly threat briefings that informed risk posture and drove prioritization of defensive measures.
Correlated data from OSINT, Dark web, ISACs, and commercial threat intel platforms to identify emerging threats, leading to early detection of two major phishing campaigns. Led process improvements and automation within the SOC, increasing operational efficiency and decreasing incident triage time by 30%.
Maintained comprehensive threat profiles for key threat actors, supporting threat simulations and improving red team targeting accuracy.
Performed in-depth APT group and TTP analysis to proactively defend critical assets, helping avert potential compromise of sensitive data during a targeted campaign.
DEUTSCHE BANK ASSISTANT VICE PRESIDENT - INFOSEC SPECIALIST JAN 2024 - JAN 2025 Cybersecurity Strategy & Leadership: Cybersecurity Strategy, Threat Intelligence, Leadership Development, Executive Advisory
Security Operations & Incident Response: Incident Handling, Crisis Management (BCP/DR), Automation, Blue Team Ops. Governance, Risk & Compliance (GRC): Risk Assessment and Compliance, ISO 27001, NIST CSF, GDPR, TPRM, GRC Archer.
Security Architecture & Infrastructure Protection: Cloud Security, Network Security, Endpoint Security, VPNs, Firewalls, AWS Security Hub, Azure ATP, VPNs, Firewalls, CrowdStrike EDR. Monitoring, Detection & Analysis: SIEM (Splunk, QRadar, ArcSight), Vulnerability Assessment, Malware Analysis, NESSUS, NMAP, BURP SUITE, ZAP
Cloud & Platform Security: AWS Security Hub, AWS Inspector, GuardDuty, Azure ATP, GCP, Chronicle SecOps, AWS Inspector, Guard Duty, Malware analysis
SCHNEIDER DOWNS SECURITY RISK SPECIALIST FEB 2025 - JUNE 2025 CLIENT - MIZUHO FINANCIAL GROUP (NEW YORK)
EXPERIENCE
INDIAN NAVY DEPUTY DIRECTOR INFORMATION SECURITY JUN 2013 - JUN 2023 Served as strategic advisor to the CISO, defining the enterprise information security vision and roadmap, aligning cyber risk strategy with organizational goals and regulatory frameworks. Established and led SOC and NOC operations, overseeing 12,000+ endpoints and 2,500+ network devices, significantly enhancing threat detection, incident response, and forensic capabilities. Reduced incident response time by 50% by implementing a SOAR platform, automating playbooks and minimizing manual error in high-volume alert triage.
Enhanced data protection and access control by deploying enterprise-grade Identity & Access Management (IAM), SSO, DLP, and Vulnerability Management solutions, ensuring compliance with data privacy standards. Strengthened enterprise security posture by deploying a full suite of tools—NGFWs, IDS/IPS, NAC, SIEM (HP ArcSight), EPP, HIPS/HIDS, SCCM, SCOM—which improved policy and patch compliance to 95% and reduced attack surface significantly.
Led disaster recovery (DR) site setup worth $6M (~ 50Cr), resulting in 70% reduction in downtime and ensuring high availability for mission-critical systems.
Directed internal and external audits, revising InfoSec policies to meet compliance requirements and securing ISO 27001:2013 certification for both DC and DR sites. Built private cloud infrastructure for mission-critical defense operations, ensuring secure migration and reducing IT operational costs, increasing uptime, and boosting system performance. Spearheaded Navy’s Red Team operations, leading inter-service cyber exercises and developing custom red-teaming tools to simulate advanced persistent threats (APTs). Led a 25-member security team, defining KPIs, conducting skill development sessions, and fostering a high-performance cyber operations culture.
Integrated SAST/DAST security testing tools into the SDLC, embedding secure coding practices from the design phase, reducing code vulnerabilities early in the lifecycle. MBA - INFORMATION TECHNOLOGY - 2023
BACHELOR OF TECHNOLOGY (IT) - 2013
EDUCATION
CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP) CERTIFICATE OF CLOUD SECURITY KNOWLEDGE (CCSK)
ISO 27001:2022 (LEAD AUDITOR)
HP ARCSIGHT, SPLUNK SIEM
ADVANCED CYBER FORENSICS
ADVANCED NETWORKING
COMPTIA CYSA+
CERTIFIED IN CYBERSECURITY (CC)
ETHICAL HACKING COURSE
CERTIFICATIONS
Established enterprise-wide cybersecurity strategy, reducing risk exposure by 45% and aligning security investments with the organization's business objectives and regulatory requirements. Led implementation of a data loss prevention (DLP) program, resulting in a 60% reduction in sensitive data leakage incidents across email, endpoints, and cloud platforms. Directed third-party risk management (TPRM) initiatives, assessing over 200 vendors, and reducing high-risk third-party exposure by 30%.
Oversaw security governance, risk, and compliance (GRC), achieving 100% compliance with IRDAI and RBI cybersecurity regulations during annual audits.
Implemented zero trust architecture and identity modernization, reducing unauthorized access attempts by 70% and strengthening cloud security posture.
Led board-level cybersecurity briefings, translating technical risks into business impact, driving increased investment in cyber resilience.
Established a threat intelligence and cyber fusion center, enhancing situational awareness and enabling early detection of targeted attacks against critical insurance systems. Orchestrated security awareness programs, reducing phishing click-through rates by 65% and fostering a culture of cybersecurity across the organization.
Implemented DevSecOps practices within GCP-based CI/CD pipelines, integrating security controls (e.g., Cloud Build, Security Command Center, Forseti) and reducing production vulnerabilities by 70%, while accelerating secure deployment frequency by 30%.
INSURANCE DEKHO CHIEF INFORMATION SECURITY OFFICER (CISO) JUL 2023 - JAN 2024
Contact this candidate