My Work

Skills

From understanding your requirements, designing a blueprint and delivering the final product, I do everything that falls in between these lines.

Cloud Security

Azure, GCP, AWS, OCI, OpenStack; IaaS, PaaS, SaaS,
Hybrid-connectivity; IaaS, SaaS, PaaS; Zero-Trust Architecture;
AWS/MSFT Well-Architectured Framework;
MSFT Cloud Adoption Framework (CAF) ; N-Tier Architecture
MFST Cybersecurity Reference Architectures(MCRA);
MSFT Cloud Security Benchmark; MSFT Security Best Practices
Security for On-Prem - Cloud, Cloud-Cloud, On-Prem - SaaS,
Intra-Cloud.

AKS/GKE Security | Azure ExpressRoute, GCP Private Connect, AWS Direct Connect | Azure Private Link, AWS Private Link, Private Google Access | GCP Private Service Connect | Cloud VPN (Azure, GCP, AWS) | VNET Peering, VPC Peering | VPC Service Controls | GCP Cloud Armor | Azure KeyVault | Azure Firewall premium, GCP Cloud Firewall | MSFT Azure Arc | HSM (Azure, GCP, AWS, 3rd party Escrow HSM) - FIPS 140-2 Level 2/3 | Azure SecureHub | NSG |

MSFT Defender for Cloud, MSFT Defender for Cloud Apps, MSFT for Endpoint, MSFT Defender for Identity | MSFT Purview | MSFT Priva | AppOmni | Prisma Cloud |

Penetration Testing

PTES Framework, OSSTTM, ISAAF

BackTrack, Kali, ParrotOS | Metasploit | NMAP/Zenmap | Burp Suite | OWASP ZAP | Open Source Intelligence (OSINT) | Wireshark | Maltego | Hydra | John the Ripper | SQLMap | MiTRE ATTACK | Snort

API Pentesting | Web/App Pentesting | Network Pentesting | OS/System Pentesting |

Software & Application Security

API Security, Web Application Security, Mobile Application Security, Supply Chain Security, Code Repository Security, Container Security, DevSecOps, Secure SDLC

CheckMarx, Veracode (SAST) | Qualys WAS, HCL AppScan, Synopsis (DAST) | Contrast Security (IAST) | NexusIQ Sonatype (Opensource) | Synk | SonarQube (Code Quality) | Twistlock/Prisma Cloud Compute (Container Scanning) | Manual Code Review | Threat Modeler (Threat Modelling) |
BSSIM | SMART Bear Ready API | Jenkins | GitHub | OWASP Top 10 | SAN Top 25 | STRIDE, PASTA, OWASP Threat Dragon, VAST | OWASP ASVS | OWASP WSTG |

Apache/Tomcat, Liberty, Nginix, Nginix X, IBM WebSphere, Oracle Web Logic, IIS, (Web Server) | Oracle Database, SQL Database, MySQL/MariaDB (Database) | Active MQ, Rabbit MQ, TIBCO Rendezvous, TIBCO EMS, MQTT, JMS (Messaging) | TIBCO BW, TIBCO BE |

Network Security

DDoS Protection, Network Intrusion Detection and Prevention (IDS/IPS), Botnet Protection,

BGP | IS-IS | CDP | OSPF | IGRP | EISGRP | MPLS | VRRP | STP | RIP | NFS /w Kerberos | SMB/CIFS | RADIUS | OpenLDAP | VPN

SFTP | FTPS | NFSv4 /w Kerberos | SMBv3/CIFS or Window Share encryption | SCP | SSHFS | RSH | RSYNC | NAS | SAN | FCoE | Multi-Pathing | RDP /w TLS | Secure JDBC/ODBC | MQTT /w SASL | IBM MQ /w SASL | NTP Security | SNMPv3

Equinix | Imperva | Akamai | Cloudflare | F5 LTM/GTM | CISCO FTD /Firepower | CISCO Umbrella | CISCO ASA | Palo Alto Firewalls | Proof Point | Air Defence (Wireless Security) |

Security Risk Management & Compliance

Qualitative Security Risk Assessment, Quantitative Security Risk Assessment, Rapid Security Risk Analysis, Control Gap Analysis,
KRI/KPI's, Information Security Policies, Control Procedures, Control Standards, Client Contractual Obligations

NIST RMF | NIST 800-53 | NIST Cybersecurity Framework (CSF) | NIST 800-30 | NIST 800-37 | NIST 800-60 | NIST 800-61 | NIST 800-137 | NIST 800-171 | NIST 800-171B | NIST 800- 190 | NIST 800-204 | NIST 800-207 | SO/IEC 27001 | CIS Benchmarks | CIS Critical Security Controls | COBIT | FAIR Methodology | OWASP Risk Assessment Framework (RAF) | HiTRUST |

CMS Interoperability and Patient Access Final Rule (CMS-9115-F) (US) | HIPAA (US) | FISMA (US) | GLBA (US) | SOX (US) | PCI DSS | GDPR (EU) | CCPA (California) | APP (Australia) | DPDPA/PDPA (India) | Cyber Essentials (UK) |

eGRC Archer | ServiceNow | AccessNow | Process Unity | Sharepoint based assessments

ASSET DATA Protection & Security Hygiene

Asset Management, Asset Discovery, Data Protection, Endpoint Protection, Vulnerability Management, OS (Linux, Unix, Windows) Hardening, Mobile Device Management (MDM)

UCMDB, ServiceNow (Asset Management) | Vormetric, Voltage, (Data Protection) | Tripwire, OSSEC (File Integrity Monitoring) | Symantec DLP, GCP Cloud DLP (Data Loss Prevention) | MCAfee MVision, Microsoft Defender for Cloud Apps (CASB) | Qualys Vulnerability Management Scan, Qualys Policy Compliance Scan, OpenVAS, Nessus, Kenna Security STIG (Vulnerability Management) | IBM Guardium, Splunk Enterprise, ELK, Syslog/RSyslog/Syslog-NG, Google Chronicle, GCP Stack driver, MSFT Sentinel (SIEM) | Symantec Endpoint Protection (SEP), CrowdStrike Falcon (EDR/XDR/Threat Protection) | ZScaler (ZeroTrust) | AirWatch, Microsoft Intune (MDM) |

Linux Hardening - Host-based firewalls (Netfilter), TCP Wrappers, Xinetd, RPM, Yum/dnf, SELinux, Auditd, Automount, Zypper, RedHat Satellite/RHN, Local repository, Host-based IDS, NFS /w Kerberos, Samba Security

Windows Hardening - Host based Firewalls automation, Win Registry (Regedit),

Identity & Access Management

Privileged Access Management (PAM), Role-based Access Control (RBAC), Attribute-based Access Control (ABAC), Conditional Access Control, Mandatory Access Control (MAC), Discretionary Access Control (DAC), API Authentication System-System

SAML, OAuth, OpenID Connect, Behavioral Analytics

Okta, Ping Identity, Siteminder, SELinux, AppArmor (MAC) |

My Latest Work