During my tenure as a Graduate Teaching Assistant at the University of Maryland, I played a significant role in teaching courses focused on Secure Operating Systems and Applied Cryptography. In this capacity, I facilitated discussions centered on various aspects of OS security, vulnerabilities, and cryptographic principles, thereby enhancing students’ understanding and analytical skills.
Prior to my academic role, I worked as a Security Engineer (holding positions such as Security Champion and DevSecOps Specialist) at Oracle Health (Cerner), where I conducted thorough security audits and spearheaded remediation efforts to address vulnerabilities within the US Veteran Affairs domain.
EXPERIENCE
- Graduate Teaching Assistant - Secure Operating Systems : Jan 2024 - May 2024
- Instructed a graduate-level course on Secure Operating Systems, emphasizing principles, techniques, and best practices for securing operating systems within a Linux environment.
- Provided hands-on guidance to students for implementing security measures in operating systems, utilizing programming languages like C, Python, and Bash scripting.
- Assisted in evaluating and analyzing security mechanisms within operating systems to identify and address vulnerabilities effectively.
- Conducted assessments of student projects, offering constructive feedback to enhance their understanding of secure operating system concepts.
- Integrated theoretical knowledge with practical implementation, emphasizing the importance of security controls reviews and risk assessments in securing operating systems.
- Graduate Teaching Assistant - Applied Cryptography : Aug 2023 - Dec 2023
- Assisted in teaching a graduate-level course on Post Quantum Cryptography, emphasizing real-world cryptosystems and cryptographic protocols.
- Provided hands-on guidance to students in implementing cryptographic programming assignments using languages such as C, C++, and Python.
- Created, assessed, and deconstructed cryptographic systems, offering practical insights into secure cryptographic solutions.
- Evaluated student papers and provided constructive feedback to enhance academic growth and analytical skills.
- Demonstrated the ability to bridge theory with practical implementation, emphasizing the importance of controls reviews and risk assessments.
- Software Engineer (Security Champion | DevSecOps) : Mar 2020 - Jul 2022
- Led comprehensive security audits, encompassing Static Code Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Vulnerability Assessment and Penetration Testing (VAPT). Demonstrated proficiency in evaluating information security controls as a security champion.
- Identified and addressed over 10 critical, 30 high, and approximately 100 medium and low-level Common Vulnerabilities and Exposures (CVEs) within the United States Veteran Affairs domain, documenting findings for remediation.
- Developed and implemented a suite of CI/CD pipeline-integrated tools to streamline vulnerability scanning and deployment checks, resulting in a significant reduction in production environment vulnerabilities.
- Organized and facilitated workshops on secure coding practices, engaging more than 50 developers to promote best practices and enhance risk reduction efforts.
- Software Engineer Intern : Jan 2020 - Mar 2020
- Developed an innovative learning platform designed to encourage continuous learning for a diverse group of 50+ developers. This interactive problem-solving platform seamlessly integrated with an independent backend judgment system for the automatic evaluation of Java and SQL code.
- Software Engineering Intern : Apr 2019 - Jul 2019
- Played a pivotal role in the development of a Patch Updater for servers, employing reverse engineering techniques to optimize runtime binaries within the Java Virtual Machine (JVM). This innovative approach resulted in a significant reduction in testing time, thereby enhancing efficiency and resilience.
- Software Engineering Intern : Apr 2018 - Jun 2018
- Designed and implemented a cross-platform application using the IONIC framework to optimize the Continuous Integration/Continuous Deployment (CI/CD) process, resulting in a significant reduction in deployment time.
Delivered Java Full Stack Development training for corporates like GE, Wipro & Deloitte as a freelance trainer - Aug 2022
EDUCATION
University Of Maryland, College Park, USA
- Master of Engineering in Cybersecurity : Aug 2022 - May 2024
- Relevant Coursework:
- Advanced Hacking of Linux Binaries
- Applied Cryptography
- Hacking of C Binaries
- Machine Learning Techniques Applied to Cybersecurity
- Network Security
- Penetration Testing
- Reverse Software Engineering
- Secure Operating Systems
- Secure Software Construction and Testing
- Relevant Coursework:
Amrita University, Coimbatore, India
- Bachelor of Technology in Computer Science and Engineering : Jun 2016 - Jun 2020
- Relevant Coursework:
- Cloud Security
- Compiler Design
- Data Structures
- Design and Analysis of Algorithms
- Game Theory
- Machine Learning and Deep Learning
- Network Protocols and Security
- Theory of Computation
- Relevant Coursework:
TECHNICAL EXPERTISE
Security Assessment: SAST, DAST, VAPT, Open-Source Analysis, OWASP top 10, Mitre Att&ck Framework, SANS top 25.
Networking: Network Security, Server Networks, IP Protocols, LAN/WAN Switching, Troubleshooting.
Operating Systems: Debian, NixOS, Fedora, Kali Linux, MacOS, Windows Servers.
Cloud/DevOps Technologies: Docker, CI/CD, Web Server, Python, Bash.
Security & Testing Tools: Fortify, Prisma Cloud, Semgrep Code, Veracode, Burp Suite, Tenable.io, Nmap, gobuster, ExtraHop, Metasploit, OWASP ZAP, Netsparker, Postman, Wireshark, etc.
TRAININGs & CERTIFICATIONs
CONFERENCES & MEETUPS
- NIST Workshop on Block Cipher Modes of Operation @ NCCoE - Oct 2023
- PQCrypto 2023 @ UMD - Aug 2023
- OWASP Global Appsec @ San Francisco & Washington D.C - Sep 2022 & Nov 2023
- BSides NoVA @ Virginia - Sep 2023
- Volunteered in 10+ security meetups, conferences & CTFs, while staying up to date on current issues and trends through TL;DR.