San Francisco, California, United States
My obsession with computers started at the age of 3, and grew into a hunger to understand and master the art of cyber security by the time I turned 15. Since then, I’ve spent 10 years building security strategies for some of the world’s greatest companies — ranging from hundred million dollar MNCs to billion dollar unicorn companies. I’ve have got few of the World Records on me like becoming a CISO at age of 21 for Largest EV’s in the country, successfully cracking OSCP at the age of 19 and cracking CEH & CHFI at an underage of 15 with special approvals. I’ve functioned as a Chief Information Security Officer and Security Advisor to industry board members of companies from verticals such as SAAS based product companies, and sectors like Logistics, Automobile, EdTech, Pharma, BPOs, Metal & Steel, Oil & Gas. I built CyberSmithSECURE to help corporates and MNCs secure their assets, manage compliances, and ensure no threats stand in the way of their growth. And in the last 3 years, we’ve done exactly that for 200+ companies. I have also: - Been a CERT-IN empanelled auditor. - Been awarded the CIO1000 Award 2021 by Enterprise IT World. - Been recognised as Cyber Soldier 2021 by CyberFrat. - Trained more than 25 thousand plus audience, CIO’s, CISO’s, CEO’s & Corporates in the area of Cyber Security & Emerging Threat Landscape. - Been a reviewing author for various books that are published across cyber industry including Mastering Defensive Security published by packt. - Done certifications including OSCP (at the age of 19), CISA, CCSK, TOGAF, CHFI, CEH & CEH Practical v10. - Frequently been quoted in various newspapers like The Times of India, Mid-Day & various magazines even he participates in various research and CxO Conferences as a speaker or a moderator. - Specialised in handling organisation-wide security including cloud, applications, APIs, and containers. Long story short, I’ve dedicated my life to information security. And I now use my experience and expertise to build and execute cyber security strategies for my clients. If you’re a fellow cyber security professional, I’m sure we can learn a lot from each other, so do connect! And if you want to ensure compliance and complete security for your organisation’s most valuable assets, I've got you covered, so don’t hesitate to reach out.
● As a Director of CyberSmithSECURE I'm engaged in ensuring the client expectations are met and exceeded for all the services we provide. ● We provide quality VAPT reports with support for patching vulnerabilities with revalidation. ● Conduct Red Teaming activities for clients to find the loopholes in the systems and provide best recommendations as per the different client environments. ● Provide consultation and full support for implementing the security laws, regulations, and standards like, the IT Act 2000, ISO 27001, SOC 2, ITGC, PCI DSS, HIPAA, CERT-IN, RBI and SEBI Guidelines. ● Provide Social Engineering Drill service so that companies can understand the level of security awareness the employees have. ● Provide industry-specific security awareness sessions for different levels of employees like, management level, manager level, and other employees. ● Provide support for implementing and maintaining security software like DLP, EDR, CASB, Patch Management Tools, etc. ● Conduct technical audits of Cloud, Firewalls, SAP, Active Directory, Databases and Servers and business-specific applications/software.
● As an adviser, provide valuable insights and practices to follow for improved security. ● Helped in implementing the new DPDP Act 2023 for its clients. ● Provided advice and my expertise to conduct and improve the VAPT to find critical-level vulnerabilities. ● Helped in effectively responding to the incidents with ensuring the reduced impact of the incidents. ● Provides consultation for implementing and auditing different standards like ISO 27001, SOC 2, etc.
● Developed and implemented policies, procedures, and security best practices for employees. ● Conducted Risk Assessment of critical data, evaluated all risks and defined and implemented the Risk Treatment Plans. ● Efficiently implemented ISO 27001 in the organisation and helped secure the Certification without any non-conformities. ● Ensured VAPT was done on all the important applications, networks, and IT Infra with critical-level vulnerabilities. ● Implemented a patch management process to ensure all the major affecting vulnerabilities are patchedpromptlyy. Defined metrics for performance measurement of Patch Management. ● Ensured effective communication between the VAPT team and the developer's team so that vulnerabilities were patched on time and there were no conflicts. ● Configured Security Software Solutions like DLP, EDR, and CASB to monitor the endpoints and respond to alerts appropriately. ● Conducted Social Engineering Drills to find the status of awareness of securityamongn employees. ● Conducted security awareness sessions to get employees aware of the threats and security best practices. ● Prepared awareness posters for keeping them on the desks, walls and cafeteria. ● Conducted Access Control List Review of all critical applications and servers to ensure role-based access control and there are no non-compliances with the access control policy. ● Conducted Red Team activities to find ways of exploiting the systems from a hacker perspective and mitigated all the findings.
● Developed and implemented policies, procedures, and security best practices for employees. ● Conducted Risk Assessment of critical data, evaluated all risks and defined and implemented the Risk Treatment Plans. ● Efficiently implemented ISO 27001 in the organisation and helped secure the Certification without any non-conformities. ● Ensured VAPT was done on all the important applications, networks, and IT Infra with critical-level vulnerabilities. ● Implemented a patch management process to ensure all the major affecting vulnerabilities are patched promptly. Defined metrics for performance measurement of Patch Management. ● Ensured effective communication between the VAPT team and the developer's team so that vulnerabilities were patched on time and there were no conflicts. ● Configured Security Software Solutions like DLP, EDR, and CASB to monitor the endpoints and respond to alerts appropriately. ● Conducted Social Engineering Drills to find the status of awareness of security among employees. ● Conducted security awareness sessions to get employees aware of the threats and security best practices. ● Prepared awareness posters for keeping them on the desks, walls and cafeteria. ● Conducted Access Control List Review of all critical applications and servers to ensure role-based access control and there are no non-compliances with the access control policy. ● Conducted Red Team activities to find ways of exploiting the systems from a hacker perspective and mitigated all the findings.