I'm a security expert with over two decades of security consulting experience. Some of my skills are listed below:
Windows Security Expert – Both offensive and defensive techniques
Performed Network pentesting, security code reviews and application risk assessments for customer facing applications at Fortune 100 companies.
Lead and manage security consultants at U.S.Bank to improve security posture of applications, networks, and Mobile applications.
Delivered several million dollars of security services and technology for clients in the financial, retail, healthcare, manufacturing, and utilities sectors.
Performed Red team hacking for many Fortune 500 companies
Introduced security risk assessments and threat modeling techniques into the organization.
Acted as technical authority on security for numerous RFPs and during contract negotiations.
Participated in many PCI Assessments for many small, large and multinational companies and performed gap analysis, consultation, and development of customized solutions.
Audited applications written in multiple languages, including Java/JSP, VB.NET, ASP.NET, C#, C/C++, PHP.
Web Penetration testing to prove Software Security Vulnerabilities with IBM AppScan, Burp Professional, Paros and Manual Fuzzing and Penetration Testing with AppScan and Firefox plug-ins.
Trained, documented and advised application developers in regards to security risks, secure coding best practices, with practical remediation guidance provided to developers.
Drove the adoption of security scanning tools for both development and production use. Tools utilized: Qualys and IBM Rational AppScan.
Trained developers to write secure code using the OWASP software security testing guide.
Found Software security vulnerabilities for clients including: SQL injection, XSS, Cross Site Request Forgery and multiple other vulnerabilities.
Tested many networks and over a thousand Fortune 100 web applications for security issues; tested top company external and internal and penetrated into systems.
Offensive Security Certified Professional (OSCP)
Cisco Certified Network Associate (CCNA)
GIAC GSSP-JAVA Certification
Certified Ethical Hacker (CEH)
Certified Information Systems Security Professional (CISSP)