• Taught Basics of Ethical Hacking to Bachelor of Cyber security students.• Conducted practical hacking workshops for the students.• Marked student assignments.

• Shadowed and performed manual penetration testing of a variety of Web applications.• Developed industry standard penetration test reports.• Gained experience with Windows Active Directory Authentication Hacking methods such as AS-REP roasting, Kerberoasting and others.• Hands on experience with Active Directory Hacking tools such as BloodHound, mimikatz, crackmapexec, impacket toolkit.• Gained experience with various Metasploit modules and Linux and Windows privilege escalation.

• Performed manual penetration testing of a variety of products by eClinicalWorks including the Electronic Health Record software using Burpsuite. Managed to find critical, high severity and common flaws during the early stages of product development such as in the manual code review process.• Verified the flaws detected by the IAST tool, Contrast Security and SAST tool SONARQube manually.• Reviewed the functional and design specification documents and collaborated with developers to design and develop industry-standard features.• Provided security input at every stage of the Software Development Life Cycle to ensure the security quality of the features being developed.• Collaborated with application developers to validate, assess, understand root cause of the flaw and mitigate vulnerabilities. I have worked with developers in stressful situations such as the Christmas of Log4J RCE vulnerability (Dec 2021). Wrote scripts to detect the vulnerability in the codebase. • Implemented python script to find the path of vulnerable third-party javascript files spread across all the eClinicalWorks products which helped in reducing the manual effort and time of the entire team.• Published a python script on GitHub https://github.com/akshaydeodare/AlternateBOM that feeds Open-source tool OWASP’s dependency-check results to OWASP’s Dependency Track (tools used for security management of third-party dependencies).• Provided On-the-job training sessions about web application security to other employees.