Satish Govindappa

Satish Govindappa Email and Phone Number

Cybersecurity Leader|Application Security Manager | Product Security Architect |Vice President,Chapter Lead CSA-SFO |AI/ML Researcher|Speaker|Freelancer|AI Security Reviewer @ Indrasol
Satish Govindappa's Location
Tracy, California, United States, United States
Satish Govindappa's Contact Details

Satish Govindappa personal email

Satish Govindappa phone numbers

About Satish Govindappa

20+ years of expertise in collaborating with key stakeholders to identify gaps, develop security processes and capabilities to enhance security posture by introducing vulnerability management and automated security tools. Built Application Security Program from scratch.Successfully built and managed a team of 8 for 5 years in performing application security penetration testing, in addition to code reviews, to ensure compliance to security standards and proactively identify vulnerabilities. Ensured timely delivery of quality deliverables.Proficient at guiding teams and sharing knowledge, while spearheading training and workshops. Possesses robust abilities in motivating and developing teams across all project phases. Recognized for exceptional communication skills, collaborative mindset, and fostering a culture of accountability and ownership.Significant expertise in Application Development, ​Threat Modeling​, ​Secure Design Analysis, Secure Code Review,​ Static Code Analysis (SAST), Dynamic Security Analysis (DAST), Penetration testing(PenTest) and Security Automation(DevSecOps).A J2EE Developer turned Application Security Professional with unique ability to understand both the worlds better (Development and Security).Accomplished Enterprise-wide Integration of Dynamic Security Analysis (DAST) on CICD pipeline providing immediate feedback to Developers using Jenkins and Webinspect.Working experience in top companies like Fidelity Investments, TD Ameritrade, DTCC, MindTree, Honeywell and AOL.Chapter Leader, Core Member of Null Security Group and OWASP Security Communities responsible for organizing, conducting and presenting the "meet" on a weekly/monthly basis.Specialties: Threat Modeling, Secure Code Review, Web Penetration Testing, Server Audits, Security Training, Security Automation I'm excited to connect with professionals, innovators, and organizations looking to enhance their security posture. Let’s discuss how I can bring value to your team or project. If you’re interested in collaborating, have an opportunity, or just want to chat about the latest in cybersecurity, reach out to me at hkgsatish@gmail.com

Satish Govindappa's Current Company Details
Indrasol

Indrasol

View
Cybersecurity Leader|Application Security Manager | Product Security Architect |Vice President,Chapter Lead CSA-SFO |AI/ML Researcher|Speaker|Freelancer|AI Security Reviewer
Satish Govindappa Work Experience Details
  • Indrasol
    Principal Security Architecture
    Indrasol Oct 2024 - Present
    Fremont, Ca, Us
    • Directed Cybersecurity Architecture and Engineering at Indrasol, leading a high-performing team in cutting-edge technology threat assessments.• Implemented adversarial defenses and robust input validation for Large Language Model (LLM) models, preventing data poisoning and evasion attacks.• Collaborated with senior leaders and product teams to ensure business-critical architectural design reviews were successful.
    View
  • Synopsys Inc
    Manager (Senior Staff) - Cybersecurity Architecture And Engineering
    Synopsys Inc Mar 2022 - Oct 2024
    Sunnyvale, California, Us
    Led the review of architectural designs and conducted threat assessments for Artificial Intelligence (AI) Machine learning (ML)products and services, ensuring the deployment of secure and scalable solutions while making pivotal decisions regarding their organizational adoptionHighly experienced in conducting rigorous security assessments of LLM (Large Language Model) models, playing a pivotal role in fortifying the realm of natural language processing (NLP) and AI research against potential vulnerabilities. Proficient in evaluating the security posture of various LLM models, including renowned ones like GPT-3 and its variants, to ensure robust defenses and safeguard against potential threats in language processing applicationsDesign, implement and manage the threat-modeling and design review program across Synopsys:Identify security risks through threat modelingIntegrate security into the design processEnhance the overall security of products and servicesDesign, implement and manage the end-to-end vulnerability management program across Synopsys:Continuously assess and manage vulnerabilitiesTrack and resolve vulnerabilities effectivelyAddress vulnerabilities in a timely mannerImprove the vulnerability management process regularly
    View
  • Ice Mortgage Technology
    Staff Security Engineer
    Ice Mortgage Technology Jan 2020 - Mar 2022
    Pleasanton, Us
    Design and Architect application security program across organization.Setup and integrate vulnerability management tool.Perform Security Orchestration and Automation of DAST tool to Jenkins.Oversee the organization's networks to detect and respond to security breaches, employing software like firewalls and encryption programs to safeguard sensitive data. Identify and address vulnerabilities in computer and network systems. Stay updated on the latest IT security trends through research. Generate reports detailing key metrics, attempted breaches, and security incidents. Establish security standards and protocols for the organization. Provide recommendations for security improvements to management or senior IT personnel. Assist computer users in installing and understanding new security products and protocols as needed.Conduct web application security vulnerabilities assessments (review designs, perform pentest, code review, and security checks) through the use of scanning tools / manual checks and notify the appropriate team to take necessary action
    View
  • Spirent Communications
    Senior Security Consultant
    Spirent Communications Nov 2019 - Jan 2020
    San Jose, California, Us
    Perform Application pen-testing of Rest based webapplications busing tools such as Burp, Nmap, Hailstorm. Determining critical vulnerabilities and ensure closure or fixing the issues in limited time by assisting and co-coordinating with the development team. Perform Source code review using tools such as Checkmarx
    View
  • The Depository Trust & Clearing Corporation (Dtcc)
    Senior Application Security Engineer
    The Depository Trust & Clearing Corporation (Dtcc) Nov 2016 - Oct 2019
    Jersey City, Nj, Us
    Perform Security Orchestration and Automation by extensively integrating functional tester developed selenium scripts with security scanning tools like Webinspect or similar DAST tool to Jenkins. Automate security scanning process and provide scan reports on the fly to developer via Fortify SSC.Leverage automated functional testing process and integrate application security scanning into CICD pipeline, which helps in continuous development, testing, appsec scanning and delivery of new codeDesign and implement Security Automation tools for testing, monitoring, and reportingConduct web application security vulnerabilities assessments (review designs, perform pentest, code review, and security checks) through the use of scanning tools / manual checks and notify the appropriate team to take necessary action Independently design, recommend, plan, develop and support implementation of project-specific security solutions to meet tactical and control requirements, as well as propose solution for remediationWork jointly with Development Teams and Architects to periodically review application code and define security posture of applications Assist with application security penetration testing activities, including scheduling, resources, tool execution, and reporting.Identify potential security exposures that may currently exist or may pose a potential future threat.Identification of Free Open Source Software (FOSS) used all over DTCC applications and DTCC vendor applications. Conduct risk analysis, vulnerability testing, Source Code review, License review and penetration testing on identified FOSS applications in DTCCPerform expert advice and guidance to integrate FOSS based applications to development community also assisting in fixing FOSS based vulnerabilities, configure Maven with Nexus repository manager and maintain repository of latest jar files to provide DTCC development community.
    View
  • Tdameritrade
    Security Engineer - Qa
    Tdameritrade May 2016 - Oct 2016
    Omaha, Ne, Us
    Worked in TDAmeritrade on Payrolls of 8Kmiles. Primary responsibilities was to build state of art framework to automate pentest finding using Maven, Selenium, Python and Java technology. This technology was used to do regression testing in QA for all application. This was latest and one of its kind technology in security industry . Other responsibilities were to perform end to end comprehensive security testing with in-depth secure code analyses using SAST and DAST tools like HP’s Fortify and WhiteHat Sentinel to establish technical architecture vulnerabilities in enterprise web based applications by documenting threats and countermeasures and converting them to JIRA tickets.Perform Pentesting by using tools such as Burp, Nmap and OpenVas. Determining critical vulnerabilities and ensure closure or fixing the issues in limited time by assisting and co-coordinating with the development team. Automate critical findings including and not limited to XSS, CSRF and SQL injection using Selenium tool, perform Regression Test using the test cases and ensure old vulnerabilities are not re-introduced.Develop an assessment plan to evaluate the adequacy and completeness of the information system’s security mechanisms, including the controls documented in the system security plan, and measure the degree of consistency between the system’s security documentation and its actual implementation by DAST, SAST and IAST.
    View
  • 8Kmiles
    Programmer Anayst
    8Kmiles Apr 2016 - Apr 2016
    Pleasanton, California, Us
    Understand and get trained on Amazon Web Services (AWS) work on various components like Virtual Private Cloud(VPC) and Elastic Compute Cloud(EC2). Build a web based application using these components and analyze security threats.
    View
  • Fidelity Investments
    Manager - Information Security And Risk
    Fidelity Investments May 2011 - Mar 2016
    Boston, Ma, Us
    Effectively created and managed a team of eight professionals who specialize in conducting secure code reviews. Our goal is to ensure adherence to security standards and proactively detect vulnerabilities. Through my leadership, we have consistently delivered high-quality results on time.Responsible for Security Architecture and Engineering enterprise solutions. Develop security architecture documents and artifacts, guiding Security assessment and making sure all the applicable patterns and processes have been followed including but not limited to Authentication, Authorization, Credential protection (storage, encryption of keys and certs), analysis covering industry cryptographic & hashing standards, Input Validation, Data Sanitization, Logging & Monitoring, File Access Management and provide mitigations and controls where required. Focusing more on application testing; no matter what platform the application is developed in, i.e. - Apache, tomcat , Java, Jboss, J2EE, .NET, etc.... my primary focus is to address risk to the information at the storage level (i.e. - database), information in motion (i.e. - message) and delivery points (i.e. I/O mechanism). Refined, analyzed and documented assessment procedures to determine operation effectiveness consistent with NIST SP 800-53A, Guide for Assessing the Security Controls in Federal Information Systems.Develop Threat model for various Applications, Impact Analysis and recommending mitigation plans. Run ASAP (Application security architect program) program in Fidelity. Primarily based on Secure SDLC with various security layers like Secure Design, Threat Modeling, Static Analysis and Pentesting
    View
  • Fidelity Investments
    Lead - Application Security Engineer
    Fidelity Investments Mar 2007 - Apr 2011
    Boston, Ma, Us
    Successfully built and led a team of 5 in performing application security penetration testing, in addition to code reviews, to ensure compliance to security standards and proactively identify vulnerabilities. Ensured timely delivery of quality deliverables.Performing application security testing for internet/internal applications, using industry standard tools for automated and manual testing.Document findings at an executive level as well as detailed reports for the developers to understand and fix the vulnerability found in the application. Participate in assisting developer to mitigate vulnerabilities.Focusing more on application testing; no matter what platform the application is developed in, i.e. - Apache, tomcat , Java, Jboss, J2EE, .NET, etc.... my primary focus is to address risk to the information at the storage level (i.e. - database), information in motion (i.e. - message) and delivery points (i.e. I/O mechanism). List of most common vulnerabilities found frequetly during web applications reviews are SQL,Xpath,Command Injections, XSS, CSRF, Broken Authentication, Session issues, Buffer Overflows and many more. Security Training and Awareness –develop a cohesive security awareness program in application security.
    View
  • Fidelity Investments
    Senior Software Engineer
    Fidelity Investments Sep 2006 - Feb 2007
    Boston, Ma, Us
    Lead the development of Payment History System as a product owner, conducted interviews with the client and all stakeholders. Collected the requirements, created Epics, identified features and cameup with user Stories. Ran estimation sessions with the stakeholders and identified their priorities. Deployed key exchange and authentication to exchange information across web service. Migrated the application from C++ to Java using J2EE technologies. Used Web Services to handle transaction and Data Retrieval.Responsible to initiate the project, requirement analysis and detailed designing.Did extensive R&D for resolution of various technical issues regarding code optimization for processing performance and network bandwidth performance.Publishing WebServices from server in the form of wsdl files. Enhance overall team accomplishments and competence by planning delivery ofsolutions; answer technical and procedural questions for less-experienced teammembers; teach improved processes; mentor team members
    View
  • Aol
    Senior Developer (On Payrolls Of Mindtree)
    Aol Jun 2005 - Sep 2006
    New York, Ny, Us
    Developed a prototype of the application and demonstrated to business users to verify the application functionality. Developed the Application using Spring MVC Framework by implementing Controller and Service classes. Designed components based on UML by creating Use Case, Class Diagrams and Sequence Diagrams using Rationalrose Tool (RAD) Developed and implemented MVC Architectural Pattern using Spring Framework including JSPs and Servlets.Used ANT automated build scripts to compile and package the application and implemented Log4j for the project. Integrated Spring DAO for data access
    View
  • Honeywell
    Senior Developer (On Payrolls Of Mindtree)
    Honeywell May 2004 - May 2005
    Charlotte, North Carolina, Us
    Responsible for implementing and testing Global Business Dashboard. Worked on various graphical enhancements in the project and came up with some of the best-thought-of visual modifications to GUI. Digitized the process of metrics collection across Regions, Services and Customers. Developed a prototype of the application and demonstrated to business users to verify the application functionality. Developed the Application using Spring MVC Framework by implementing Controller and Service classes. Designed components based on UML by creating Use Case, Class Diagrams and Sequence Diagrams using Rationalrose Tool (RAD) Developed and implemented MVC Architectural Pattern using Spring Framework including JSPs and Servlets.
    View
  • Mindtree
    Senior Developer
    Mindtree Nov 2003 - Apr 2004
    Bangalore, Karnataka, In
    Developed and implemented MVC Architectural Pattern using Struts Framework including JSP, Servlets, Form Bean and Action classes. Created and deployed web pages using HTML, JSP, JavaScript and CSS Implemented Java and J2EE Design patterns like Business Delegate and Data Transfer Objects. Implemented Struts Action classes using Struts controller component.Creating procedure and fine tuning the existing procedure to handle huge amount of transaction.
    View
  • Cerulean Information Technology Pvt Ltd
    Software Consultant
    Cerulean Information Technology Pvt Ltd Nov 2001 - Sep 2003
    In
    Responsible for implementing a set of online tools, which will estimate material requirements for various home renovation activities. Its online estimation engine will provide a detailed bill of material along with recommended suppliers.Developed Entire Server side Functionalities including Caching, Indexing, Scheduling& Searching. Did extensive R&D on Lucene 1.4.3 for Search functionalities, lucene limitations andworkarounds. Setting up test environments and configuring various components of the application using JDBC API to establish connection with MySQL database and configuring.
    View

Satish Govindappa Skills

Java Application Security Sdlc Information Security Management Computer Security Penetration Testing Information Technology Secure Code Review Software Development Security Analyst Agile Methodologies Web Application Security Security Architect Requirements Analysis Unix Web Applications Information Security Hp Fortify Owasp Sql Security Architecture Design Ios Security Ssdlc Information Security Engineering Sans Android Security Nist 800 53 Secure Application Development Training Saml/oauth Cryptography Computer Forensics Iast J2ee Web Services Contrast Security Esapi Security Framework Sast Dast Spring Security Security

Satish Govindappa Education Details

  • Institute Of Management Technology, Ghaziabad
    Institute Of Management Technology, Ghaziabad
    Cyber Security And Cyber Law
  • Bharathidasan University, Tiruchirappalli
    Bharathidasan University, Tiruchirappalli
    Business Administration
  • Indian Institute Of Management Bangalore
    Indian Institute Of Management Bangalore
    General
  • Bharathidasan University, Tiruchirappalli
    Bharathidasan University, Tiruchirappalli
    Master'S In Computer Science Applications
  • Bangalore University
    Bangalore University
    Electronics

Frequently Asked Questions about Satish Govindappa

What company does Satish Govindappa work for?

Satish Govindappa works for Indrasol

What is Satish Govindappa's role at the current company?

Satish Govindappa's current role is Cybersecurity Leader|Application Security Manager | Product Security Architect |Vice President,Chapter Lead CSA-SFO |AI/ML Researcher|Speaker|Freelancer|AI Security Reviewer.

What is Satish Govindappa's email address?

Satish Govindappa's email address is sa****@****mae.com

What is Satish Govindappa's direct phone number?

Satish Govindappa's direct phone number is +192527*****

What schools did Satish Govindappa attend?

Satish Govindappa attended Institute Of Management Technology, Ghaziabad, Bharathidasan University, Tiruchirappalli, Indian Institute Of Management Bangalore, Bharathidasan University, Tiruchirappalli, Bangalore University.

What skills is Satish Govindappa known for?

Satish Govindappa has skills like Java, Application Security, Sdlc, Information Security Management, Computer Security, Penetration Testing, Information Technology, Secure Code Review, Software Development, Security Analyst, Agile Methodologies, Web Application Security.

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Aero Online

Your AI prospecting assistant

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.