● Lead and manage the product security team in securing Uhana’s AI product.● Implement application threat modiling● Secure Kubernetes K8s Kubernetes in Cloud Environment.● Creates Security tools for product development team using python and bash.● Automate open source vulnerabilities discovery ● Lead the penetration testing effort in Uhana's network AI product using Burp, ZAP, Kali, and others.● Engage in customer security concern and assured them in securing Uhana's AI product ● Perform security code review and automate our SDL with Fortify, Coverity, Sonarqube, IDA, bandit, and others● Lead company wide security effort and best practice and manage Uhana bug bounty program● Onboard Uhana’s product security effort after the company acquisition ● Secure Uhana product in the cloud, container, kubernetes, and build security around the dynamic deployment* Identity vulnerability in Kubernetes cluster using tools like Kubescape, and others. Guide the developers on best approach to resolve detected vulnerabilities

* Lead the security engineering team * Performed manual product source code review to identify a security vulnerability * Implements and integrate security vulnerability detection tools sonarqube and integrate it with bitbucket, and jenkins.* Build ROS embedded project using catkin_make, and CMake and analyze the result for vulnerability* Implement vulnerability scanning tools like flawfinder, bandit, Fortify, Coverity, and pylint, into the development process.* Implement best security practice on AWS infrastructure* Perform penetration testing web application and devices* Research and validate CVE, CWE, Common vulnerability scoring finding in products* Manage company's external bug bounty program* Working with the developer to implement strong encryption for protecting Autonomous vehicle's data* Perform end-to-end penetration testing on the frontend, backend, and the autonomous vehicle. * Creating security tools using python, and Java for assisting the software engineers* Developed secure code best practice training for the developer.* Implementing security best practice to protect robotic data, and controller inside the AWS * Developed threat modeling for the product development lifecycle* Constantly review product source to identify cross-site scripting, cross-site forgery, and potential buffer overflow/heap overflow vulnerability* Developed company-wide infrastructure security best practice* Implemented open source NAXSI, OSSEC, to secured Web Application and robot* Implemented AWS secret manager for managing users and application secrets. Sometime provides input and correction on the implementation of AWS secret manager SDK in AWS secret manager users community

*Testing virtualization platform and client management (virtual center).* Implement testing automation in CAT (continue automation testing) environment using Perl, Python, Java, and shell script*Testing the virtualization platform with remote network storage and virtual storage using automation and manual testing*Testing the Vcenter(cloud) management platform in both IPV4, and IPV6 environment with embedded database or any remote vendor database* Setup Vlan/ networking, IPV4-DHCP, IPV6-DHCP, Jenkins server, for team testing*Develop testing automation in Java using framework like Maven, Github, Nexus, Eclipse, and Jenkins *Create testing Lab, and automation for hybrid cloud testing in IPV6 environment. * Implement vulnerability, and security scenario using threat modeling, implement hacking simulation lab with the integration of the following tools:Kali Linux, Metasploit + Armitage + msfconsole, Burp, and ZAPSecure Database with NGSSQUIRREL, APPDETECTIVESecure Web Application with CENZIC. Understand the message authentication types (CCM and GCM), and why the selection of GCM is much better than the other. Static and dynamic source code Security Analysis using: FINDBUGS, FORTFY and custom tool. Reverse engineer software teardown using JD-Gui, dex2jar, IDA, apktool, smali browser. Analyze network and network security with Wireshark, tcpdump, and Snort. perform product security testing and make sure the developers follow secure coding practice by align them with the company wide secure code practicePen testing using open source tool (Kali Linux, Backtrack, mutillidae, burp, OWSAP SAP), and custom tool. Simulate man in the middle attack between multiples hosts, Vlans, and applications.Testing the web application vulnerability to make sure that the SSL, TLS, and SSO implementation are properly done per OWSAP guideline. Testing for buffer overflow, browser attack, Networking security, Understand the ACL/ACE/JCE

* Develop automation for testing Remedy ARS desktop application in Perl, and Shell script.* Review developer code and provide feedback* Develop remote testing framework in Java for testing Remedy ARS oracle and Sybasedatabase* Contribute regularly, answer partner and users comment on the community website.* Develop tool to assist the users in Java, and upload them for download in community web site* Troubleshooting Java Stacktrace and memory leak, troubleshooting C/C++ crashapplication using dbx , gdb, and other UNIX utility* Perform Pen testing on ARS product using custom tool and open source tools* Develop threat modeling for new features product lifecycle vulnerability management

* Create tool using python for testing VOIP gateway, and billing platform* Performed security review, testing, and assessment for VOIP system* Resolved customer and partner critical issues* Resolved assigned PRs or provide workaround* Assisted partner with remote database (Oracle, Sybase, and MySQL) troubleshooting

Troubleshooting Boeing Aircraft manufacturing software including CAD

Setup and ran Boeing aircrafts computer programming according totechnical specificationsRan, tested and performed programming analysis to reduce errors.Ensured that the programming matched the technical specifications ofBoeing required standardsPerformed quality assurance testing on Boeing software andapplications. Fixed bugs and acted as technical support for theprogramming departmentCross-trained on manufacturing processes; when needed, fixed damagedaircraft parts.Exposed to management and supervisory roles through Boeing rotationalprogramDesigned and implemented my department computer security policy and program.Performed technical support on application and network issues.Homeland Security 2003 I volunteer to help test the biometrics security application for homeland security.

Setup and ran Boeing aircrafts computer programming according totechnical specifications. Ran, tested and performed programming analysis to reduceerrors.Ensured that the programming matched the technical specifications ofBoeing required standards. Performed quality assurance testing on Boeing software andapplications. Fixed bugs and acted as technical support for theprogramming department. Cross-trained on manufacturing processes; when needed, fixeddamaged aircraft parts. Exposed to management and supervisory roles through Boeingrotational program. Designed and implemented my department computer security policy andprogram. Performed technical support on application and network issues.Homeland Security 2003 I volunteer to help test the biometrics security application for homeland security.