Milan Bhatia Email & Phone Number

New York, NY, US

• Established a formalized Application Security program by leading the following initiatives:
• Developed and implemented application security policies, standards, and procedures in alignment with industry best practices and compliance requirements.
• Conducted security architecture reviews for critical applications and partnered with Enterprise architects to establish secure design patterns.
• Managed relationships with third-party security vendors and coordinated penetration testing and security assessments of external-facing applications.
• Developed and maintained a scalable and extensible security pipeline library for CI/CD to automate security testing and vulnerability scanning processes (SAST, SCA, IAC, and Container Security).
• Facilitated secure coding training sessions for development teams and provided guidance on addressing security issues during the software development lifecycle (SDLC).

Mclean, VA, US

• Member of the Enterprise Kubernetes team. Check out our open source projects. https://github.com/criticalstack
• Developer for crit, an open source project written in golang to quickly deploy kubernetes clusters https://docs.crit.sh/
• Developer for cluster api bootstrap provider crit, a project for creating and managing workload clusters.
• Contributed to a pull request for cluster api provider aws (capa) that allows a user to specify their own security groups in the AWSCluster spec https://github.com/kubernetes-sigs/cluster-api-provider-aws/pull/1933
• Improved the security posture of Critical Stack by performing penetration tests and advising improvements to authN/authZ, container security, and cloud security controls.
• Led a POC for container network observability/policy using Cilium, an eBPF-based software.

Mclean, VA, US

• Developer for an internal security engine written in golang that is being used by the Capital One CSOC.
• Led a POC on using WebAssembly for a polyglot, plugin-based architecture.
• Configured security logging for Capital One devices and approved AWS AMIs. Worked with various Cyber teams to advise on improvements to Cyber logging.
• Tested resiliency of cloud infrastructure by performing East-to-West failover.

Mclean, VA, US

Developed a rules engine in Node.js that ingests real-time security alerts and automates repetitive tasks performed by CSOC analysts. Primary role was to develop backend applications and deploy them as containerized services using Amazon’s Elastic Container Service.

Mclean, VA, US

Designed and Implemented a bootstrap application for the Chariot Content Management System. Scope of the project was to help customers quickly develop scalable applications that dynamically pull content from the Chariot CMS without worrying about security and authentication. Design followed a loosely-coupled API based architecture with an orchestration.

Performed a technical study of the Signal Protocol while also implementing a messaging service with end-to-end encryption on the Android platform. Also evaluated cybersecurity policy process and frameworks at the federal and enterprise scale with a particular focus on current encryption debates and proposals (“Going Dark Debate,” “Compliance with Court.

Armonk, New York, NY, US

Phase 1: Developed a Java tool that communicates with a set of REST APIs and returns a best matched language supported by our product's server by parsing a client's Accept-Language header according to RFC 4647 Standards found here: https://tools.ietf.org/html/rfc4647Phase 2: Primarily goal was to setup a development environment where microservices running.

Armonk, New York, NY, US

IBM Management Console is a web based application for system administration tasks on IMS and DB2. This project allowed me to acquire development experience in native JavaScript, HTML5, and CSS while utilizing the Dojo GridX framework. Development work involved parsing intricate JSON data from backend servers into JavaScript objects used to populate dynamic.

Blacksburg, VA, US

Involved in the development of a constantly updated website consisting of research projects and faculty information. Other responsibilities include troubleshooting and solving technology-related issues professors and graduate students face in addition to encrypting sensitive data for security purposes.

Armonk, New York, NY, US

Involved in the architecture and development of a web user interface that communicates with backend clients to retrieve JSON data regarding z System information. The JSON data is then parsed from a client into tables that give the user sorting, selecting, and modifying capabilities. Technologies worked with include AngularJS, jQuery, and HTML.

Vinemont, AL, US

As a technical assistant at West Point High School, I was involved in configuring networks using Cisco's Meraki. In addition, I was very involved in configuring and running virtual Ghost clients to download software and make operating system upgrades. I also have experience repairing computer parts, making Ethernet cables, and troubleshooting computer.