Nikhil Gore Email and Phone Number

• Identify gaps in policies and standards of acquired entities using GDPR, NIST CSF , COBIT and recommend improvements in security systems and procedures.• Conducted Cyber security maturity assessments using NIST Cyber Strategy Framework.• Perform CMMC Control Testing of the enterprise and applications by verifyingevidences.• Creating weekly status reports to present to the management.• Present security metrics to the management during management review meetings. • Performed security assessments for OneLogin SSO, Netskope CASB, Global Protect VPN Posture Checks and Palo Alto Firewalls and worked with multiple IT stakeholders to remediate the security gaps to enhance the security posture Mobile device management, UEBA, IoT security, Data Protection solutions. • Support the implementation and maintenance of new security solutions, participate in the creation and maintenance of policies, standards, baselines, guidelines and procedures. • Creating custom WAF rules in AWS WAF service.• GRC head for an acquired entity.

• Perform System Criticality Assessment on business needs and decide Cost, RTO, RPO and dependencies of the application.• Co-ordinate with Application team and perform Risk Assessment on the application based on ISO27001 controls.• Work on Access Control Policies for the application. List out all roles and check for SOD Violation. Perform Access Validation for the application.• If the application is based on Defense then based on the data types used by the application perform NIST 800-171 assessment on the application.• Design Disaster Recovery plan for the application by taking note of the Servers and Databases of the application and Business Requirements.• Performed Penetration testing of various AWS cloud services like IAM, DynamoDB, EC2 instances and Lambda and help implement best practices based on the associated risks.• Involved in creating and fine tuning custom threat detection rules in the SIEM tools.

• Check compliance of all infrastructure devices like Servers, Client and Developer machines by applying Centre for Internet Security Controls (CIS).• Identify the reason for non-compliance by checking if there are any phantom accounts, guest accounts, vulnerabilities that require patching, OS version, Firewall and Antivirus in the end machine is out of date• Send the list of non-compliant assets to respective teams and guide them and the remediation process.• Achieved 90% compliance• Monitoring Security alerts generated by SIEM, Analyzing SIEM alerts by following runbooks and using various tools. • Generating tickets for validating • Assist the team lead in generating weekly report