🌟 Continued advancing state of cloud security and DevSecOps in new role as Senior Director at Tenable post-acquisition.🚀 Conceptualized and drove development of next-generation attack path analysis capabilities to predict multi-step breach scenarios.🎯 Created product vision and go-to-market strategy for breakthrough attack path analysis technology.📣 Evangelized new technology with customers, analysts, and broader security community through content, events, and campaigns.🔧 Led agile development process to build attack path analysis features within broader platform.🎨 Crafted compelling narratives and visualizations to communicate risk insights revealed through attack path modeling.🔍 Conducted user research and crafted persona-based use cases to optimize utility and ease of use.🔍 Performed competitive analysis and differentiated new capabilities from alternatives in the market.🤝 Forged partnerships with graph database and analytics vendors to enable cutting-edge attack graph capabilities.💰 Developed pricing and packaging strategies to monetize novel value delivered through attack path analysis.🛠️ Pending patent application for innovative solution involving shift left Vulnerability Assessment

🌟 As Co-Founder of Accurics, pioneered novel approaches to cloud infrastructure security and shaped the emerging Cloud Security Posture Management (CSPM) market.🚀 Created the groundbreaking Accurics platform, delivering code-centric security for cloud native infrastructure. Pioneered use of software composition analysis techniques applied to infrastructure-as-code.🔍 Developed Industry's 1st breach path prediction and proactive remediation, analyzing relationships between resources to model attack paths and predict multi-step breaches before occurrence. Has patent pending on this innovative technology.🏆 Established Accurics as the definitive leader in infrastructure-as-code security. Recognized as a Representative Vendor in various Gartner's Papers/Guides for IaC Security.👥 Helped leadership team to build a world-class cloud security team from 5 to over 60 employees. Hired and cultivated specialized talent, instilling a culture of innovation.🛡️ Created techniques to secure cloud native applications using workload protection, intrusion detection, self-healing controls, and immutable infrastructure.🤝 Forged partnerships with leading technology providers.🚀 Guided Accurics from early stage startup through successful acquisition by Tenable in Oct 2021 for $160M🎙️ Shaped the narrative and drove thought leadership as prominent voice advocating novel cloud security approaches. Hosted webcasts, delivered conference talks, authored articles.🔐 Enabled frictionless vulnerability management by unifying asset discovery, scanning, and remediation with DevOps workflows. Reduced mitigation time from months to hours.⚙️ Innovated code-based Remediation (remediation-as-code) to reduce MTTR.🌟 Under my leadership, our open-source project Terrascan was given the power of Open Policy Agent while some of the Accurics technology for IaC scanning was also open-sourced in July 2020, increasing its adoption with stars rising from 500 in July 2020 to 4000 today.

Unique opportunity to build cyber security infrastructure, devsecops and compliance for cloud based product that augments Industrial Cloud and IoT stack. Architected, built and implemented Cyber Security for Energy management and IoT products with Industry focus areas such as Energy Internet, Demand Response ( DROM ) for utilities, Distributed Energy Resource Management ( DERMS ) and Flexibility Management for Energy Providers.Cyber Security Infrastructure. Built Network Security Monitoring ( NSM ) capabilities from ground up.. Built Cloud Workload Protection infrastructure including cloud event monitoring, intrusion detection, protection and response ( self healing).. Built User Access Governance capabilities to monitor access to cloud stack ( AWS services, Kubernetes stack and service mesh).. Implemented UBA ( User Behavior Analytics) and Cloud Security Posture Management. Built Cloud Application Security Monitoring ( egress , ingress, waf )DevSecOps -. Continuous Threat Modeling. SAST, DAST, Vulnerability and Patch Management.. CI/CD pipeline integrated container image scanning.. Centralized secret management using vault.. Config Security scanning for Infrastructure as code (IaC) ( terraform, k8s yml, ansible files, dockerfile ). Pentesting and Adversary Simulation. Digital Forensics and Incident ResponseCompliance. NERC CIP controls implementation and compliance management for Cloud and ICS.. SOC2 compliance readiness, implementation and audit management.. NIST CSF implementation.

Leading Cyber Security Strategy and Vision across Cloud, Devsecops, AppSec, Containers, K8s, ServiceMesh and Industrial Internet of Things (Predix Edge). Responsibilities :- ● Built the industry's first Cyber Kill Chain model for Industrial IoT platform● Implement Threat Modeling and Architecture Risk Analysis practices across software products in mission critical apps ● Performed Breach Path Predictions for Digital Twin Technology● Built cyber security standards, policies and guidelines for Cloud and Devsecops. ● Led Product and Application Security ● Manage Product Cyber Security Risks● Led Vulnerability Management for Containers and K8s● Liaising with Red Team for Adversary Emulation

Advisor for Cyber Security Investments Led by GE Ventures, assisted the Investment Teams in Technical Due diligence, running PoC's and in determining Value Proposition.

CipherCloud, the leader in cloud information protection, enables organizations to securely adopt cloud applications by overcoming data privacy, residency, security, and regulatory compliance risks. CipherCloud delivers an open platform with comprehensive security..Led Architecture for CipherCloud Cloud Discovery Product.Developed Risk Rating models for assessing Cloud App Security,Compliance and Privacy Risks .Led Research on Cloud Vulnerabilities, Breaches and Threats..Led Research on CASB ( Cloud Access Security Broker) .Implemented Web Application Security Framework for Cloud products..Implemented Threat Modeling for Cloud Applications using Microsoft Threat Modeling and STRIDE methodology.Source Code Analysis for Cloud Applications.Dynamic Runtime Analysis for java Based Cloud Apps..Developed CIS Benchmark Testing for Cloud Apps..Led and Developed DevSecOps CI/CD pipeline

Southern Cross Computer Systems (SCCS) is a leading provider of end-to-end IT infrastructure and business solutions in Australia, with offices and delivery centers in Melbourne and Canberra SCCS provides Technology, Product and Enterprise solutions, Consulting ,Managed and Software services to its customers. I work with Consulting Services Team as Security Analyst at Melbourne location.Built and Led Penetration Testing and Threat Intelligence Service LineConducted Network and Web Application Penetration Tests for customers spanning across various sectors such as Finance, Insurance, Telecommunication, Government, Healthcare, Automobile and Venue Management.Discovered a Zero Day vulnerability in Microsoft .Net Platform published by Symantec .(http://www.securityfocus.com/bid/50110)Asian Region Cyberlympics winner. Led Cyber Asset Management for large financial customerImplemented Patch Management, Vulnerability Management,Compliance Management, Configuration Management, SANS TOP 20 Controls.Led Engineering team for Security Automation using SCAP (CCE, CVE, CPE OVAL, XCCDF), JOVAL, MBSA, SCM, SCCM, NESSUS, APPSCAN, SECPOD technologies.Hand Coded Security Automation using Scripting technologies (Javascript,Powershell,Groovy, Python, VBScript)Built Active Directory Audit Automation using ADAUDITPLUS.Developed Webservices using WebAPI, RESTAPI, Xml, Excel,HTML,SQL datasources.Built Security Intelligence Dashboards and Reports Using Jaspersoft Reporting Server, Ireports and Jasperstudio.Developed Situational Awareness Dashboard providing security posture(Unauthorize Apps,Vulnerabilities,Missing Patches, Config Issues,AV status etc) for Enterprise Assets, Business Units, Business Processes (Apps).Delivered IT governance, risk, and compliance management projects

As security software developer with one of the market leaders in providing Integrated Governance Risk Compliance (GRC) solutionsLed the research and development of security content for various standards such as COBIT, SOX, FISMA, HIPAA, NIST, DOD STIGS, ISO 17799, NERC-CIP(SCADA), for RiskVision product.Development of framework for reusable, distributed, robust software components called connectors to collect Risk, Compliance, Threat, Vulnerability, Incident, and Security related information about environment assetsSoftware framework development using vast variety of java technologies as JAXB, JAXWS, SOAP, XML, GROOVY, XQUERY, XSLT, DESIGN PATTERNS, CXF, ANT,ECLIPSEDeveloped integrations for third party security products such as REM, SCCM, EPO, NESSUS, ARCSIGHT, Appscan, DISA, SCAP-OVAL