➨ Triaging Security Issues: Efficiently review and prioritize security vulnerabilities reported by researchers across multiple programs on platforms like HackerOne. Categorize issues based on severity, potential impact, and exploitability, enabling clients to address the most critical vulnerabilities first.➨ Coordinating with Clients: Work closely with clients to manage their bug bounty programs, helping them understand reported vulnerabilities, advising on remediation steps, and providing strategic insights to strengthen their security defenses. Maintain clear and consistent communication to ensure alignment on priorities and resolutions.➨ Engaging with Researchers: Act as the primary liaison for security researchers, ensuring prompt and professional responses to their submissions. Build strong relationships by providing constructive feedback, recognizing valuable reports, and fostering a positive and collaborative environment.➨ Validating Vulnerabilities: Conduct thorough technical validation and reproduction of reported issues to confirm their accuracy and severity. Offer clear, detailed explanations and proofs of concept to clients to help them grasp the associated risks and impacts.➨ Maintaining Program Integrity: Uphold the integrity and quality of vulnerability reports by enforcing program rules and guidelines. Assist in managing the scope and focus of bug bounty programs to ensure they align with clients’ security objectives.➨ Improving Program Efficiency: Analyze trends and patterns in reported vulnerabilities to identify recurring issues, providing actionable recommendations to clients for enhancing their security posture and optimizing their programs.➨ Documentation and Reporting: Prepare detailed, well-organized reports on vulnerabilities, triage processes, and resolutions for internal tracking and client communication. Contribute to developing security guidelines, best practices, and training resources for clients and their teams.

➨ Triaging and Prioritizing Security Vulnerabilities: Efficiently review and prioritize security vulnerabilities reported by researchers on platforms like HackerOne. Assist in categorizing issues based on their severity, potential impact, and exploitability to help the team and clients address the most pressing security concerns effectively.➨ Client Collaboration and Support: Work closely with clients to provide insights on reported vulnerabilities and support them in understanding the associated risks. Offer guidance on standard remediation steps and ensure clear communication to align on vulnerability resolution and program improvements.➨ Researcher Engagement and Relationship Management: Act as a key point of contact for security researchers, ensuring timely responses to their submissions. Provide constructive feedback and foster a positive relationship to encourage high-quality reporting and maintain the program’s reputation within the researcher community.➨ Validating and Documenting Vulnerabilities: Conduct technical validation of reported vulnerabilities to verify their accuracy and severity. Prepare concise documentation and proof of concept (PoC) reports for validated issues to assist clients in understanding the risks and taking appropriate action.

➨ Co-Founded the Seasides Information Security Conference: Played a key role in establishing and launching a premier security conference in Goa, India, aimed at fostering a vibrant cybersecurity community and providing a platform for knowledge sharing and collaboration.➨ Spearheaded Conference Planning and Execution: Organized all aspects of the conference, from conceptualization to execution, including speaker selection, agenda setting, logistics management, and overseeing the overall event flow to ensure a seamless experience for attendees.➨ Secured Sponsorships and Partnerships: Successfully identified and engaged with potential sponsors, securing funding and resources needed for the conference. Built strong relationships with industry leaders, vendors, and community partners to support the event and provide value to participants.➨ Managed On-Site Operations and Team Coordination: Handled end-to-end conference operations, including coordinating with volunteers, managing speaker sessions, and addressing on-site challenges to ensure smooth and successful event delivery.➨ Enhanced Community Engagement and Outreach: Developed targeted marketing and outreach strategies to promote the conference, leveraging social media, industry networks, and community forums to increase attendance and foster a strong community presence.➨ Implemented Innovative Event Features: Introduced innovative features such as Capture the Flag (CTF) competitions, live demos, and interactive sessions to create a dynamic and engaging environment that encouraged learning, networking, and collaboration among participants.

➨ Facilitated the Bug Bounty Village, providing a platform for bug bounty researchers and InfoSec professionals to share their experiences and knowledge.➨ Created an interactive learning environment focused on bug bounty, report writing, and collaborative skill development.➨ Organized and delivered a series of talks and hands-on training sessions to enhance participant engagement and learning.➨ Promoted community participation through awards and recognition, encouraging continuous growth in bug bounty research.

➨ Skilled in conducting security testing across a range of environments, including Web Applications, Thick Clients, Network Security, and Web Services.➨ Adept at providing both tactical and strategic guidance, along with detailed remediation advice, to assist clients in establishing robust security measures.➨ Proficient in security risk management, governance frameworks, and compliance, including IT Security Audits and log reviews. Experienced in Vulnerability Assessment, manual Penetration Testing, Application Security, Security Technologies, Incident Response, and overall Security Assessment.➨ Knowledgeable in Cloud Security, specifically AWS, with a solid understanding of Technology Risk Management, Disaster Recovery, Business Continuity, and IT Regulatory Compliance.➨ Experienced in performing both static and dynamic analysis testing for Android and iOS applications.➨ Well-versed in OWASP Web and API top 10, as well as SANS 25 Frameworks.➨ As a team lead in information security, adept at managing the end-to-end flow of security projects, including comprehensive reporting and team coordination.

➨ Led red team operations, simulating advanced persistent threat (APT) scenarios to assess and improve the security posture of Xerox organization by identifying critical vulnerabilities.➨ Developed and executed sophisticated attack methodologies, including phishing, social engineering, and lateral movement techniques, to evaluate defense capabilities and response mechanisms.➨ Provided actionable insights and strategic recommendations to security teams, enabling them to bolster defenses against real-world cyber threats.➨ Coordinated cross-functional teams, ensuring comprehensive end-to-end red teaming exercises, from reconnaissance and exploitation to post-exploitation and reporting, driving measurable improvements in security resilience.➨ Created playbooks for application security testing, red teaming tactics.➨ Presenting red team findings to CISO and relevant departments.

➨ Manage the team deployed on client projects and identifying the process gap/technical gaps.➨ Work on client feedback and focus on project execution with excellence. ➨ Working on reviewing application code against the secure coding baseline and practices.➨ Provide required reports to management and client Handle the project as well as BAU operations➨ Perform Web applications, Thick-client Applications, Mobile Applications, API and Network➨ Penetration Testing with Automated Tools and Manually.➨ Have Hands-on Experience in OWASP top 10 and Complete threat Modal.➨ Analyze data, such as logs or packet captures, from various sources within the enterprise and conclude past and future security incidents➨ Application Security - Threat modeling, Source Code Review and Delivering Report.➨ Performed the static and dynamic analysis testing of Android and iOS application.➨ Proficient in identifying various core Mobile vulnerabilities like Deep linking exploit, Local file stealing using LFI, Local SQL Injection, Abusing WebView XSS, Bypassing application workflow➨ Developing security tools to automate (Using python and bash) the penetration testing process➨ Mentoring junior colleagues in information security➨ Network vulnerability assessment & manual penetration testing tools Nessus, Nmap, Nexpose, Metasploit and Armitage.➨ Web Application Penetration Testing.➨ Configuration Audit of Network Devices & Operating System➨ Worked on cloud environments such as AWS, GCP, Azure and Ali Cloud;➨ Worked on security risk management, security governance framework and compliance (IT Security Audit/log review), Vulnerability Assessment, Penetration Testing (Manually)

➨ Web Application Penetration Testing.➨ iOS and Android application pentesting➨ Involved in setting up the process for vulnerability management.➨ API Penetration Testing.➨ Worked on cloud environment such as AWS, GCP, Azure and Ali Cloud;➨ Network vulnerability assessment & manual penetration testing tools ➨ Nessus, Nmap, Nexpose, Metasploit and Armitage.➨ Configuration Audit of Network Devices & Operating System➨ Worked with the developer team to fix the reported issues.➨ Delivering security testing report to a client➨ Source code analysis Manual and automated using Checkmarx

➨ Web Application Penetration Testing.➨ API Penetration Testing.➨ Network vulnerability assessment & manual penetration testing tools ➨ Nessus, Nmap, Nexpose, Metasploit and Armitage.➨ Configuration Audit of Network Devices & Operating System➨ Worked with the developer team to fix the reported issues.➨ Delivering security testing report to a client➨ Source code analysis Manual and automated using Checkmarx

BugZee soldering Village is there to teach soldering and basic electronics in the most creative and fun way possible. Since hackers love bugs, we took inspiration from nature and OWASP logo to make an electronic rendition of a bee. We call it BugZee and it's our tribute to the OWASP community. Its entirely made out of electronic components and stands tall on its resistor legs. When soldered and powered to life, it moves around making a buzzing sound and glows wings in the dark. It's very intuitive and not too technical for anyone and everyone who wants to learn to solder or just wants to have a physical rendition of OWASP hacking bug.

➨ Performed in-depth Web Application and API Penetration Testing to uncover vulnerabilities.➨ Conducted comprehensive network vulnerability assessments and manual penetration tests using tools like Nessus, Nmap, Nexpose, Metasploit, and Armitage.➨ Audited the configurations of network devices and operating systems to ensure security compliance.➨ Collaborated closely with development teams to address and remediate identified security issues.➨ Delivered detailed security testing reports to clients, offering insights and recommendations.➨ Executed both manual and automated source code analysis, leveraging tools such as Checkmarx for thorough review.

➨ Performed Web Application and API Penetration Testing to identify security flaws.➨ Conducted network vulnerability assessments using manual penetration testing techniques and tools like Nessus, Nmap, Nexpose, Metasploit, and Armitage.➨ Audited configurations of network devices and operating systems for security compliance.➨ Collaborated with development teams to resolve and mitigate reported vulnerabilities.

➨ Conducted Web Application and API Penetration Testing as a Security Researcher to uncover vulnerabilities and assess security posture.➨ Performed network vulnerability assessments utilizing manual penetration testing tools such as Nessus, Nmap, Nexpose, Metasploit, and Armitage.➨ Executed thorough Configuration Audits of network devices and operating systems, ensuring adherence to security standards.➨ Collaborated with developer teams to address security issues and implement robust fixes, contributing to continuous security improvement.