Responsible for Product Security of Datto's Backup and Disaster Recovery (BCDR) and the SaaS Backup solution (Backupify) . Responsibilities include Secure architecture, Threat Modeling, source code reviews, Pentests, fixing vulnerabilities in code, prioritizing vulnerabilities for fix with various teams, integrating security in the SDLC pipeline, facilitating SOC2 control implementation etc. Headed Datto’s Appsec initiative modeled after BSIMM and the Secure Architecture and Threat Modeling function

Pentest engagement manager for Bridgewater. In addition to conducting internal pentests, I was also responsible for managing external pentests for Bridgewater.Also doubled up as a Risk Architect for Bridgewater where responsibilities included Threat Modeling and Risk Management.

• Provided Security and Risk Management consulting for various strategic initiatives including Private and Public Clouds, Mobile Applications, Mobile Device Management etc.• Designed the Security Controls framework for Mobile and Web Applications. Developed a tool for automating Security Non-Functional requirement generation and led an effort to map it to existing Architecture and Design Patterns.• Pentest/Ethical Hack program Lead. Pentested more than 150 applications (web, mobile and thick-client) for MassMutual and its subsidiaries and provided remediation guidance to developers.• Conceptualized and provided requirements for automating investigation of suspicious emails that led to a streamlined process and efficient use of available resources. • Partnered with the risk team to assess inherent risk and collaborated with stake holders to implement appropriate controls to ensure that the residual risk conforms to the organizations risk appetite.• Partnered with Incident Response team to investigate various information security events and other malicious activities.• SME for Mobile and Web Application Security Standards.• Developed the guidelines document for Application Security.• Developed the “Weekly Threat Report” article for the Chief Information Risk Officer and his leadership team.• Developed actionable Application Security and Pentest Metrics for governance.

• Performed multiple network and application penetration tests for clients.• Provided gap analysis, secure architecture reviews and vulnerability management consulting.• Trainer for the “Secure Software Development” training class for developers at Goldman Sachs, NY.• Facilitated technical scoping calls in partnership with Account Managers for prospective clients.• Won 3rd place in Symantec Cyber War Games - 2012.

• Performed security reviews of 250+ web and thick client applications.• Developed and implemented audit policies and procedures for inspection and audit department of a major public sector bank in India • Performed asset based risk ranking, gap analysis, risk assessments & management and security awareness training as part of ISO27001 certification for a major software firm based in Boston.• Designed secure network architecture for WAN and LAN for a central bank in India.• Performed penetration testing of 500+ network systems.• Performed vulnerability assessment for multiple networks, hosts and applications including mail servers, web servers, DNS servers, firewalls, routers, switches, web applications, mobile applications etc.