About
CISM-certified Information Security Manager with 7+ years of progressive experience, specializing in offensive security, AI-driven solutions, and comprehensive risk management. Proven ability to lead end-to-end product security initiatives, significantly reducing vulnerabilities by over 65% and achieving critical compliance certifications (ISO 27001, SOC 2) within tight deadlines. Adept at leveraging advanced cybersecurity strategies and automation to enhance organizational security posture and drive business objectives.
Work
Learnship Technologies
|Information Security Manager
Chennai, Tamil Nadu, India
→
Summary
Led comprehensive product security initiatives and managed compliance and vendor risk for Learnship Technologies, enhancing security posture and operational efficiency.
Highlights
Spearheaded end-to-end product security initiatives, significantly reducing open vulnerabilities from 70 to 24 (65% reduction) within 60 days by integrating AI-powered tools (e.g., GitHub Copilot/Codex) for automated patching.
Achieved ISO 27001 certification in 60 days by implementing automation-driven compliance workflows, streamlining evidence collection and policy alignment without compromising quality.
Closed all critical SOC 2 readiness gaps within 45 days using Sprinto to automate control mapping, continuous monitoring, and audit preparation.
Managed vendor risk assessments to balance business enablement and security, evaluating third-party vendors and completing security questionnaires for customer TPRM requests.
CyberXtron Technologies
|Co-Founder
Chennai, Tamil Nadu, India
→
Summary
Drove the strategic development and deployment of AI-driven and advanced cybersecurity products as a Co-Founder, aligning solutions with critical business objectives.
Highlights
Developed and implemented AI-driven security solutions, leveraging Retrieval-Augmented Generation (RAG) and LangChain to create advanced product use cases compliant with OWASP Top 10 LLM/Generative AI security standards.
Led the development and deployment of advanced cybersecurity platforms, including an External Attack Surface Management system, Brand Management platform, Dark & Deep Web Monitoring, and a Threat Intelligence platform, enhancing overall security posture.
Orchestrated comprehensive security and technical initiatives, ensuring the seamless integration of cutting-edge cybersecurity measures to align with strategic organizational goals and business objectives.
Tata Communications
|Associate Manager - Offensive Security
Chennai, Tamil Nadu, India
→
Summary
Directed offensive security operations, red teaming exercises, and detection engineering initiatives, significantly enhancing enterprise network resilience and threat detection capabilities.
Highlights
Compromised a healthcare enterprise network within 12 days using MITRE-aligned red teaming techniques, identifying critical vulnerabilities and strengthening defense solutions.
Developed over 35 new SIEM use cases to detect zero-day vulnerabilities, ransomware behaviors, and CVE threats, enhancing real-time threat capture.
Engineered a cost-efficient DDoS attack scalable solution using 2,500 cloud instances, simulating L3, L4, and L7 attacks, reducing incident response costs by 30% through critical network vulnerability resolution.
Designed and implemented an External Attack Surface Management system, improving patch management efficiency by 60% through comprehensive asset cataloging and risk prioritization.
Automated alert systems for critical vulnerabilities from social media and dark web leaks, reducing manual effort by 80% and enabling prompt stakeholder notification.
Developed a Python-based classification system using OpenAI and Random Forest algorithms to filter breach messages from Telegram channels, accurately notifying customers of relevant threats.
Ernst & Young
|Consultant - Risk Advisory
Chennai, Tamil Nadu, India
→
Summary
Provided expert risk advisory services, specializing in advanced persistent threat simulations and comprehensive penetration testing across diverse industry sectors.
Highlights
Developed an undetectable phishing infrastructure for credential harvesting and malware delivery, successfully compromising over 45 employee credentials and affecting more than 10 employees within a month.
Conducted extensive VAPT for various sectors, including banking, healthcare, and IT applications, identifying multiple critical vulnerabilities in web, network, and API applications.
Performed static and dynamic analysis on delivery and banking Android applications, executing web application penetration tests following OWASP Top 10 methodology using tools like Burp Suite, Nuclei, and Fuff.
Developed a Python-based Nmap scanner for Cloud VPS, efficiently processing up to 1000 IP addresses in cloud environments and enhancing security coverage across distributed instances.
Conducted Open Source Intelligence (OSINT) operations, disclosing employee email accounts and personal information for an IT company to identify security gaps.
Altran
|Software Engineer - Security
Chennai, Tamil Nadu, India
→
Summary
Executed vulnerability management and penetration testing on internal web applications and infrastructure, ensuring compliance and delivering actionable risk reports.
Highlights
Executed penetration tests on internal web applications, identifying critical issues such as access control weaknesses, business logic flaws, and security misconfigurations.
Conducted comprehensive vulnerability assessments on servers, network devices, and infrastructure, ensuring compliance with security baselines.
Delivered detailed reports outlining business risks and impacts of identified vulnerabilities to facilitate informed remediation strategies.
Education
VSB Engineering College
→
Bachelor of Engineering
Computer Science
Awards
Xtra Mile Award
Awarded By
Tata Communications
Awarded for the successful completion of a Red Team Engagement within a challenging 12-day timeframe, demonstrating exceptional performance and efficiency.
Hi5 - Individual Performance
Awarded By
Tata Communications
Recognized for successfully evading the Anti-DDoS solution during a critical security exercise, showcasing advanced offensive security capabilities.
I am Exceptional Award - Team Performance
Awarded By
Ernst & Young
Acknowledged for outstanding performance on the Advanced Persistent Threat project, contributing significantly to team success and project objectives.
Certificates
Certified Information Security Manager (CISM)
Issued By
ISACA
Certified Red Team Professional (CRTP)
Issued By
Pentester Academy
Certified Ethical Hacker (CEH - ECC3916527804)
Issued By
EC-Council / Zybeak Technologies
Juniper Networks Certified Internet Associate
Issued By
Juniper Networks
Skills
Security Product Management
Product Strategy, Product-Market Fit, Feature Development, Customer Pain Point Analysis, Product Security Initiatives.
AI Security
LLM Pentesting, Generative AI Pentesting, OWASP Top 10 LLM, Retrieval-Augmented Generation (RAG), LangChain.
Penetration Testing
Web Penetration Testing, Mobile Penetration Testing, API Penetration Testing, Network Penetration Testing, Vulnerability Assessment & Penetration Testing (VAPT), Burp Suite, Nuclei, Fuff.
Red Teaming
Infrastructure Attacks, Active Directory Attacks, Ransomware Deployment Techniques, MITRE ATT&CK, Red Team Simulations.
DevSecOps
Cloud Security (GCP, AWS, Azure), CI/CD Pipelines (GitHub), SAST, DAST, IAST, SCA, Secret Detection.
Social Engineering Attacks
Phishing, OSINT, Vishing, Credential Harvesting.
Automation
Python, Shell Scripting, Terraform, AI-Powered Tools (GitHub Copilot/Codex), OpenAI Models, Random Forest Algorithms, Automated Workflows.
Compliance & Risk Management
ISO 27001, SOC 2 Readiness, Vendor Risk Assessment, Third-Party Risk Management (TPRM), Audit Preparation, Vulnerability Management, Patch Management, Incident Response, Threat Intelligence.
Security Operations
SIEM Use Case Development, DDoS Mitigation, Ransomware Analysis, External Attack Surface Management, Brand Management Platform, Dark & Deep Web Monitoring, Breach Detection.
Security Tools & Methodologies
Sprinto, Nmap, OWASP Top 10, Static Analysis, Dynamic Analysis.