O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Resume of Naresh Raghupatruni

161 visualizações

Publicada em

10+ years of overall IT experience out of which 8+ years is in IT Governance, Risk and
Compliance, Information Security solution Design, Develop, Deploy, Systems Audit, advisory
and consultancy to large clients across globe
 Experience of working Vulnerability Assessment, Penetration Testing (VA/PT), IT Risk
Assessment, Business impact analysis (BIA) and Regulatory Compliance activities.
 Experience in to Design, Develop, Implement, Review and Fine-tune, Information
Security/ BCM (BCP/DR) Solutions, Policies, Controls, Standards, Procedures and
Organizational Information Security Posture

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Resume of Naresh Raghupatruni

  1. 1. Page 1 of 1 NARESHKUMAR RAGHUPATRUNI +91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA Experience Summary  10+ years of overall IT experience out of which 8+ years is in IT Governance, Risk and Compliance, Information Security solution Design, Develop, Deploy, Systems Audit, Cyber Security, advisory and consultancy to large clients across globe  Experience of working Vulnerability Assessment, Penetration Testing (VA/PT), IT Risk Assessment, Business impact analysis (BIA) and Regulatory Compliance activities.  Experience in to Design, Develop, Implement, Review and Fine-tune, Information Security/ BCM (BCP/DR) Solutions, Policies, Controls, Standards, Procedures and Organizational Information Security Posture Skills Summary Industry Automobile & Manufacturing, Health-Care & Pharmaceuticals, Semiconductor, Retail, Oil Refinery, Energy, Government (India) and Media Programming Languages Knowledge on Python, Java Operating System / DB/ERP Version Windows, Linux, Knowledge on DB- RDBMS and SAP Technical  Perform Vulnerability Assessment (On-demand and scheduled)& Penetration Testing  Perform Information Security Risk Assessments  Perform Information Security gap analysis  Conduct business impact analysis (BIA)  Identify key risk areas (i.e. vulnerabilities with associated risks and security gaps)  Review regulatory compliance requirements  Perform systems audits & Checklist Preparation  Perform Vendor Risk Assessments  Identify the control requirement  Develop information security metrics Functional  Establish and oversee information security posture of the organization which includes policies, procedures, standards and guidelines.  Presenting and communicating the overall information security posture and metrics to steering committee  Perform Information Security assessments throughout the organization periodically  Implementing & Maintaining ISMS (as per ISO 27001:2013)  Design and review information security solution related to IT GRC (Governance, Risk and Compliance)  Developing, Reviewing and Updating the security policies,
  2. 2. Page 2 of 2 NARESHKUMAR RAGHUPATRUNI +91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA processes, procedures including IT BCM (BCP/DR)  Design, Develop and Reviewing Cyber Security Solutions  Ability to learn and understand the Organizations information security assessment controls  Design, develop, test, fine-tune and implement information security controls  Conducting Information Security Awareness Trainings to All Levels of Employees  Engage with pre-sales team to provide information security GRC solutions as customer requirements. Information Security Regulatory and Compliance Framework/IT Governance, Risk and Compliance (G RC) Applications and Vulnerability Management, Penetration Testing and Cyber Security Solutions Information Security Framework ISO 27001:2013 ISMS, ISO 31000 (Information Risk) and ISO 22301 BCP, CoBIT, CIS Security Bench Marks, COSO ERM. Information Security Regulatory and Compliance SOX 302 & 404, PCIDSS, HIPAA. IT GRC Applications R-SAM (user level), Archer (user level) & Open pages (user level). VA/PT Tools QualysGuard, Tenable security center (Nessus), HP Web Inspect, Accountix, Zenmap, Angry IP Scanner, eEye Retina, McAfee Vulnerability Manager, AppScan, Core Impact, Critical Watch Fusion VM and Kali Linux. Cyber Security SIEM, Net-flow Analyzer, Real-time Packet Inspection, IPS, VA, Web and Email Security, Anti-Virus, Database Security, Threat Intelligence and Cyber forensics Document Version Control Borland StarTeam Virtualization & Cloud Knowledge on Private, Public and Hybrid cloud model, Virtualization and Cloud Security Professional Certifications/ Trainings Certifications ISO 27001:2013 IRCA Lead Auditor – ISMS (Information Security Management System) ITIL v3 Foundation QualysGuard vulnerability and compliance management Trainings attended Certified Information Systems Security Professional (C.I.S.S.P) Certified Information Systems Auditor (C.I.S.A) Certified in Risk and Information Systems Control (CRISC) Ethical hacking, Penetration Testing and Cyber Forensics
  3. 3. Page 3 of 3 NARESHKUMAR RAGHUPATRUNI +91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA Work Experience Project 1 Project Name Central Board Of Direct Taxes (CBDT), Gov. of India Team Size 3 Start Date November 2015 End Date December 2015 Project Description Project Insight is to “Develop a comprehensive platform for effective utilization of information to promote voluntary compliance, deter noncompliance, to impart confidence that all eligible persons pay appropriate tax and to promote fair and judicious tax administration.” Build and host the Project Insight application and related software components on the server infrastructure at the facility of existing CBDT Data Centre at New Delhi, India. The DC shall comply with at least Tier-III standards and TIA-942 norms and it includes the various projects components certified for ISO 27001, ISO 20000 and ISO 22301 Role & Contribution  Define the scope of ISMS according to ISO 27001:2013  Identify ISO 27001:2013 control objectives  Identify ISO 27001:2013 controls  Designed the ISMS implementation according to ISO 27001:2013 Tools ISO 27001:2013 framework Project 2 Project Name False Positive Removal Service - Chevron EAST US Team Size 2 Start Date December 2015 End Date January 2016 Project Description Chevron EAST required to develop a process for eliminate/remove false- positives during vulnerability scanning. Role & Contribution  Understand the client requirement  Identify the requirements for eliminate/remove false-positives  Design the process for false-positive removal Tools BeyondTrust Retina, HP WebInspect Key Achievements Successfully designed process for eliminate false positives and handover to Chevron. Project 3 Project Name NESA Compliance – Bunduq UAE Team Size 3
  4. 4. Page 4 of 4 NARESHKUMAR RAGHUPATRUNI +91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA Start Date February 2016 End Date March 2016 Project Description The overall objective of this project which includes the IT/OT environments to have consultancy to: • Implement NESA IAS (Information Assurance Standard) controls for IT/OT. • To mitigate the risks identified during an earlier NCRMF compliant risk assessment exercise. Role & Contribution  Understand the client requirement  Understand NESA compliance Entity level, Sector level and National level  Identify the requirements according to NESA compliance  Design the audit process for NESA compliance standard Tools NESA, ISO 27001:2013 and NIST Key Achievements Successfully designed NESA compliance process. Project 4 Project Name Vulnerability Management Solution POC - L&T Infotech IMS Internal Team Size 3 Start Date November 2015 End Date March 2016 Project Description The overall objective of this project which includes build vulnerability management POC with SAAS model. This new vulnerability management services add to the IMS portfolio. Role & Contribution  Understand the requirement  Select QualysGuard as a SAAS vendor for vulnerability management  Build the entire POC in SCALE lab using temporary license given by vendor.  Designed documents for vulnerability management services, POC, User guide and cost model Tools QualysGuard Key Achievements Successfully completed POC Project 5 Project Name Cyber Security Solutions for Media Client Team Size 7 Start Date May 2016 End Date Till Date Project Description The overall objective of this project which includes Design, Deploy and management Cyber Security Solutions for media client. Design new operational process according to ITIL standards
  5. 5. Page 5 of 5 NARESHKUMAR RAGHUPATRUNI +91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA The entire process segregated in to four phases (which includes Level 1, Level 2, Level 3 and SME (Design, POC (Proof of Concept) Deploy Solution and Reviews Finally overall auditing which includes (Information Security and Quality) Role & Contribution  Taking overall responsibility for this project  Understand project requirements  Interact with client on regular basis  Understand the functional and technical features of the various cyber security tools/application in the client environment  Currently Designing L1 phase Tools  Standard ITIL and ISMS templates Key Achievements  Successfully submitted draft version of Level 1 process to client Other Experience Title Xerox Business Services – Information Security Principal (Team Lead) Start Date October 2013 End Date October 2015 Role & Contribution Project: Information Security Risk and Compliance – Xerox services and Xerox Technology  Responsible for leading information security, vulnerability, Risk and compliance implementation and adversary service for various clients.  Conduct risk assessments, vulnerability assessments and threat analyses periodically and consistently to identify risk to organization's information. Determine appropriate risk treatment options to manage risk to acceptable levels.  Evaluate information security controls to determine whether they are appropriate and effectively mitigate risk to an acceptable level  Report non compliances and other changes in information risk to appropriate management to assist in the risk management decision- making process.  Designing operational documents and process guides  Conduct client reviews and analyze security vulnerability data to identify applicability and false positives.  Audit information security controls as per company and client requirements  Research and develop testing tools, techniques, and process documents  Conduct penetration testing according to client requirement.  Mentoring team to build their skills and contribution levels  Writing a technical report, this includes suggested resolution for identified problem areas, and performing operational risk assessments
  6. 6. Page 6 of 6 NARESHKUMAR RAGHUPATRUNI +91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA Other Experience Title Hewlett-Packard Global Soft Ltd. – Technology Consultant (Information Security) Start Date January 2011 End Date October 2013 Role & Contribution Project 1: Information security, Risk and compliance Management GRC – Retail Client – US  Responsible for leading information security, Risk and compliance implementation and managing GRC  Establish and maintain information security policies to communicate management's directives for development of standards, procedures and guidelines  Evaluate information security controls to determine whether they are appropriate and effectively mitigate risk to an acceptable level  Report non compliances and other changes in information risk to appropriate management to assist in the risk management decision-making process  Manage and maintain organizational information security standards, procedures, guidelines and other documentation to support and guide compliance with information security policies  Conduct information security awareness training to the teams according to the clients requirements in a timely manner Project 2: Vulnerability Management Solution Design – Automobile Client US  Solution Engineer for the QualysGuard vulnerability management.  Managing user accounts for accessing Qualys Vulnerability Management Module  Qualys Asset (Device) management i.e. Adding devices for Qualys Vulnerability scanning  Managing Qualys Option Profiles  Customize vulnerability report generation with QualysGuard  Managing Qualys search lists  Managing Qualys authentication records.  Creating the EWO Document (Engineering Work Order) i.e. Implementation guide, product guide based on all the requirements gathered.  Simulating the whole solution built in development Labs before certifying it to be used by the operations in the production environment  Making sure all the steps in the Engineering solution process is peer reviewed and approved before the process is completed and solution handed over to the operations team for implementation.  Technical assistance for operation teams.
  7. 7. Page 7 of 7 NARESHKUMAR RAGHUPATRUNI +91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA Other Experience Title Intelligroup Asia Pvt. Ltd. An NTTDATA Company – Systems Engineer Start Date October 2007 End Date December 2010 Role & Contribution Project : Vulnerability Assessment for Semiconductor, Pharmaceutical – US, Sea Food Products – Greenland - Clients  Preform vulnerability assessment i.e. to run demand and schedule vulnerability scans.  Generating vulnerability scan reports and identifying vulnerabilities  Provide counter measures according to industry IT security standards  Review false-positives  Work with respective team members to fix or remediate the vulnerabilities  Review patch implementation for vulnerabilities Other Experience Title Netmetric Solutions – Sr. Network Security Engineer Start Date March 2007 End Date October 2007 Role & Contribution Project: Deploy network security Solution  Implement maintain and integration of the corporate WAN, LANs network security.  Implement and administration of network security hardware and software, enforcing the network security policy and complying with requirements.  Perform analysis of network security needs and contributes to design, integration, and installation of hardware and software.  Analyze, troubleshoot network security issues  Maintain and administrate perimeter security systems such as firewalls and intrusion detection systems. Other Experience Title Tick Business Solutions Pvt. Ltd. – Network Security Administrator Start Date October 2005 End Date March 2007 Role & Contribution Project: Infrastructure security Management - eSeva Govt. of Andhrapradesh India – Govt. Client
  8. 8. Page 8 of 8 NARESHKUMAR RAGHUPATRUNI +91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA  Manage network security infrastructure  Provide secure communications Ho / Bo ‘s  Implant Network security  Provide secure access controlling Internet Access (HTTP/HTTPS) to Users  Block unauthorized sites as per policy, monitor & maintain the access logs  Failover configurations  LAN/WAN administration Educational Qualification Education & Credentials Bachelor of Technology in Electronics and Telecommunications

×