Pratik CISA's Email Addresses & Phone Numbers

• Pratik has 7 years of cumulative Information Security experience.

• Pratik has 7 years of cumulative Information Security experience.

• Analytical and detail-oriented Information Security professional ready to promote and maintain security of enterprise data, networks, and systems.

• Energetic self-starter attracted to challenging opportunities with outstanding communication and organizational abilities.

• Recognized by peer employees and managers for leadership and expertise in Threat Intel. (APT), Phishing / Malware RE and OSINT research.

• Experience in Fraud Investigation, Security Operations, Incident Management and Response, Wireless Security, Penetration Testing, Vulnerability Assessments, Malware Analysis/Reverse Engineering, Security Validation, Risk Management

• Experience advising on security best practices, policies and procedures as well as security strategy.

• Experience executing PCI Compliance engagements

• Good understanding of Cryptography

• Knowledge of payment systems such as UnionPay, RuPay, MasterCard, Visa, etc.

• Strong understanding of OWASP Top 10, CWE 25 and Secure Software Development Life Cycle.

• Strong understanding in performing top-down risk analysis and threat modeling of web applications

• Experience in implementation of secure coding practices as well as architectural risk analysis

• Experience managing cross-functional internal and external team collaboration, evangelization, and communication.

• Strong oral/written communication skills concerning security threats and risks to a wide range of audience.

-------------------------------------------------------------------------------------------------------------------------------------

Publication: Savla, P., Martino, L. (2012) Content Analysis of Privacy Policies for Health Social Networks. IEEE International Symposium on Policies for Distributed Systems & Networks. Chapel Hill, North Carolina. July 16-18, 2012.

Specialties: Incident Response, Threat Intel., Phishing Investigation, Malware RE, Pen-Testing, Vuln. Assessments, Compliance Audit.Supervisor, Security and Privacy Services Consulting @ • Manage and execute a portfolio of security-related engagements.

• Lead teams in the performance of security assessments, including –

- Internal Vulnerability assessment

- Internal Penetration testing

- Wireless Security assessment

- Social Engineering

- Payment Card Industry (PCI) assessment.

• Providing management and supervision of associates and senior associates.

• Coach and mentor staff in their development From September 2014 to Present (1 year 4 months) San Francisco Bay AreaGlobal Member @ The Internet Society (ISoc) is an international, non-profit organization founded in 1992 to provide leadership in Internet related standards, education, and policy. It states that its mission is "to promote the open development, evolution and use of the Internet for the benefit of all people throughout the world". From November 2014 to Present (1 year 2 months) San Francisco Bay AreaProfessional Member - Silicon Valley Chapter @ Professional Member - ISACA (Silicon Valley / Sunnyvale Chapter) From October 2014 to Present (1 year 3 months) Member @ Member - Cloud Security Alliance (CSA) From October 2014 to Present (1 year 3 months) San Francisco Bay AreaMember @ Member - Electronic Frontier Foundation (EFF) From May 2014 to Present (1 year 8 months) San Francisco Bay AreaInformation Security Analyst | Threat Intelligence Lead @ • Developed and Implemented Comprehensive Threat Intelligence Methodologies to Classify, Attribute and Defend against advanced cyber-attacks.

• Led Information Sharing and Collaboration Efforts and involved in daily intelligence exchange amongst different partners of the EMC/VMware Federation as well as external organizations.

• Responsibilities also include Intrusion Analysis, Phishing Analysis, Malware Analysis (Static/Dynamic) and Reverse Engineering, Security Infrastructure Maintenance, Scripting, Incident Response Interaction, and Open Source Threat Analysis.

• Skilled in the usage of Network and Host based analysis tools for analysis, classification and Threat Actor attribution of cyber-attacks.

• Engineered and deployed an extensive Malware Research Environment.

• Daily implementation of Snort, NetWitness, Wireshark, tcpdump, Splunk, IDAPro and other tools for investigation and analysis.

• Deployed multiple Snort instances across disparate egress networks with custom rulesets for targeted monitoring and alerting for traffic flow to critical infrastructure. As well as Splunk for central log aggregation and SIEM duties.

• Prepared situational awareness reports and briefings for executive leadership as necessary.

• Developed technical write-ups for team members.

• Identified signatures and patterns in technical and non-technical intelligence information

• Processed collected intelligence indicators and information for insertion into our network defensive posture at different layers of our defense-in-depth architecture. From November 2012 to July 2014 (1 year 9 months) Security Engineer @ • Worked with the Cyberfraud group.

• Worked on developing a group dashboard application

• Tuned processes associated with cyber fraud prevention and facilitated in fraud-related investigation associated with TurboTax.

• Participated in discussions to improve the application, processes etc. From July 2012 to November 2012 (5 months) Associate Product Consultant (LTE position) @ • Customization of the Esker products such as end-user interface, reports and workflow to meet clients' requirements.

• Worked closely with clients to satisfy their requirements.

• Executed test cases to validate the product configurations.

• Involved in trouble-shooting problems, faced during the course of configuring the product.

• Worked with sales, research & development and technical support to resolve issues for clients.

• Participated in discussions to improve the software, processes etc., From January 2012 to March 2012 (3 months) Madison, Wisconsin AreaProgrammer/Research Assistant @ Export Certification Project (EXCERPT)

The project is aimed at maintaining a database that contains information on more than 250 countries for preparing phytosanitary certificates accompanying plants exported from the United States. My job was to work with HTML validation issues of web pages as part of an archive of over 2 million files.

Following are some of my contributions:

• Examined the archived web pages for validation error

• Formulated a “Search and Replace” list of strings to be modified

• Actively contributed towards creating regular expressions in Microsoft Word From May 2011 to August 2011 (4 months) Security Analyst / Programmer @ Urban Forest Health Information Center (UFORHIC)

The project is aimed at developing a secure web application with RDBMS support for managing urban forest information. The project is funded by the USDA Forest Service. My job was to uncover security vulnerabilities and implement the necessary controls.

Following are some of my contributions:

• Designed and developed a secure registration module for the system using PHP and MySQL

• Actively contributed towards web application security analysis (OWASP Top 10)

• Participated in a software code review for the system.

• Conducted threat modeling and top-down risk analysis

• Implemented secure coding practices and performed architectural risk analysis (ARA) From September 2010 to April 2011 (8 months) Graduate Assistant @ Office of Enrollment Management coordinates enrollment services for the university, working collaboratively with academic units, student affairs and administrative units.

Following are my contributions to the job:

• Provided technical support to streamline reporting processes in order to improve efficiency.

• Rendered analytical support on ad hoc requests and other projects.

• Utilized data management, research and analysis, and information presentation skills. From January 2009 to May 2010 (1 year 5 months) Technical Associate (Trainee) @ Tech Mahindra Limited is a provider of information technology, networking technology solutions and business process outsourcing services to the global telecommunications industry.

My training involved the following modules:

• Completed technical training in C, C++, Java, SQL, PL/SQL, UNIX, J2EE and Software Testing.

• Performed client / server programming and socket programming using Java From June 2007 to September 2007 (4 months) Mumbai Area, IndiaCustomer Dialog Executive @ Magus Customer Dialog Pvt. Ltd. provides expertise for handling highly sophisticated customer relationship building programs. It was the first independent customer retention and customer response organization in India.

My job involved the following duties:

• Integrated new information into customer database and ensured customer satisfaction.

• Trained 5 new employees on various tasks: computer skills, company policies and procedures From May 2004 to July 2004 (3 months) Mumbai Area, IndiaMaster of Science, Information Security @ Purdue University From 2008 to 2011 Forensic Accounting and Fraud Examination @ West Virginia University From 2014 to 2014 Certificate, IT- Project Management @ Indian Institute of Technology, Bombay From 2007 to 2007 Bachelor of Engineering, Computer Engineering @ University of Mumbai From 2004 to 2007 Diploma, Computer Engineering @ Government Polytechnic, Mumbai From 2001 to 2004 FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques @ SANS Institute From 2014 to 2014 Pratik CISA is skilled in: Information Security, Unix, Network Security, Web Application Security, Information Security Management, Vulnerability Assessment, Penetration Testing, MySQL, Java, Linux, Databases, C++, Python, Application Security, Malware Analysis