Cyber Security Engineer - Deloitte [Cyber Risk]

[Jun 2017 - Present]              

About

Found security issues that prevented leak of personal information belonging to 100 million+ people. I specialize in finding vulnerabilities in Web, Mobile applications, IT infrastructure, and consulting on why, how, and when to fix them.

Acknowledgements, CVEs

- Found a critical Session Management issue in Rapid7 Nexpose (also for insightVM).(CVE-2019-5638, CVE-2019-5640, CVE-2019-5641, and CVE-2021-3844 assigned)

- Reported security issues in Quick Heal Total Security, an Antivirus software (CVE-2020-27585, CVE-2020-27586, CVE-2020-27587 assigned)

- Reported an Authorization vulnerability and other bugs in Crypto currency mining software Nicehash Miner (CVE-2019-6120, CVE-2019-6121, CVE-2019-6122 assigned)

- Found a CSRF in phpMyAdmin , submitted an exploit for the same on exploit.db, featured in prominent InfoSec blogs like The Hacker News, security week, etc. (CVE-2017-1000499 assigned)

- Received total 1.15 Million award miles from United Airlines for finding security issues

- Acknowledged by Google, Apple, Rapid7, FireEye, United Nations, Govt of India, Amazon, United States- Department of Defense, IBM, Symantec, United Airlines, Coinbase, JPMorgan Chase, Twitter and multiple Fortune 500 companies for finding out security issues.

Download CV (Click to view, Right click, save link as to download) ,, Say Hi, ✉ [email protected]


Education

2010-2015
Ahmedabad Institute of Technology

Bachelor's Degree-Computer Engineering

Studied Computer Engineering. Learned concepts of Computer Networks, Java, C, C++, asp.net, C#, Database Management System, Operating Systems, Microprocessors and more.

2015-2017
National Forensic Sciences University

MTech in Cyber Security and Incident Response (Masters Degree)

Masters Degree in Cyber Security. Learned performing Vulnerability Analysis, Incident Response, Application Security, SCADA Security, Risk Management and more

Experience

Jun 2017 - May 2019
Deloitte India - Cyber Risk

Cyber Security Consultant

Performed Application security assessments, Configuration Review, involved in kick off meetings, Explained security issues and remediations to Clients, management and developers

Jun 2019 - May 2022
Deloitte India - Cyber Risk

Assistant Manager

Promoted to Assistant Manager. Performed Vulnerability Management, Application Security Assessments, Penetration Testing and analysed alerts from Automated tools

Jun 2022 - Present
Deloitte India - Cyber Risk

Deputy Manager

Performed Purple teaming, Breach and Attack simulation, Developed scripts for automating some scenarios

Testimonials

Thank you for your great engagement in our program. It's a great pleasure to work with you

Google Security Team aka GoogleVRP

We greatly appreciate your assistance in helping to maintain and improve the security of our products.

Apple Security Team

We really appreciate all the time you have put into your research, thank you again for helping us to protect our customers.

Amazon Security Team

Thank you for participating in our Bug Bounty Program and helping us improve our security! We appreciate your participation in this program and encourage you to submit any other bugs you find.

United Airlines Security Team

Coinbase would like to thank you for your various findings over the years. Your research has been essential in helping Coinbase improve its security posture. We look forward to your future work.

Coinbase Security Team

Harvard appreciates responsible reporting of information security issues impacting our systems and networks. Thank you, Ashutosh!

Chief Information Security Officer, Harvard University



Blogs