Information Security Manager | Incident Commandant
2019 - PRESENTCvent- Acted as the incident commandant reporting to the CISO. Conducted open-source and classified research on emerging and trending threats and vulnerabilities. Led complex projects cross-functionally and globally.
- Led a team of cybersecurity professionals responsible for the design, implementation, attack mitigation, and ongoing support of security systems of high complexity to fulfill the business needs.
- Rewrote the complete IR process, including the SOPs, playbooks, workbooks, and security automation, and mapped the use cases with security frameworks such as MITRE ATT&CK.
- Managed threat intelligence, threat hunting (IOC vs. TTP), forensics, data protection, EDR, email security, cloud security, malware analysis, and reverse engineering.
- Reduced the blast radius from a cloud security perspective and managed the cloud security posture assessment. Oversaw the vulnerability management program and prioritization of vulnerabilities.
- Led the company-wide deployments of multiple security products to secure all resources, infrastructure, applications, and storage. Created 30+ use cases with security automation capabilities.
Technologies: Cloud Security, IT Security, Threat Hunting, Threat Intelligence, Strategy, Malware Analysis, Vendor Management, MDR, Audits, ATT&CK, Security Framework, Secure Access Service Edge (SASE), Cloud Access Security Broker (CASB), Data Protection, Security Automation, Azure Security, AWS Security, NetFlow, DNS, Proxy Servers, YARA, Snort, Penetration Testing, Bro Logs, IDS/IPS, TTP, IoC, Python, Windows PowerShell, Network Hunting, ISO 27001, PCI DSS, SOC 1, SOC 2, NIST, CISSP, Azure, Sentinel, Proofpoint, TAP, TRAP, Carbon Black, CrowdStrike, Endpoint Detection and Response (EDR), DevOps, Identity & Access Management (IAM), Risk ManagementStaff Engineer
2015 - 2019STMicroelectronics- Managed the SOC and security engineering team, which included leading and mentoring over 13 security experts and meeting business goals. Acted as the incident commandant of the Indian region.
- Acted as the key member of the digital transformation group that oversaw transitioning to the cloud in a hybrid approach and securitization in Azure.
- Ran the specific programs such as threat detection, content development, EDR transformation, cloud security, SOPs for incident response, and security audit, including PCI-DSS, SOC 1/2, ISO27k, and GDPR.
- Assisted DevOps team in SSDLC, including threat modeling, penetration testing, zero-trust security model, and using the shift-left approach for CI/CD pipelines with Jenkins. Created a baseline for Windows, Mac, and Linux from a security standpoint.
Technologies: Cloud Security, Audits, Data Protection, CISSP, DevSecOps, VAPT, Microsoft, AWS, Security Framework, Cyber Forensics, Threat Intelligence, Threat Hunting, Azure, Strategy, Cloud TransformationSenior Security Specialist
2012 - 2015BT Group- Acted as the shift operations manager for specific customers, including LBG, PepsiCo, Philips, Novartis, and Nestlé.
- Deployed the SOC for multiple customers, including Dixon and Mars. Provided consultancy services to several customers from SOC and security architecture perspectives.
- Oversaw the POC for any new tool and technology. Collaborated with the presales team to onboard new customers.
- Onboarded multiple use cases in SIEM tools to enhance threat detection capabilities. Conducted multiple open-source and classified research projects on emerging and trending threats and vulnerabilities.
- Used a number of tools and technologies, including SIEM, WAF, DLP, IPS, IDS, firewall, proxy, FireEye APT, AV, REMnux, DDoS, Proofpoint, Wireshark, Burp Suite, PAM, ATT&CK framework, OWASP Top 10, Python, Nipper, and HLD/LLD.
Technologies: Data Protection, Application Security, Security Architecture, Incident Response, PKI, Cryptography, Audits, Email Security, Infrastructure Security, Network Operations Center, SecOps, SIEM, UEBASecurity Engineer
2010 - 2012Orange Business Services- Investigated the abnormal events, classified the potential security breaches, raised the security incident alerts, performed the technical and management escalation, and implemented the second-level mitigation action to confirm security incidents.
- Led the risk and vulnerability assessments and systems security audits of the servers and provided support in clearing the discrepancies according to PCI-DSS and ISO 27001.
- Performed host-based forensics and managed the threat intelligence program, hunting program, and DLP data protection program to secure sensitive data.
- Appointed as a shift lead and oversaw creating the SOC matrices data for the management.
Technologies: Incident Response, Malware Analysis, Threat Hunting, Audits, PCI DSS, Threat Intelligence, ISO 27001, SecOps, Threat Modeling, Threat Detection, Infrastructure Security, Email Security, Application Security, Vulnerability Management, Software Development Lifecycle (SDLC)Security Analyst
2008 - 2010HCL Technologies- Managed the cyber project outsourced by the National Informatics Center for the Indian Government, including the Ministry of External Affairs, Prime Minister, Ministry of Home Affairs, all states, and Bhawan.
- Deployed multiple tools for day-to-day operations, including the Check Point and Cisco firewalls, Blue Coat proxy, Trend Micro and MacAfee AV, netForensics (SIEM), MacAfee IDS/IPS, and Snort.
- Updated the security patches and vulnerabilities, manually hunted for IOCs using security tools, and responded to the security alerts.
- Performed audits of security tools and created security dashboards for specific platforms.
Technologies: Endpoint Security, Infrastructure Security, Incident Response, Application Security, Certified Ethical Hacker (CEH), CCNA Security, Firewalls, Proxy Servers, Software Development Lifecycle (SDLC), SecOps, Vulnerability Management
Ankit Mittal
Cybersecurity Developer in Gurugram, Haryana, India
Member since May 7, 2021
Ankit is a cybersecurity expert with 13 years of experience in incident response, threat hunting and intelligence, forensics, cloud security architecture, Malware analysis, endpoint security, SIEM, data protection, DevSecOps, and vulnerability management. His expertise is backed by cybersecurity certifications from multiple vendors such as ISC2, AWS, Microsoft, and VMware. With his strong leadership skills, Ankit excels in leading teams to deliver cybersecurity solutions and meet business goals.
Ankit is now available for hire
Portfolio
- CventCloud Security, IT Security, Threat Hunting, Threat Intelligence, Strategy...
- STMicroelectronicsCloud Security, Audits, Data Protection, CISSP, DevSecOps, VAPT, Microsoft...
- BT GroupData Protection, Application Security, Security Architecture...
Experience
- Incident Response 13 years
- Security Operations Centers (SOC) 13 years
- Endpoint Security 12 years
- Data Protection 11 years
- Vulnerability Management 10 years
- Threat Intelligence 8 years
- Threat Hunting 8 years
- Cloud Security 6 years
Availability
Full-time
Preferred Environment
Cybersecurity, Security Operations Centers (SOC), Data Protection, Endpoint Security, Cloud Security, Threat Hunting, Threat Intelligence, Vulnerability Management, Infrastructure Security, Incident Response
The most amazing...
...projects I've delivered are building SOC from scratch for multiple customers and strategizing transformation of on-premises to cloud from a security standpoint.
Employment
Experience
- Security Architecture—B2B and SOA platforms
My role in this project was to rearchitect the design for B2B and SOA platforms and add security layers considering defense-in-depth—firewalls, IPS/IDS, WAF, VAPT, and DMZ. I also created the security dashboards by internal auditing of systems and servers, including vulnerabilities, configuration hardening, and penetration test findings, and I remediated all findings.
- Cloud Journey—Blast Radius Project
During the migration of our workloads to the Cloud, the goal was to minimize the impact of a possible failure and have no dependencies on other products. It mainly included failures due to security incidents, human error, and environmental factors.
- SOC Reboot
The aim was to operationalize and institutionalize the process for SOC activities such as log ingestion, SOPs, playbooks, automation, and content development, map the use cases with security frameworks, and standardize responses across the organization.
Skills
Industry Expertise
Cybersecurity, Security, IT Security, Network SecurityOther
Security Operations Centers (SOC), Infrastructure Security, Incident Response, Data Protection, Endpoint Security, Cloud Security, Threat Hunting, Threat Intelligence, Vulnerability Management, Malware Analysis, AWS, Cloud Transformation, Application Security, Certified Ethical Hacker (CEH), CCNA Security, Firewalls, Proxy Servers, Software Development Lifecycle (SDLC), SecOps, Audits, PCI DSS, ISO 27001, Threat Modeling, Threat Detection, Email Security, Security Architecture, PKI, Cryptography, Network Operations Center, SIEM, UEBA, CISSP, VAPT, Security Framework, Cyber Forensics, Strategy, Vendor Management, MDR, ATT&CK, Secure Access Service Edge (SASE), Cloud Access Security Broker (CASB), Security Automation, Azure Security, AWS Security, Information Security, Risk Management, Disaster Recovery Plans (DRP), Physical Security, Identity & Access Management (IAM), Security Engineering, OWASP Top 10, Cyber Attacks, Proxy Solution, Web Filtering, Web Security, Linux Security, Virtualization, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Routing, Networking, Security Orchestration, CCSA, CCSE, CCMSE, BCCPA, BCCPP, Red Hat Certified System Administrator (RHCA), Red Hat Certified System Engineer (RHCSE), Certified Cloud Security Professional (CCSP), SoC, NetFlow, DNS, Bro Logs, IDS/IPS, TTP, IoC, Network Hunting, SOC 1, NIST, Proofpoint, TAP, TRAP, Sentinel One, Carbon Black, CrowdStrike, Endpoint Detection and Response (EDR), SOC 2, Data Privacy, ComplianceTools
Splunk, Sentinel, IBM QRadar, YARA, Snort, TerraformPlatforms
Azure, Microsoft, LinuxLanguages
PythonFrameworks
Windows PowerShellParadigms
DevSecOps, Automation, Penetration Testing, DevOps
Education
- Bachelor's Degree in Electronics and Communication2004 - 2008ITM College - Gurugram, India
Certifications
- Carbon Black Associate Analyst and Threat HunterFEBRUARY 2021 - PRESENTVMware
- Splunk FundamentalsSEPTEMBER 2020 - PRESENTSplunk
- AWS Certified Security—SpecialtyFEBRUARY 2019 - PRESENTAmazon
- Certified Information Systems Security ProfessionalJUNE 2018 - PRESENTISC2
- Microsoft Certified: Azure Security Engineer AssociateMARCH 2018 - PRESENTMicrosoft
- Certified Ethical HackerFEBRUARY 2014 - PRESENTEC-Council
- Check Point Certified Security AdministratorNOVEMBER 2013 - PRESENTCheck Point
- Check Point Certified Security ExpertNOVEMBER 2013 - PRESENTCheck Point
- Check Point Certified Managed Security ExpertNOVEMBER 2013 - PRESENTCheck Point
- Blue Coat Certified Proxy AdministratorMARCH 2013 - PRESENTBlue Coat Systems
- Blue Coat Certified Proxy ExpertMARCH 2013 - PRESENTBlue Coat Systems
- Red Hat Certified System AdministratorAPRIL 2011 - PRESENTRed Hat
- Red Hat Certified System ExpertAPRIL 2011 - PRESENTRed Hat
- Cisco Certified Security ProfessionalNOVEMBER 2010 - PRESENTCisco
- Trend Micro Certified ProfessionalAPRIL 2009 - PRESENTTrend Micro
- CCNA SecurityMARCH 2009 - PRESENTCisco
- CCNAFEBRUARY 2009 - PRESENTCisco
