Eroshan Weerathunga
Verified Expert in Engineering
Cybersecurity Engineer and Software Developer
Toronto, ON, Canada
Toptal member since December 6, 2022
Eroshan has over twelve years of experience in cybersecurity solutions. Eroshan's expertise includes helping clients manage and respond to rapidly evolving cyber threats. He has advised some of the largest organizations in North America and worldwide. He led a cybersecurity services portfolio. He also has experience with product development, has managed product vulnerabilities, and managed software development lifecycle (SDLC) for substation automation and protection devices.
Portfolio
Experience
Availability
Preferred Environment
Industrial Control Systems (ICS), Risk Assessment, Threat Modeling, Security Testing, Supervisory Control & Data Acquisition (SCADA)
The most amazing...
...experience I've had in cybersecurity is to safeguard critical infrastructure and protect people who would be impacted by a cybersecurity attack
Work Experience
Manager: Cybersecurity, Privacy, and Financial Crime
PwC
- Led a threat and risk assessment (TRA) and remediation project for a Canadian healthcare solution provider. Eliminated cybersecurity threats and vulnerabilities before the digitally enabled healthcare navigation tool launched.
- Managed a cybersecurity risk management project for one of the largest electricity generation companies in the US. Identified the risk exposure and planned risk mitigation activities. Evaluated cybersecurity risk for IT, OT, and NERC CIP assets.
- Developed cybersecurity policy and procedure for a Canadian-regulated electricity distribution company. Reviewed existing organizational policies and identified digital crown jewels and relevant owners.
- Led a vulnerability management project using Tenable for a Canadian electricity transmission and distribution company. Eliminated cybersecurity threats and vulnerabilities. Sustained a strong cybersecurity posture.
Senior Cybersecurity Engineer
General Electric
- Developed NERC CIP compliance assessments on substation automation products and created product security requirements for developemnt.
- Developed OT security architectures. Carried out threat modelling and that assessment and provided recommendations to remediate security gaps.
- Provided consultation on OT and NIDS selection. Deployed OT NIDS on several substations.
- Developed and managed a cybersecurity services portfolio. Managed strategic alliances and partnerships.
Firmware Engineer
General Electric
- Developed a vulnerability and penetration testing framework for the GE grid automation product portfolio. Identified vulnerabilities early in their development cycle.
- Implemented and validated SCADA protocols such as DNP3, IEC 60870-5-101, 104, Modbus, and EC 61850. Implementated and tested security technologies, such as DNP3, RADIUS, SSH, Syslog, VPN, TLS/SSL, KDC, OCSP, and SCEP.
- Developed a vulnerability and penetration testing framework for the GE grid automation product portfolio. Identified vulnerabilities early in their development cycle.
- Designed and executed penetration testing on OT devices to identify product security vulnerabilities. Provided vulnerability remediation actions to improve product cybersecurity maturity.
- Carried out Wurldtech Achilles, Mu Dynamics, and Nessus tests to evaluate product cybersecurity attack tolerance.
Experience
Threat Modeling and Penetration Testing
Threat and Risk Assessment
Education
Master's Degree in Electrical and Computer Engineering
Western Universiy - Ontario, Canada
Bachelor's Degree in Electronics and Telecommunication Enginnering
University of Moratuwa - Colombo, Sri Lanka
Skills
Platforms
Windows, VxWorks, Linux, Embedded Linux
Industry Expertise
Cybersecurity, Network Security, Telecommunications
Languages
C, Embedded C
Other
Industrial Control Systems (ICS), Security Analysis, Threat Modeling, Supervisory Control & Data Acquisition (SCADA), Software Development Lifecycle (SDLC), Risk Assessment, Security Testing, Real-time Operating System (RTOS), Embedded Systems, Security Architecture, Compliance, Secure Coding, Software, IoT Security, Threat Analytics, Risk Analysis
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring