
Sreenath Sreepada
Verified Expert in Engineering
Cybersecurity Engineer and Developer
Tokyo, Japan
Toptal member since November 10, 2023
Sreepada is a results-driven cybersecurity professional and Certified Information Security Manager. He has effectively led and executed cybersecurity programs, managing teams and implementing robust security measures. With his broad experience in management and technical roles with leading global companies, Sreepada can effectively engage business managers to drive and establish security programs.
Portfolio
Experience
- Technical Program Management - 8 years
- Incident Response - 5 years
- Risk Management - 5 years
- Application Security - 4 years
- Cybersecurity - 3 years
- Data Loss Prevention (DLP) - 3 years
- Security Operations Centers (SOC) - 3 years
- vCISO - 2 years
Availability
Preferred Environment
Application Security, Technical Program Management, vCISO, Security Operations Centers (SOC), Cybersecurity
The most amazing...
...project I've set up and delivered from scratch is a risk management process and SSDLC program for application security, forming the program's two main pillars.
Work Experience
Senior Manager
Multinational Manufacturing Company
- Performed security incident management. Redefined the security operations center (SOC) strategy and worked with a managed detection and response (MDR) vendor for managed security services to improve incident control.
- Oversaw APAC risk management. Defined and implemented the risk management framework, aligning with global processes, and handled risk assessment and controls analysis and exceptions.
- Led protection projects and implemented endpoint data loss prevention (DLP).
Data Risk Manager
Global eCommerce Company
- Developed data sharing and data risk management processes and procedures.
- Managed the data control team, overseeing data sharing across the company.
- Performed data risk assessments for multiple applications with customer data.
Technical Information Security Officer
International Bank
- Served as a technical information security officer handling application and infrastructure security.
- Managed vulnerability assessment and penetration testing. Oversaw testing process and remediation, coordinating with the business to manage production lives and environments.
- Conducted risk management, reviewing issues and corrective action plans, and advising on corrective actions.
Senior Engineer
Leading Telecom Services
- Served as UNIX administrator for Solaris, Linux, and the mail system.
- Handled network engineering, managing Cisco routers, leased lines, and data center services.
- Managed and administrated the domain name system and Cisco PIX and Juniper firewalls.
Experience
Cybersecurity Risk Management Process
• Process development suitable for level-2 maturity
• Awareness and training
• Integration with the project methodology and PMO
• Process implementation and operations design
• Reporting and plan-do-check-act (PDCA) governance
Data Loss Prevention Tool Implementation
I was the project manager and DLP service owner to continue the service operations. The project was to establish and roll out an endpoint DLP solution, implementing data monitoring across email, web, USB, print, and application channels from user PCs to monitor and prevent data leaks.
The project consists of business requirements identification, infrastructure implementation, DLP policy design, rollout, and DLP log monitoring process implementation.
Establishing a Managed Security Operations Center
• Current SOC operations and gap analysis
• Identification of critical logs required for SOC monitoring
• IT managers' collaboration to feed the logs to the SOC
• Vendor cooperation for detection policies and customization
• Response process definition
Phishing and Malware Analysis
Phishing emails pose a significant threat to the end user environment. Though anti-malware, endpoint, and detection response tools block them, users still receive and report them.
We developed macros and scripts in Visual Basic for applications, Python, and PowerShell to analyze the emails, identifying phishing indicators of compromise and reporting them to the SOC management to be blocked.
Data Risk Management Policy
Data risk, security, and lifecycle within the data governance umbrella are of significant importance for an eCommerce company dealing with millions of customer data and thousands of vendors and 3rd-parties.
This project was to write a data governance policy, mainly covering data sharing, to enable organizations, 3rd-parties, and internal companies to safely share data, complying with security and privacy guidelines following data ownership and data lifecycle concepts.
SSDLC Maturity Assessment and Improvement
The project required working with the BSIMM vendor, business managers, and application teams to assess the capabilities, identify gaps, and implement security testing, code review, and other recommendations.
Establishing the light scan process and dev-assist tools helped to reduce the security vulnerabilities even before the application's first test.
Cybersecurity Program Design
As a member of a larger team, I have worked with multiple stakeholders and business units to perform gap analysis and helped to redesign the cybersecurity program.
We worked on Infra security, application security, data security, and mobile app security to develop a 3-year plan to improve cyber security capabilities and remediate audit findings.
Education
Master's Degree in Software Engineering
BITS Pilani - Pilani, Rajasthan, India
Certifications
COBIT Foundation Certificate
ISACA
Certified in Risk and Information Systems Control (CRISC)
ISACA
CISSP – Certified Information Systems Security Professional
ISC2, Inc.
Certified Information Security Manager (CISM)
ISACA
Lead Auditor ISO/IEC 27001 Information Security
British Standards Institution
Skills
Languages
Python
Frameworks
COBIT
Industry Expertise
Cybersecurity
Platforms
Amazon Web Services (AWS)
Other
Information Security, Incident Response, Application Security, Technical Program Management, Security Operations Centers (SOC), Data Loss Prevention (DLP), Risk Management, Phishing Simulation & Analysis, vCISO, Data, IT Networking, CISSP, CISM, AWS Shared Responsibility Model, ISO 27001
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring