Sreenath Sreepada, Developer in Tokyo, Japan
Sreenath is available for hire
Hire Sreenath

Sreenath Sreepada

Verified Expert  in Engineering

Cybersecurity Engineer and Developer

Location
Tokyo, Japan
Toptal Member Since
November 10, 2023

Sreepada is a results-driven cybersecurity professional and Certified Information Security Manager. He has effectively led and executed cybersecurity programs, managing teams and implementing robust security measures. With his broad experience in management and technical roles with leading global companies, Sreepada can effectively engage business managers to drive and establish security programs.

Availability

Full-time

Preferred Environment

Application Security, Technical Program Management, vCISO, Security Operations Centers (SOC), Cybersecurity

The most amazing...

...project I've set up and delivered from scratch is a risk management process and SSDLC program for application security, forming the program's two main pillars.

Work Experience

Senior Manager

2019 - PRESENT
Multinational Manufacturing Company
  • Performed security incident management. Redefined the security operations center (SOC) strategy and worked with a managed detection and response (MDR) vendor for managed security services to improve incident control.
  • Oversaw APAC risk management. Defined and implemented the risk management framework, aligning with global processes, and handled risk assessment and controls analysis and exceptions.
  • Led protection projects and implemented endpoint data loss prevention (DLP).
Technologies: Technical Program Management, Security Operations Centers (SOC), Cybersecurity

Data Risk Manager

2018 - 2019
Global eCommerce Company
  • Developed data sharing and data risk management processes and procedures.
  • Managed the data control team, overseeing data sharing across the company.
  • Performed data risk assessments for multiple applications with customer data.
Technologies: Risk Management, Data

Technical Information Security Officer

2013 - 2018
International Bank
  • Served as a technical information security officer handling application and infrastructure security.
  • Managed vulnerability assessment and penetration testing. Oversaw testing process and remediation, coordinating with the business to manage production lives and environments.
  • Conducted risk management, reviewing issues and corrective action plans, and advising on corrective actions.
Technologies: Application Security

Senior Engineer

1995 - 2003
Leading Telecom Services
  • Served as UNIX administrator for Solaris, Linux, and the mail system.
  • Handled network engineering, managing Cisco routers, leased lines, and data center services.
  • Managed and administrated the domain name system and Cisco PIX and Juniper firewalls.
Technologies: IT Networking

Cybersecurity Risk Management Process

A project to develop and implement a security risk management process. We engaged stakeholders and those impacted by the project to complete the following:

• Process development suitable for level-2 maturity
• Awareness and training
• Integration with the project methodology and PMO
• Process implementation and operations design
• Reporting and plan-do-check-act (PDCA) governance

Data Loss Prevention Tool Implementation

A DLP project, a key protection tool to prevent insider threats in the current hybrid work environment—helping to monitor user activity for data leak prevention.

I was the project manager and DLP service owner to continue the service operations. The project was to establish and roll out an endpoint DLP solution, implementing data monitoring across email, web, USB, print, and application channels from user PCs to monitor and prevent data leaks.

The project consists of business requirements identification, infrastructure implementation, DLP policy design, rollout, and DLP log monitoring process implementation.

Establishing a Managed Security Operations Center

A managed SOC and incident response process covering critical assets. We engaged stakeholders and those impacted by the project to complete the following:

• Current SOC operations and gap analysis
• Identification of critical logs required for SOC monitoring
• IT managers' collaboration to feed the logs to the SOC
• Vendor cooperation for detection policies and customization
• Response process definition

Phishing and Malware Analysis

A project to analyze the emails reported by users for phishing threats and malware checks using open-source tools and APIs.

Phishing emails pose a significant threat to the end user environment. Though anti-malware, endpoint, and detection response tools block them, users still receive and report them.

We developed macros and scripts in Visual Basic for applications, Python, and PowerShell to analyze the emails, identifying phishing indicators of compromise and reporting them to the SOC management to be blocked.

Data Risk Management Policy

The development of a data risk management policy for a global eCommerce company.

Data risk, security, and lifecycle within the data governance umbrella are of significant importance for an eCommerce company dealing with millions of customer data and thousands of vendors and 3rd-parties.

This project was to write a data governance policy, mainly covering data sharing, to enable organizations, 3rd-parties, and internal companies to safely share data, complying with security and privacy guidelines following data ownership and data lifecycle concepts.

SSDLC Maturity Assessment and Improvement

A project to assess the current Secure Systems Development Lifecycle (SSDLC) maturity using the Building Security in Maturity Model (BSIMM) and implement the recommendation.

The project required working with the BSIMM vendor, business managers, and application teams to assess the capabilities, identify gaps, and implement security testing, code review, and other recommendations.

Establishing the light scan process and dev-assist tools helped to reduce the security vulnerabilities even before the application's first test.

Cybersecurity Program Design

The project was to design a cybersecurity program for a Bank as external auditors pointed out many issues and regulators issuing business orders.

As a member of a larger team, I have worked with multiple stakeholders and business units to perform gap analysis and helped to redesign the cybersecurity program.

We worked on Infra security, application security, data security, and mobile app security to develop a 3-year plan to improve cyber security capabilities and remediate audit findings.

Other

Information Security, Incident Response, Application Security, Technical Program Management, Security Operations Centers (SOC), Data Loss Prevention (DLP), Risk Management, Phishing Simulation & Analysis, vCISO, Data, IT Networking, CISSP, CISM, AWS Shared Responsibility Model, ISO 27001

Languages

Python

Frameworks

COBIT

Industry Expertise

Cybersecurity

Platforms

Amazon Web Services (AWS)

1999 - 2000

Master's Degree in Software Engineering

BITS Pilani - Pilani, Rajasthan, India

SEPTEMBER 2018 - PRESENT

COBIT Foundation Certificate

ISACA

AUGUST 2012 - JULY 2024

Certified in Risk and Information Systems Control (CRISC)

ISACA

JANUARY 2012 - DECEMBER 2024

CISSP – Certified Information Systems Security Professional

ISC2, Inc.

SEPTEMBER 2011 - AUGUST 2024

Certified Information Security Manager (CISM)

ISACA

AUGUST 2011 - PRESENT

Lead Auditor ISO/IEC 27001 Information Security

British Standards Institution

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring