Sreenath Sreepada

A project to develop and implement a security risk management process. We engaged stakeholders and those impacted by the project to complete the following:

• Process development suitable for level-2 maturity
• Awareness and training
• Integration with the project methodology and PMO
• Process implementation and operations design
• Reporting and plan-do-check-act (PDCA) governance

A DLP project, a key protection tool to prevent insider threats in the current hybrid work environment—helping to monitor user activity for data leak prevention.

I was the project manager and DLP service owner to continue the service operations. The project was to establish and roll out an endpoint DLP solution, implementing data monitoring across email, web, USB, print, and application channels from user PCs to monitor and prevent data leaks.

The project consists of business requirements identification, infrastructure implementation, DLP policy design, rollout, and DLP log monitoring process implementation.

A managed SOC and incident response process covering critical assets. We engaged stakeholders and those impacted by the project to complete the following:

• Current SOC operations and gap analysis
• Identification of critical logs required for SOC monitoring
• IT managers' collaboration to feed the logs to the SOC
• Vendor cooperation for detection policies and customization
• Response process definition

A project to analyze the emails reported by users for phishing threats and malware checks using open-source tools and APIs.

Phishing emails pose a significant threat to the end user environment. Though anti-malware, endpoint, and detection response tools block them, users still receive and report them.

We developed macros and scripts in Visual Basic for applications, Python, and PowerShell to analyze the emails, identifying phishing indicators of compromise and reporting them to the SOC management to be blocked.

The development of a data risk management policy for a global eCommerce company.

Data risk, security, and lifecycle within the data governance umbrella are of significant importance for an eCommerce company dealing with millions of customer data and thousands of vendors and 3rd-parties.

This project was to write a data governance policy, mainly covering data sharing, to enable organizations, 3rd-parties, and internal companies to safely share data, complying with security and privacy guidelines following data ownership and data lifecycle concepts.

A project to assess the current Secure Systems Development Lifecycle (SSDLC) maturity using the Building Security in Maturity Model (BSIMM) and implement the recommendation.

The project required working with the BSIMM vendor, business managers, and application teams to assess the capabilities, identify gaps, and implement security testing, code review, and other recommendations.

Establishing the light scan process and dev-assist tools helped to reduce the security vulnerabilities even before the application's first test.

The project was to design a cybersecurity program for a Bank as external auditors pointed out many issues and regulators issuing business orders.

As a member of a larger team, I have worked with multiple stakeholders and business units to perform gap analysis and helped to redesign the cybersecurity program.

We worked on Infra security, application security, data security, and mobile app security to develop a 3-year plan to improve cyber security capabilities and remediate audit findings.