Subbu Somasundaram
Verified Expert in Engineering
DevSecOps and Cloud Architect Developer
Toronto, ON, Canada
Toptal member since December 12, 2022
Subbu is a subject matter expert in information security and has over 20 years of information technology experience. He has assisted large enterprise customers in the banking, telecommunication, and eCommerce sectors with security transformation, DevSecOps, security architecture, and implementations. Subbu's security expertise includes AWS, GCP Cloud, IAM, enterprise security, data protection, and application security and compliance.
Portfolio
Experience
Availability
Preferred Environment
Amazon Web Services (AWS), Google Cloud Platform (GCP), Web Security, Compliance, SOC 2, HITRUST Certification, Application Security, Cloud Security, Security Governance, PCI DSS
The most amazing...
...enterprise project I led was a multi-account AWS environment to host 200+ applications with multiple compliance obligations for a DevSecOps operating model.
Work Experience
Senior Category Leader: Identity and DevSecOps
Amazon Web Services (AWS)
- Received the "One Team Award" for enabling a customer to be successful in AWS Cloud.
- Received the "Silent Hero Award" for contributions to successful customer engagements and onboarding to AWS Cloud.
- Received the "Tres Comas Club Leadership Award" for building new ideas and thought leadership for customers.
- Presented security, identity, and DevSecOps topics at multiple public events and conferences.
Lead Cloud Security Archiect
Scotiabank
- Enabled Google Cloud Security Foundations to move applications in Google Cloud. For confidentiality reasons, I cannot share more information about the app here.
- Enabled Azure Identity Access Management (IAM) for cloud access.
- Delivered security solutions for big data-based applications in GCP.
Security Archiect
Amazon Canada
- Assisted clients in enabling cloud security, security automation, and DevSecOps.
- Set up AWS CloudHSM for key management.
- Assisted customers with Identity and Access Management architecture.
Information Security Officer
BMO Bank of Montreal
- Managed the security and compliance for the credit and debit card applications portfolio. Collaborated with portfolio personnel, stakeholders, and senior management to identify information security-related risks and controls.
- Provided information security requirements advice and counsel to portfolio personnel, project teams, and the business, ensuring alignment with IS processes and solutions.
- Consolidated, interpreted, and reported key portfolio information security risks and trends.
- Managed and facilitated Information Security Assessments (ISA) throughout the project lifecycle, ensuring key risks were highlighted and controls identified and implemented to mitigate risk. Performed and reviewed static and dynamic code analysis.
- Prepared and enabled the PCI DSS for applications.
Security Consultant: Application Protocol Research
TELUS
- Completed application protocol research for 500+ applications and protocols in a laboratory environment.
- Performed reverse engineering for various applications and communication protocols.
- Wrote security research reports and detection patterns, techniques, and signatures for security devices.
Experience
Cloud Migration and Security Operations
I enabled a cloud environment set up using AWS Landing Zone to ensure the account and environment have a consistent set up. I then helped set up security controls and operations capabilities to ensure safe and smooth operations of the cloud.
Cloud KPIs were set up with well-architect pillars and the Cloud Adoption Framework. Once the application was moved to AWS cloud, it was measured against the KPIs for successful implementation. The cloud worked as expected, and applications were then moved to the cloud by validating against the KPIs.
Education
Master's Degree in Computer Science
Dalhousie University - Halifax, Nova Scotia, Canada
Certifications
AWS Certified Cloud Practitioner
AWS
CISSP
ISC2
Skills
Libraries/APIs
Node.js, React
Tools
AWS IAM, AWS CloudFormation
Paradigms
DevSecOps, HIPAA Compliance
Platforms
Amazon Web Services (AWS), Google Cloud Platform (GCP), Azure
Storage
Database Security
Languages
Python
Other
Web Security, Compliance, SOC 2, HITRUST Certification, Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Cloud Security, Security Governance, Research, Identity & Access Management (IAM), Information Security Analysis, AWS Cloud Architecture, Security Analysis, Web Application Firewall (WAF), PCI DSS, Data Protection, Architecture, Security, Near-field Communication (NFC), Malware Analysis, Palo Alto Networks, Amazon CloudHSM, Mastercard, Security Research
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring