Varun Om Khosla

ASPSecurityKit (ASK) enables developers to rapidly build secure web apps or APIs based on the zero-trust principle without security experience by automating several key checks. This proven framework secures a financial platform ISCP with more than 1.3 million accounts and over $13 billion in assets. While working on this project, I conducted the following:

• Conceptualized, architected, and led the entire development from version 1 to version 3 from scratch, including the core library, source packages, API docs, licensing infrastructure, and more.
• Wrote several articles, including all product docs, the zero-trust whitepaper, security guides, and the zero-trust thinking series.
• Implemented a unique UI-based NuGet tool to install source packages and generate trial or license keys.
• Cleverly used preprocessor directives in all types of files to reuse the same source code to build source packages targeting different frameworks and plans. Also, I wrote a guided source package builder.
• Wrote a guided NuGet package builder to build and deploy new test or production releases of the ASK library packages on NuGet, saving considerable time in testing and pushing new releases.

A team spread across the US, Europe, and India built it to provide modern APIs and portals for retirement planning/investment. It manages over 1.3 million investors' accounts and over $13 billion in financial assets. As the chief architect, I designed and implemented the security subsystem based on ASPSecurityKit. The features implemented include:

• Authentication, including schemes such as OAuth, Azure AD, and HMAC, and tokens, such as an API key, user sessions, feature tokens, and dynamic client tokens.
• Two-factor authentication (2FA) enforcement depending on user role and network-based exclusions.
• Granular record-level activity resource authorization and automatic output data filtering with reverse authorization.
• User verification and IP firewall for API keys and user sessions.
• Entity-hierarchy and rule-based suspension.

Additionally, I designed security monitoring features like activity tracking and suspicious access, dynamic developer docs for API reference, and articles based on the subscribed plan, user/team management, onboarding workflows, generic data caching, etc. Finally, I led the incident detection and response team, prepared reports of intrusion attempts, mentored the team, and wrote articles on security.

Developed as a SaaS for Indian healthcare practitioners, Gluco enables medical establishments of all sizes to efficiently manage walk-in and pre-booked appointments in a unified smart queue with real-time position changes delivered to patient mobiles and a smart digital display in the clinic. It also securely records and shares prescription data with colleagues and patients, powered by ASPSecurityKit, using an intuitive mobile app that works on an offline-first model.

I conceptualized, architected, and led the development from scratch while managing two senior developers and a QA, wrote the web services using ServiceStack and web front end as Angular SPA, and designed and implemented the granular, property-based sync framework based on a JSON format for prescription data at both web services and Xamarin mobile app. Additionally, I designed and implemented an efficient algorithm to sync patient queue positions to work across multiple devices, managing queues simultaneously at both web services and Xamarin mobile app, solved reliability issues with the mobile app SQLite, and implemented efficient auto-suggestion data miner and service back end by Azure Table storage. Finally, I wrote the narration scripts for the demo videos.

CloudAlarm provides budgeted pace and new resource creation-based alerts, which ensure much faster and clearer notification of the cloud consumption breaching the expected budget than what Azure cost management does, based on threshold consumption. Powered by ASPSecurityKit, CloudAlarm lets you set up and manage alarms for multiple Azure subscriptions, add team members, and give access to subscriptions to them securely and reliably.

I conceptualized and performed product management, including regular calls as needed with the team to ensure quality completion of the service on time and within budget. Also, I reviewed the alarm execution code and fixed issues related to scalability so that the service could scale efficiently for small to large workloads. Finally, I mentored the team and created marketing content, including the detailed service home page, FAQ documents, and demo video scripts.

Served as the core framework engineer in the team of 50+ professionals that built a platform for the Singapore Central Provident Fund (CPF), a government agency, to modernize the provident fund web platform for the citizens of Singapore.

I prepared the architecture in collaboration with a senior architect and single-handedly wrote the implementation of cross-cutting framework components, including DAL, caching, logging, and exceptions. I also created a single sign-on (SSO) security implementation based on federated STS with an attribute-based roles authorization model.

Built for Ernst & Young (E&Y), it leveraged the Affordable Care Act (ACA), known as Obamacare, in order to provide compliance services to its customers. The conceptual design for the E&Y ACA client repository enables E&Y to capture, structure, and organize client information, including employee payroll. As a back-end developer and tech lead, I:

• Provided technical mentorship and solutions to hard technical problems and promoted best practices within the team.
• Performed a security review and closed gaps in the implementation.
• Created generic change tracking and caching components.
• Developed multiple modules.