A Decade
Experience
14+ years of cybersecurity leadership across enterprise security, offensive operations, and global compliance
Professional Experience
Director of Information Security & DevOps
Spearheading Red Team operations, penetration testing, and advanced adversarial simulations across global business units. Leading global DevOps & AWS cloud security initiatives including Graviton migration, infrastructure cost optimization, and zero-trust rollouts. Architected enterprise-wide Cloudflare Zero-Trust, WAF, and DNS security migration. Directed compliance programs across PCI DSS SAQ-D, SOC 2, ISO 27001, GDPR, DPDP Act, DORA, NIS2. Pioneered development of in-house cybersecurity SaaS platforms (CERTX, CYBWAREX, DARKX, PulseStack).
Director of RedTeam | Cyber Security
Leading offensive security, threat emulation, and vulnerability management initiatives across all SGC's business units. Spearheaded red teaming operations to identify and mitigate potential attack vectors. Managed diverse cybersecurity stack including Wazuh, CrowdStrike, Cloudflare Zero Trust, Ansible, AWS Security Tools, and custom n8n workflows. Built and mentored globally distributed Red Team and DevOps teams.
Chief Information Security Officer (vCISO)
Providing strategic cybersecurity leadership and governance. Implementing information security management frameworks and driving security certification programs.
Chapter Leader
Leading the CSA Uttarakhand Region chapter, promoting cloud security best practices and fostering cybersecurity community engagement.
Information Technology Analyst - Cyber Security
Worked with Phishlabs.id Team using confidential in-house AI/ML Security tools for detecting rogue mobile applications. Analyzed phishing and malicious websites globally. Performed initial investigations, identified attack vectors and mitigation tactics. Monitored and investigated network and system events to pre-emptively determine attacks.
Information Security Consultant
Delivered comprehensive cybersecurity training programs including C|EH, E|CSA, C|HFI, CAST, CND, CompTIA Security+, and ISTQB. Trained employees of top companies and major banks. Delivered specialized training in advanced penetration testing techniques and customized security solutions addressing industry-specific challenges.
Sr. Information Security Analyst
Conducted comprehensive penetration tests on web applications, networks, and computer systems. Performed data recovery and digital forensics using EnCase, FTK Imager, and Autopsy. Developed custom penetration testing tools. Conducted targeted social engineering campaigns and integrated business impact analysis into security strategies.
Chapter Leader
Led the OWASP Kumaun Region chapter, promoting application security awareness and best practices in the region.
Core Skills
Web Application Security Testing
Red Team Operations
Network Security Testing
Mobile Application Security Testing
API Security Testing
Cloud Security Assessment
Expertise Areas
Executive Security Leadership
C-level security strategy, board governance, and enterprise risk oversight. Aligning cybersecurity investments with business growth, M&A security due diligence, and executive stakeholder management.
Offensive Security & Red Team
Building and leading global offensive security programs. Adversary simulation, purple team exercises, breach and attack simulations, and continuous security validation at enterprise scale.
Global Compliance & Audit
Multi-jurisdiction compliance leadership (PCI DSS SAQ-D, SOC 2 Type II, ISO 27001/27002, GDPR, HIPAA, CCPA, DORA, NIS2). Third-party audits, regulatory examinations, and certification management.
Cloud & Zero-Trust Architecture
Enterprise cloud security transformation across AWS, Azure, GCP. Zero-trust implementation, SASE architecture, identity-centric security, and multi-cloud governance at scale.
Security Operations Center (SOC)
24/7 SOC design and optimization. SIEM/SOAR platforms (Splunk, QRadar, Sentinel), threat hunting programs, incident response orchestration, and security metrics/KPIs for executive reporting.
Security Culture & Team Building
Scaling security teams across geographies. Talent acquisition, security awareness programs, tabletop exercises, career development frameworks, and building security champions networks.
Certifications
AWS Security
AWS Certified Security - Specialty
Security+
CompTIA Security+
PMI-RMP
PMI Risk Management Professional
ISO 27001 LA
ISO 27001 Lead Auditor
ISO 27002 LA
ISO 27002 Lead Auditor
E|CSA
EC-Council Certified Security Analyst
CISA
Certified Information Systems Auditor
CNSS
Certified Network Security Specialist
OSCP
Offensive Security Certified Professional
C|EH
Certified Ethical Hacker
Featured Projects
Cyber MCPs
AI Security AutomationComprehensive collection of 80+ Model Context Protocol (MCP) servers for cybersecurity tools. Enables AI-powered security automation with integrations for Nmap, Nuclei, SQLMap, Burp Suite, and more. Production-ready servers for offensive security, vulnerability scanning, and threat intelligence.
RaptorX
ASM PlatformEnterprise Attack Surface Management (ASM) platform providing continuous security monitoring, vulnerability discovery, and risk assessment. Features automated asset discovery, real-time threat detection, and comprehensive security posture visualization for organizations.
APIHunter
Security PlatformProfessional API key validation and JWT security testing platform supporting 100+ SaaS providers. Self-hosted solution with automatic secret redaction, validation history tracking, and comprehensive security testing capabilities.
React2Shell Ultimate
Security ToolAdvanced React DevTools exploitation framework for penetration testing. Demonstrates security vulnerabilities in misconfigured React applications, enabling security researchers to identify and report React DevTools exposure in production environments.
OSINTX
OSINT ToolComprehensive Open Source Intelligence (OSINT) toolkit for security professionals. Automates reconnaissance, data gathering, and intelligence analysis from public sources. Features modular architecture for custom OSINT workflows and threat intelligence operations.
Media Coverage
Ready to Work Together?
I'm always interested in discussing new opportunities, consulting projects, or collaborations in cybersecurity.
