CISA | CISM | OSCP | CRTP | eCPPT | eWPTX | CEH
Meet Ciph3r00t
Hacker
Pentester
Security Engineer
ABOUT
Meet Ciph3r00t.
With over a decade of experience in cybersecurity, I lead a team of highly skilled security engineers at ServiceNow. Together, we ensure the security of the Enterprise AppStore ecosystem by identifying and mitigating cyber risks across various domains and technologies. My strong background in computer engineering and software development enables me to design and implement effective and innovative penetration testing strategies. My daily responsibilities include threat modeling, design reviews, code reviews, software composition analysis, and dynamic analysis to ensure comprehensive security throughout the software development lifecycle.
I hold several credentials that demonstrate my expertise in offensive security, including OSCP, CISM, CISA, eWPTX, CRTP, eCPPT, CEH, and an M.Tech in Computer Science and Engineering. With extensive experience in adversarial techniques, Red Teaming activities, network penetration testing, and enterprise security assessments, I have developed a deep understanding of the complexities of information security.
I have participated in and won numerous CTF challenges held at security conferences like MSRF BlueHatIndia, BlackHat Asia, and Nullcon. Furthermore, I play an active role as a speaker at the null Hyderabad chapter and have conducted security training sessions and workshops at prominent engineering colleges in Hyderabad, including CBIT and VJIT. My contributions to identifying and reporting security vulnerabilities have garnered recognition from esteemed organizations globally, including Apple, Microsoft, Google, SANS Institute, CERT-EU, Dell, SAP, Eset, Intel, LinkedIn, TrendMicro, Amazon, Blackberry, NASA, and the U.S. Department of Defense.
EXPERTISE
What I can do.
With extensive experience in Adversarial techniques, Red Teaming activities, and enterprise security assessments, I have developed a deep understanding of the complexities of information security.
-
Application Security
Application security involves securing software applications by identifying and mitigating vulnerabilities throughout their lifecycle. This includes static and dynamic testing (SAST and DAST), secure coding practices, integrating security in the software development lifecycle (SDLC), and conducting penetration tests to ensure applications are resilient against attacks.
-
Penetration Testing
Penetration testing simulates cyberattacks on systems, networks, or applications to identify and exploit vulnerabilities. This practice helps uncover security weaknesses before malicious actors do, covering various types such as network, web, mobile, and cloud penetration testing, to ensure comprehensive security.
-
Security Engineering
Security engineering focuses on designing and building secure systems and infrastructure, integrating security practices throughout the development lifecycle. It involves secure architecture design, threat modeling, policy development, security code reviews, and validation through various security tests to ensure systems are robust against threats from the ground up.
-
Cloud Security
Cloud security focuses on protecting data, applications, and services hosted in the cloud from cyber threats. It includes reviewing cloud configurations, conducting penetration tests, managing identities and access, ensuring data encryption and protection, and maintaining compliance with security standards and regulations.
-
Red Teaming Engagements
Red teaming involves advanced, persistent attack simulations by a team of ethical hackers to test the effectiveness of an organization’s security defenses. It includes adversary emulation, physical security testing, social engineering, and cyberattack simulations to evaluate and improve detection, response, and mitigation capabilities.
-
Vulnerability Management
Vulnerability management involves identifying, assessing, and mitigating security vulnerabilities in systems and applications. It includes vulnerability scanning, patch management, risk assessment, remediation, and continuous monitoring to ensure vulnerabilities are promptly addressed and risks minimized.
-
Risk Management
Risk management in cybersecurity entails identifying, assessing, prioritizing, and mitigating risks to minimize the impact of threats. This process includes risk assessments, implementing mitigation measures, deciding acceptable risks, transferring risks (e.g., through insurance), and continuously monitoring and reassessing risks to maintain an effective security posture.
-
Security Awareness Trainings
Security awareness training educates employees about security risks and best practices to reduce human error and increase vigilance. It involves phishing simulations, regular training sessions, policy education, updates on current threats, and reinforcing secure behaviors to ensure employees contribute to the organization’s overall security.
RESUME
Experience
My strong background in computer engineering and software development enables me to design and implement effective and innovative penetration testing strategies. My daily responsibilities include threat modeling, design reviews, code reviews, software composition analysis, and dynamic analysis to ensure comprehensive security throughout the software development lifecycle.
ServiceNow 2017-Present
Staff Security Engineer
Managing a team of security professional to secure Enterprise AppStore Ecosystem.
ZenQ 2014-2017
Senior Security Engineer
Ethically hacked various companies & delivered security projects.
Synack 2016-2021
Synack Red Team Member
Joined the Synack Red Team and began hunting on other platforms as well, such as bugcrowd and hackerone.
The Democratic News 2010-2014
Website Administrator
Managing digital assets of a news agency and published blog posts.
SKILLS
Skills I have collected
over the years and days.
PORTFOLIO
Security Research & Projects
View my recent security research.
CUSTOMERS
Acknowledgements
Click on the icons below to see the Hall of Fame entries for reporting security vulnerabilities.
CONTACT