SlideShare a Scribd company logo

Brief on my skill sets

Download as DOCX, PDF
Sharda S. Khati
Sharda S. Khati
1 of 1
Brief on my skill sets basedon work experience & personal development period: I have around eight years of ‘Software Tester’ , ‘QA Tester’ , ‘System Consultant’ testing experience for both web and client server application. I performed testing from some security prospective such as authentication & authorization, provisioning factors, ID proofing, access control mechanism and so. Most of the testing was executed from quality assurance & quality control perspective to support the risk management. Have knowledge on risk management framework and security compliance such as NIST publication, ISO, FIPS, FISMA, ITIL etc. I got an opportunity to work on BurpSuite for intrusion detection in few project. Now I am planning to merge my career into cyber security so did some training, participating to workshops both physical and virtual webinar session; please see the details in attached personal development worksheet. Now I know the following and looking for an opportunity to work:  Application & network threats & vulnerabilities  Security testing tools and techniques  Concept on OSI Reference Model and TCP/IP Stack  Common ports and protocols  Validation & verification of PCAP file  Create VM in VirtualBox to create security testing environment  Few computer forensics such as email header etc.  Check network configuration by using command line in windows and Kali Linux  Check network connectivity in Kali Linux  Concept of cryptography such as encryption, hashing (MD5), and digital signature for both symmetric & asymmetric cryptography  Connect to network analyzer tool i.e. Nessus, WireShark from Kali Linux  Have Security+ certification  One week training on CISSP (no certification)  Completed Cybersecurity Fundamental class.  Starting Network Fundamental class  Continuously attending different workshop and webinar such as competition practices on penetration testing, intrinsic security, vulnerability scanning and pen testing, webinar bootcamp on application security, citrix security strategy, bridging the gap between your security defenses and critical data, ethical hacking etc.  Recently elected for ‘Sergeant at Arms’ position for WSC ToastMaster

Recommended

Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteAntonio Fontes
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application FirewallChandrapal Badshah
 
Security Operations
Security OperationsSecurity Operations
Security Operationsankitmehta21
 
Microservices Security
Microservices SecurityMicroservices Security
Microservices SecurityAditi Anand
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewallsEnclaveSecurity
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Sophos Benelux
 
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45
 

Recommended

Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteAntonio Fontes
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application FirewallChandrapal Badshah
 
Security Operations
Security OperationsSecurity Operations
Security Operationsankitmehta21
 
Microservices Security
Microservices SecurityMicroservices Security
Microservices SecurityAditi Anand
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewallsEnclaveSecurity
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Sophos Benelux
 
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding PracticesThomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
QualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application FirewallQualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application FirewallRisk Analysis Consultants, s.r.o.
 
Application layer security protocol
Application layer security protocolApplication layer security protocol
Application layer security protocolKirti Ahirrao
 
Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?Najib Radzuan
 
A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkMark Jayson Fuentes
 
Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application FirewallPort80 Software
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations CenterAlert Logic
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark ShermanRinaldi Rampen
 
Intrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIntrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIOSR Journals
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWebsecurify
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationTjylen Veselyj
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewalldavidjohnrace
 
Php developer
Php developerPhp developer
Php developerErtugrul Akbas
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeDigital Defense Inc
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesSathyanarayana Panduranga
 
Gloriolesoft Consulting Security and Privacy Offering
Gloriolesoft Consulting Security and Privacy Offering Gloriolesoft Consulting Security and Privacy Offering
Gloriolesoft Consulting Security and Privacy Offering Debasis Chakraborty
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Alert Logic
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Jannis Kirschner
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Alert Logic
 
Profile-Arvind
Profile-ArvindProfile-Arvind
Profile-ArvindArvind Raaz
 
Arvind profile
Arvind profileArvind profile
Arvind profileArvind Raaz
 

More Related Content

What's hot

Application layer security protocol
Application layer security protocolApplication layer security protocol
Application layer security protocolKirti Ahirrao
 
Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?Najib Radzuan
 
A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkMark Jayson Fuentes
 
Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application FirewallPort80 Software
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations CenterAlert Logic
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark ShermanRinaldi Rampen
 
Intrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIntrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIOSR Journals
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWebsecurify
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationTjylen Veselyj
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewalldavidjohnrace
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeDigital Defense Inc
 
Gloriolesoft Consulting Security and Privacy Offering
Gloriolesoft Consulting Security and Privacy Offering Gloriolesoft Consulting Security and Privacy Offering
Gloriolesoft Consulting Security and Privacy Offering Debasis Chakraborty
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Alert Logic
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Jannis Kirschner
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Alert Logic
 

What's hot (20)

5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding Practices
 
QualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application FirewallQualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application Firewall
 
Application layer security protocol
Application layer security protocolApplication layer security protocol
Application layer security protocol
 
Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?
 
A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment framework
 
Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application Firewall
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations Center
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman
 
Intrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIntrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural Network
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security Toolkit
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combination
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewall
 
Php developer
Php developerPhp developer
Php developer
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Gloriolesoft Consulting Security and Privacy Offering
Gloriolesoft Consulting Security and Privacy Offering Gloriolesoft Consulting Security and Privacy Offering
Gloriolesoft Consulting Security and Privacy Offering
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)
 

Similar to Brief on my skill sets

Software Security Certification
Software Security CertificationSoftware Security Certification
Software Security CertificationVskills
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCSuman Sourav
 
Skills For Career In Security
Skills For Career In SecuritySkills For Career In Security
Skills For Career In SecurityPrasanna V
 
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”Moshiul Islam, CISSP, CISA, CFE
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product SecuritySoftServe
 
Secure Application Development Training
Secure Application Development TrainingSecure Application Development Training
Secure Application Development Trainingpivotalsecurity
 
Prabhu Resume
Prabhu ResumePrabhu Resume
Prabhu ResumePrabhu P
 
Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Tech
 
Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security CertificationVskills
 
Building Security Controls around Attack Models
Building Security Controls around Attack ModelsBuilding Security Controls around Attack Models
Building Security Controls around Attack ModelsSeniorStoryteller
 
ADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfCert Hippo
 
Nachaat Mohamed resume
Nachaat Mohamed resumeNachaat Mohamed resume
Nachaat Mohamed resumeNachaat
 
Gaurav security profile_5_years_experience
Gaurav security profile_5_years_experienceGaurav security profile_5_years_experience
Gaurav security profile_5_years_experiencegaurav sharma
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itSecurity BSides London
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
 

Similar to Brief on my skill sets (20)

Profile-Arvind
Profile-ArvindProfile-Arvind
Profile-Arvind
 
Arvind profile
Arvind profileArvind profile
Arvind profile
 
Software Security Certification
Software Security CertificationSoftware Security Certification
Software Security Certification
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the Cloud
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLC
 
Skills For Career In Security
Skills For Career In SecuritySkills For Career In Security
Skills For Career In Security
 
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product Security
 
Secure Application Development Training
Secure Application Development TrainingSecure Application Development Training
Secure Application Development Training
 
Prabhu Resume
Prabhu ResumePrabhu Resume
Prabhu Resume
 
Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst
 
Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security Certification
 
Building Security Controls around Attack Models
Building Security Controls around Attack ModelsBuilding Security Controls around Attack Models
Building Security Controls around Attack Models
 
ADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdf
 
MyResume.pdf
MyResume.pdfMyResume.pdf
MyResume.pdf
 
Nachaat Mohamed resume
Nachaat Mohamed resumeNachaat Mohamed resume
Nachaat Mohamed resume
 
Gaurav security profile_5_years_experience
Gaurav security profile_5_years_experienceGaurav security profile_5_years_experience
Gaurav security profile_5_years_experience
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 

Brief on my skill sets

  • 1. Brief on my skill sets basedon work experience & personal development period: I have around eight years of ‘Software Tester’ , ‘QA Tester’ , ‘System Consultant’ testing experience for both web and client server application. I performed testing from some security prospective such as authentication & authorization, provisioning factors, ID proofing, access control mechanism and so. Most of the testing was executed from quality assurance & quality control perspective to support the risk management. Have knowledge on risk management framework and security compliance such as NIST publication, ISO, FIPS, FISMA, ITIL etc. I got an opportunity to work on BurpSuite for intrusion detection in few project. Now I am planning to merge my career into cyber security so did some training, participating to workshops both physical and virtual webinar session; please see the details in attached personal development worksheet. Now I know the following and looking for an opportunity to work:  Application & network threats & vulnerabilities  Security testing tools and techniques  Concept on OSI Reference Model and TCP/IP Stack  Common ports and protocols  Validation & verification of PCAP file  Create VM in VirtualBox to create security testing environment  Few computer forensics such as email header etc.  Check network configuration by using command line in windows and Kali Linux  Check network connectivity in Kali Linux  Concept of cryptography such as encryption, hashing (MD5), and digital signature for both symmetric & asymmetric cryptography  Connect to network analyzer tool i.e. Nessus, WireShark from Kali Linux  Have Security+ certification  One week training on CISSP (no certification)  Completed Cybersecurity Fundamental class.  Starting Network Fundamental class  Continuously attending different workshop and webinar such as competition practices on penetration testing, intrinsic security, vulnerability scanning and pen testing, webinar bootcamp on application security, citrix security strategy, bridging the gap between your security defenses and critical data, ethical hacking etc.  Recently elected for ‘Sergeant at Arms’ position for WSC ToastMaster