This document contains a resume for Devasis Kumar Mahato. It summarizes his work experience and qualifications. He has over 4 years of experience in information security and SIEM, currently working as a Team Lead for SOC Services at Paladion Networks in Bangalore, India. In this role, he performs security monitoring, incident response, and ArcSight administration. Previously he has also worked on security projects for several banks, enterprises, and other organizations. He holds technical certifications in CCNA and ArcSight administration.
Securing DevOps through Privileged Access ManagementBeyondTrust
In this presentation from the webinar of Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,get an overview of how privileged access management can help balance DevOps’ need for agility and speed with IT security’s need for visibility, access management, and compliance.
Key use cases covered include:
• Network Segmentation: Grouping assets, including application and resource servers, into logical units that do not trust one another
• Enforcing Appropriate Use of Credentials: IT organizations can leverage these controls to limit lateral movement in the case of a compromise and to provide a secure audit trail
• Elimination of Hard-Coded Passwords: Removing hardcoded passwords in DevOps tool configurations, build scripts, code files, test builds, production builds, etc.
You can watch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/securing-devops-privileged-access-management/
This webinar describes how you can manage the risk of privileged accounts being compromised, creating a breach of sensitive data or other assets in your organization, through privileged access management, or PAM. PAM can reduce risks by hardening your environment in ways no other solution can, but is challenging to deploy. This webinar provides an unbiased perspective on PAM capabilities, lessons learned and deployment challenges, distilling the good practices you need to be successful. It covers:
- PAM definitions, core features and specific security and compliance drivers
- The PAM market landscape and major vendors
- How to integrate PAM with identity management, service ticketing and monitoring
- Avoiding availability and performance issues
Securing DevOps through Privileged Access ManagementBeyondTrust
In this presentation from the webinar of Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,get an overview of how privileged access management can help balance DevOps’ need for agility and speed with IT security’s need for visibility, access management, and compliance.
Key use cases covered include:
• Network Segmentation: Grouping assets, including application and resource servers, into logical units that do not trust one another
• Enforcing Appropriate Use of Credentials: IT organizations can leverage these controls to limit lateral movement in the case of a compromise and to provide a secure audit trail
• Elimination of Hard-Coded Passwords: Removing hardcoded passwords in DevOps tool configurations, build scripts, code files, test builds, production builds, etc.
You can watch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/securing-devops-privileged-access-management/
This webinar describes how you can manage the risk of privileged accounts being compromised, creating a breach of sensitive data or other assets in your organization, through privileged access management, or PAM. PAM can reduce risks by hardening your environment in ways no other solution can, but is challenging to deploy. This webinar provides an unbiased perspective on PAM capabilities, lessons learned and deployment challenges, distilling the good practices you need to be successful. It covers:
- PAM definitions, core features and specific security and compliance drivers
- The PAM market landscape and major vendors
- How to integrate PAM with identity management, service ticketing and monitoring
- Avoiding availability and performance issues
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
In this presentation from his highly popular webinar, Windows security expert, Russell Smith, explains how to effectively administer Windows systems without using privileged domain accounts, enabling you to drastically reduce your organization’s threat surface.
CyberArk Training shows account security solutions which protect most critical assets. Best CyberArk AIM Online Training gives versions 9.7,9.8 by experts
SCADA and HMI Security in InduSoft Web StudioAVEVA
In this security focused webinar, we will learn from InduSoft experts how to protect systems against cybersecurity threats, and we’ll have an opportunity to learn more from IT experts at Capstone Works about how to protect networks from both internal and external threats to security.
Every IT asset has at least one local, privileged login account. This includes workstations, servers, network devices, databases, applications and more. Some assets also have privileged accounts used to run services or authenticate one application to another.
Passwords for privileged accounts are used to install software, manage the device and perform technical support functions. They are often “all powerful,” having unlimited access to system functions and data. Consequently, compromise of privileged passwords is effectively compromise of the device.
Secure management of access to privileged accounts is essential to IT security. This document identifies technical challenges and offers solutions for effectively managing large numbers of sensitive passwords.
How to Build Security and Risk Management into Agile Environmentsdanb02
Many organizations have adopted the agile methodology for software development and/or moved to DevOps IT support models, micro-services, containers, and the like. Often, these practices leave Information security pros tearing their hair out for lack of assurance and verification processes, or an absence of separation of duty. Insisting on traditional waterfall-based security processes may not be an option. As one security engineering staff member put it, “Business developers come to central IT asking for solutions to a problem and are told it will take 6 months. Then its late. They won’t be back.”
Risk management should be front and center in security. However, risk management is also a challenge in the iterative agile environment – especially for a number of companies that use agile project management for most or all projects, even outside development. a challenge in the agile environment. In this presentation, Blum will address:
1) Challenges of implementing security and risk management in agile or DevOps models
2) Good practices for embedding security services in the pipeline
3) Developing an agile risk management framework
Introduction to the business challenges of securely managing access to privileged accounts and the technical processes built into Privileged Access Manager to secure access to administrator, service and application-to-application IDs.
This resume is one of 3-4 that gives the reader insight into my skills and experience in the "security" sector of Information Technology.
Note: The titles may vary but it's all relative
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017Micro Focus
The cyber threats facing businesses today are
constantly evolving. They are being perpetrated
by highly skilled, well-organized and well-funded
groups.
In this session we’ll take a look at
some of these threats, and how you can
mitigate your risks.
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
In this presentation from his highly popular webinar, Windows security expert, Russell Smith, explains how to effectively administer Windows systems without using privileged domain accounts, enabling you to drastically reduce your organization’s threat surface.
CyberArk Training shows account security solutions which protect most critical assets. Best CyberArk AIM Online Training gives versions 9.7,9.8 by experts
SCADA and HMI Security in InduSoft Web StudioAVEVA
In this security focused webinar, we will learn from InduSoft experts how to protect systems against cybersecurity threats, and we’ll have an opportunity to learn more from IT experts at Capstone Works about how to protect networks from both internal and external threats to security.
Every IT asset has at least one local, privileged login account. This includes workstations, servers, network devices, databases, applications and more. Some assets also have privileged accounts used to run services or authenticate one application to another.
Passwords for privileged accounts are used to install software, manage the device and perform technical support functions. They are often “all powerful,” having unlimited access to system functions and data. Consequently, compromise of privileged passwords is effectively compromise of the device.
Secure management of access to privileged accounts is essential to IT security. This document identifies technical challenges and offers solutions for effectively managing large numbers of sensitive passwords.
How to Build Security and Risk Management into Agile Environmentsdanb02
Many organizations have adopted the agile methodology for software development and/or moved to DevOps IT support models, micro-services, containers, and the like. Often, these practices leave Information security pros tearing their hair out for lack of assurance and verification processes, or an absence of separation of duty. Insisting on traditional waterfall-based security processes may not be an option. As one security engineering staff member put it, “Business developers come to central IT asking for solutions to a problem and are told it will take 6 months. Then its late. They won’t be back.”
Risk management should be front and center in security. However, risk management is also a challenge in the iterative agile environment – especially for a number of companies that use agile project management for most or all projects, even outside development. a challenge in the agile environment. In this presentation, Blum will address:
1) Challenges of implementing security and risk management in agile or DevOps models
2) Good practices for embedding security services in the pipeline
3) Developing an agile risk management framework
Introduction to the business challenges of securely managing access to privileged accounts and the technical processes built into Privileged Access Manager to secure access to administrator, service and application-to-application IDs.
This resume is one of 3-4 that gives the reader insight into my skills and experience in the "security" sector of Information Technology.
Note: The titles may vary but it's all relative
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017Micro Focus
The cyber threats facing businesses today are
constantly evolving. They are being perpetrated
by highly skilled, well-organized and well-funded
groups.
In this session we’ll take a look at
some of these threats, and how you can
mitigate your risks.
IT Professional Expertise in SailPoint Identity IQ, IdentityNow, Identity Management, Identity Access Management, Identity Access Governance, Role Bases Access Management, Life Cycle Manager, Work Flow, Separaton Of Duties, Application On-boarding, Writing Custom Connector, Workflow, Certification, Rules, Policy, Implementing Business Requirement. worked on Different Silpoint Connectors like AD, Databases, Lotus Notes, SAP GRC, Mainframe (RACF, ACF2, TopSecret)
Providing a Flexible Approach to the Inflexible World of Information Security...gemmarie1
A short presentation on a new, unique approach to Information Security Managed Services.
PragmaticDefence utilise all existing internal resources, to provide as much or as little you need to remain secure.
1. DEVASIS KUMAR MAHATO
DOB: 01- July - 1987
Present Address:- #472, K- Main, VysyaBankColony,ShantiniketanLayout, Arekere,Bangalore- 560076
Phone No:- +91-8792223686,8095615064
Email:- devasiskrmahato@gmail.com
Profile Summary:-
A total of 4+ years of experience in Information Security & SIEM. Team Lead –SOC Services with experience of
strong technical knowledge in technology, process analysisand review.
Perform real-time investigation, analysis of event using SIEM tools (ArcSight) of Network Security Components and
device such as IPS, Firewalls, Web Application Firewall, Operating Systems like Windows and UNIX, Databases and
other Devices.
Investigation of threats and real time attacks.
Possess Knowledge on Log Baselines and understanding of how and where logs will be generated and stored for
different Application and Devices.
Organisation: PALADION NETWORKS, Bangalore(November 12th
, 2012 –Till Date)
India’s oneof the top leadingcompany providingfull servicemanaged Information and network security on a global scale.
Paladion Networks expertise extends over Banking-Finance-Insurance,IT,IT and Consulting,Telecommunications,Research
& Development.
Designation: Team Lead-SOC Services / SIEM ArcSight Admin– Level 2
Job Profile:
• 4+ years of SIEMexperience on ArcSight andSecuritymonitoring usingArcSight.
• Understanding of ArcSight ESM Product component which collect, process, model, prioritize, correlate, monitor, and analysis
enterprise generatedevents.
• Good understanding of phases of ArcSight ESM event life cycle and describe the functional processing which occurs during
each phase. Navigate the ArcSight console to effectively correlate, investigate, analysis and remediate both exposed and
obscure vulnerabilitiesto give situational awareness and real time incident response.
• Check systemhealthof ArcSight ESM, Logger andConnectors, Checkbackups andlogarchival status
• Collecting, analysing and preserving the evidence related to incidents . Log analysis, SIEM log analysis utilizing Enterprise
Products. Writingreports onincidents anddeliver them to Businessand other stakeholders.
• Creation of rules, Active List, Dashboard, active channels based on the customer requirements. Creation of reports, queries
and filter for the events that are generated in ArcSight Console. Ensure applicationavailability andSLA adherence
• Developandconfigure SIEMreports (i.e. dashboards includingdaily, weeklyandmonthlyreports) .
• Troubleshoot ArcSight Components (Connectors, ESM, andlogger).
• Reviewsecurity-relatedevents, assessing risk andvalidity, as well as reporting
• Assist, co-ordinate with the Manager on performinga risk reviewof the dailysecurityrequests that come from the business
• Assist, co-ordinate with the Security Incident Handling Team (onsite projects team) in providing assistance during
investigation.
• Interact with the process owners to understandthe nature ofbusiness, the controlsandpossible risk.
• On-Call Support function (responding to incidents offregular working hours andweekends/holidays)
• Potential to bring any possible security threats or violation of Security Policy to the notice of the Information Security
Manager.
• Act as a Subject Matter Expert and mentor/coach to other, less experienced team members; utilizing knowledge and
experience to quicklyresolve issuesand addressrisks ofa veryvolatile nature.
2. Academic Qualifications
Graduation and
Post Graduation
Passed (BCA-MCA Integrated programme) in year 2011 from IGNOU with (BCA-62%and MCA-
60%)
Class XII Passed Class XII(Science) from Kendriya Vidhyalaya,Chakradharpur (CBSE) in 2005with 58.2%.
Class X Passed Class X (ICSE) in year 2003 from S.E.Rly E/M School,Chakradharpur (I.C.S.E) with 71.3%
Certification
CCNA (R/S) Certified. CSCO12177242
ArcSight Admin+Analyst (HP0-A116)
Work EXPERIENCE
Security Analyst – SOC Services(Paladion Networks –November 2012 – Till Date)
# Client Project Role Details
Client 1,
Client 2
One of the Top5 banks
of Belgium , Paladion
|MSSP
Bank, MSSP Security
Analyst
Reviewsecurityrelatedevents, assessing risk and
validity, as well as reporting.
Handling Hotline calls/mails, Policy violation, IPS, ASA
and other securityincidents.
Creating an incident ticket, Analyzing, Managing and
tracking security incidents to closure by coordinating
with different teams.
Investigatingattacks/alerts ondifferent devices.
Correlationof events as per the attach methodology.
Analyzing IPS, IDS alerts and suggesting corrections to
minimize false positives
Building content in ArcSight, Fine tuning correlation
rules.
Performing trendanalysisandsuggest improvement to
securityaspect.
Prepare and publishmanagement reports
Troubleshooting connectors, Implementation and
connector Integration.
Managinghealthof ArcSight Infrastructure.
Gap assessment ofcontent developedandfine tuning.
Client 3 ,
Client 4,
Client 5,
Client 6,
Client 7,
Client 8,
Client 9,
Client 10
(A Bank inRiyad, KSA),
(A bank inQatar),
(A Resort andCasinoOf
Las Vegas),
(An ISPof UAE),
(A Govt Bank of Qatar),
(An Enterprise of
Malaysia),
(A leading Private Bank
of India),
(A retail groupof Dubai
havingstores in India)
Security
Operations
Team Lead
and
ArcSight
Admin
Creating an incident ticket, Analyzing, Managing and tracking
security incidents to closure by coordinating with different
teams.
Analyzing IPS, IDS alerts and suggesting corrections to
minimize false positives.
Analyzing the correlatedevents over the network.
Performing trend analysis and suggest improvement to
securityaspect.
Writing reports on incidents and deliver them to Business and
other stakeholder.
Understanding of ArcSight ESM product component which
collect, process, model, prioritize, correlate, monitor, and
analysis enterprise generate events.
Buildingcontent inArcSight, Fine tuningcorrelation rules
Prepare and publishmanagement reports
Managingmultiple teams at the same time.
Client 11 A leadingBank of KSA
(Onsite)
Security
Operations
ArcSight
Admin
Understanding of ArcSight ESM product component which
collect, process, model, prioritize, correlate, monitor, and
analysis enterprise generate events.
Buildingcontent inArcSight, Fine tuningcorrelation rules
Prepare and publishmanagement reports.
3. ITIL
Awards and Recognitions
Received Paladion Champ Award twice in 2015 and 2016.
I hereby declare that all the above information is true and if necessary additional proof will be
provided.
Date:
Place: Bangalore Devasis Kumar Mahato