Proven track record of designing effective defensive security programs for software & cyber security.
Strong experience in project management & building collaboration between different teams across the organization to drive teams & vendors to reach strategic and operational goals using application & infrastructure security assessment, vulnerability management, vulnerability remediation and security certifications programs.
Experienced in managing the creation and production of timely, accurate and informative business and IT metrics relating to cyber security risk initiatives; utilize metrics to prioritize key initiatives and response to negative trends
Strong experience in building collaboration with application/asset owners to understand and address (as appropriate) the risk position around key business applications; promote secure development lifecycle principles throughout all development processes in partnership with development team leaders.
Experienced in helping product teams to achieve compliance and security certifications, standards and guidelines i.e. BSSIM, OpenSAMM, PCI-DSS, FedRAMP, Common Criteria, NIST, MAS, RBI etc
Experienced in security architecture review, vulnerability assessment, penetration testing, security static code analysis, managing security issues in third party libraries, security report writing, security incident response.
Strong experience in evangelizing secure coding guidelines, best practices & corporate trainings on product security, secure coding, secure design principles & automated security QA testing.
Having good experience as speaker in security conferences, presented in security/technical summits in US, Canada, China, Singapore and India.
Tools: HP Fortify, HP Web Inspect Enterprise, IBM Appscan, Sonatype Nexus Lifecycle, Kali Linux, SDL Threat Modeling, Contrast IAST, Burp Suite Professional.
Chapter Leader of Null Singapore security community with 400+ members, organizing monthly security meetups in Singapore.
Chapter Leader for DevSecOps Singapore , an open community of DevOps and Security professionalsType your paragraph here.Type your paragraph here.
Advocating software security as culture
Secure Software Development Lifecycle Professional