• Proven track record of designing effective defensive security programs for software & cyber security.

  • Strong experience in project management & building collaboration between different teams across the organization to drive teams & vendors to reach strategic and operational goals using application & infrastructure security assessment, vulnerability management, vulnerability remediation and security certifications programs.

  • Experienced in managing the creation and production of timely, accurate and informative business and IT metrics relating to cyber security risk initiatives; utilize metrics to prioritize key initiatives and response to negative trends

  • Strong experience in building collaboration with application/asset owners to understand and address (as appropriate) the risk position around key business applications; promote secure development lifecycle principles throughout all development processes in partnership with development team leaders.

  • Experienced in helping product teams to achieve compliance and security certifications, standards and guidelines i.e. BSSIM, OpenSAMM, PCI-DSS, FedRAMP, Common Criteria, NIST, MAS, RBI etc

  • Experienced in security architecture review, vulnerability assessment, penetration testing, security static code analysis, managing security issues in third party libraries, security report writing, security incident response.  

  • Strong experience in evangelizing secure coding guidelines, best practices & corporate trainings on product security, secure coding, secure design principles & automated security QA testing.

  • Having good experience as speaker in security conferences, presented in security/technical summits in US, Canada, China, Singapore and India.

  • Tools: HP Fortify, HP Web Inspect Enterprise, IBM Appscan, Sonatype Nexus Lifecycle, Kali Linux, SDL Threat Modeling, Contrast IAST, Burp Suite Professional.

  • Chapter Leader of Null Singapore security community with 400+ members, organizing monthly security meetups in Singapore.

  • Chapter Leader for DevSecOps Singapore , an open community of DevOps and Security professionalsType your paragraph here.Type your paragraph here.

Advocating software security as culture 

Suman Sourav

Secure Software Development Lifecycle Professional