Summary
Overview
Work History
Education
Skills
Certification
Projects
Timeline
Generic
Abhishek Bhadauria (Military Veteran)

Abhishek Bhadauria (Military Veteran)

Andheri, Mumbai

Summary

Cyber & IT Risk strategist with 18+ years in Information Security (IS) domain in Govt (MoD) and BFSI Sectors. Successfully led Cyber Security Program implementation from basic to advanced level in IAF and sister services. Trusted advisor to board-level stakeholders on cyber risk, compliance, data protection, and cyber resilience. Expert in aligning security strategy with business objectives, regulatory landscapes, and emerging threats.

Proven ability to design and implement integrated risk frameworks, lead cross-functional teams and drive compliance with various standards / Frameworks (ISO 27001, NIST, HIPAA, SEBI CSCRF, NCIIPC NCRF etc). Recognised for delivering risk-aligned strategies that enable sustainable growthwithin high security military zone and BFSI sector.

Expertise in defining and implementing enterprise-wideGovernance, Risk and Compliance management (GRC) of Information Security in organisation by mapping the cybersecurity functions i.e. Govern, Identify, Protect, Detect, Respond & Recover to Cyber Resilience Goal i.e. Anticipate, Withstand, Contain, Respond & Recover to make organisation cyber resilient.

Establish a strong security governance framework, aligning it with business objectives and ensuring compliance with legal and regulatory requirements. Formulated infosecstrategies, Policies, Security Architecture, Endpoint Security Management, SIEM Management, Security Audits with regulatory compliance checks and induction of new technologies by RFPs with technical evaluations. Expert in designing and executing multi-year adversary simulation programs that align technical risk with business objectives.

Manage DFIR, Malware Analysis, Threat Intelligence (CTEMincluding BAS, ASM & CART), VAPT & Security testing of applications and cloud security. Lead teams in collaborating with stakeholders to meet collective security requirements and provide security capabilities, anticipate country specific insecurity and security disruption (e.g., life safety, business operations, reputation) with PSOs of IAF and lead discussions on developing strategies for mitigating risks and responding to residual risks.

Overview

19
19
years of professional experience
1
1
Certification

Work History

Senior Manager Information Security

MULTI COMMODITY EXCHANGE OF INDIA LTD.
Andheri (East)
07.2023 - Current
  • Built Information Security functions & program for People, Process & Technologies.
  • Developed and led the enterprise cybersecurity strategy, protecting assets across cloud, on-premises, and hybrid environments.
  • Successfully implemented and operationalised IS Governance, Risk & Compliance management program.
  • Managed data governance by classifying data and monitoring data flow, enhancing data security and privacy through comprehensive policies and technologies.
  • Ensure compliance to internal & global Cyber Security Regulatory requirements i.e. RBI, CERT-IN, NCIIPC, SEBI etc.
  • Experience of implementation of global cyber security frameworks i.e. ISO 27001:2022, NIST, MITRE ATT&CK etc.
  • Implemented regulatory guidelines and frameworks, including SEBI’s regulations, CSCRF, and NCIIPC NCRF frameworks.
  • Reduced cyber risk exposure by 45% through the implementation of Zero Trust principles and advanced threat detection capabilities.
  • Oversaw security operations and incident response, managing a 24/7 SOC and integrating threat intelligence to strengthen organizational defenses.
  • Reduced incident response time by 45% through streamlined SOAR playbooks and tools.
  • Evaluated the efficacy and return on investment of security technologies, including SOC, SIEM, DAM, PAM, WAF, NAC, SOAR, TIP, XDR, Anti-APT, Anti-DDoS solutions, NGFW, DLP, and DRM etc.
  • Leading the induction of new technologies i.e. DLP, DRM, NAC & CTEM solution (Continuous Threat Exposure Management including ASM, BAS & CART) from RFP managment, technical evaluations to induction till its implementation.
  • Memeber to various meetings i.e. ISWG, ISSC, SCT, Board meetings on cybersecurity posture, risk metrics, and major cyber incidents.
  • Responsible for helping the organisation to identify, prioritise and manage unexpected risks or exposures with Red Teaming and consume threat intelligence for threat hunting to map against MITRE ATT&CK adversary tactics, techniques, and procedures (TTPs), emulate those TTPs, report and analyze the results of the Red Team engagement, and ultimately improve the overall security posture of the organization.
  • Delivered company-wide BCP/DR strategy integrated with IT and business functions and always act as a business enabler by ptiching cyber security.
  • Developed internal vulnerability management and threat intelligence programs to proactively identify and mitigate security risks.

Chief Information Security Manager | Cert-IAF

INDIAN AIR FORCE
Delhi
01.2020 - 06.2023
  • Lead the GRC function, overseeing risk assessment, compliance monitoring, and governance activities for a highly militarised and MoD regulated service.
  • Advised MoD, National Security Agencies, regulatory agencies, and the Audit committee on strategies for cybersecurity risk identification, mitigation, and compliance.
  • Reviewed information/cyber security programs, detected security incidents, conducted security assessments, and mitigated incidents to closure across government organizations.
  • Heading the development & implementation of Cybersecurity policies, standards and procedures to ensure that all identified information security risks are managed under the military policy risk appetite.
  • Technically evaluate and Inducted the digital GRC Platform (Zeron, Make in India project) to streamline risk & compliance workflows and reporting.
  • By optimizing the Zeron, GRC tool, achieve the resilience by reducing residual risk by 30%.
  • Post induction of Zeron GRC tool, NSE and SEBI also on-boarded the Zeron in their ecosystem.
  • Leading the security incident response management with Digital Forensics (DFIR) by develop and maintain an effective incident management strategy, including the capability to detect, respond to, and recover from security incidents in a timely manner.
  • Leading teams of DFIR appx. 6 years to identify and observe IoCs, IoAs & attack vectors in order to generate accurate threat intelligence that can be used to detect current and future intrusions.
  • Monitoring major information security projects and the status of information security plans and budgets, establishing priorities, approving standards and procedures.
  • Developed and implemented security awareness and training program to ensure employees, contractors, and relevant parties understood their information security responsibilities.
  • Develop, implement, and maintain a business continuity and disaster recovery plan to ensure the organization's resilience in case of a security incident, natural disaster, or other disruption.
  • Evaluate and manage the third-party & vendor risk management with due diligence, SBOM, Supply Chain Risk Management with Zeron GRC tool and proper NDA and agreements.
  • Develop and implement a comprehensive security and privacy program, encompassing policies, procedures, standards, and controls to safeguard data and systems.
  • Conduct regular risk assessments to identify vulnerabilities and prioritize security initiatives.
  • Defined and executed quarterly business goals (QBRs) for security and privacy while collaborating with cross-functional teams.
  • Provides guidance to teams to design, implement, and monitor security controls to treat risks to infrastructure, business, people, and assets and then monitor the effectiveness of measures taken to modify risks.
  • Experience with auditing (11 Years) of critical information infrastructure i.e. CIIs, Data Centre, Cloud application and security, Special Communication units, external agencies (CERT-IN) and Conduct VAPT as per regulatory requirements of IAF units.

Chief SOC | SOC & Data Centre

INDIAN AIR FORCE
Shillong
09.2018 - 12.2020
  • Led SOC by proactively managing SIEM Qradar and overseeing all security incidents through IR process (detection and analysis, containment, eradication & recovery, and post-incident activities), threat hunting, VAPT of information assets, forensics, and malware analysis.
  • Managed Security Operations Centre (SOC) by investigating potential incidents, triaging, prioritizing, and coordinating detected incidents using SIEM tools like IBM Qradar and F-Secure, and overseeing patch management in client/server environments through Microsoft SCCM.
  • Fully automate the Security Incident Management process with the help of Palo Alto Xsoar by integrating all security tools.
  • Architected a National-Level SOC & Red Team Initiative: Designed the governance and execution framework for a nationwide cybersecurity monitoring program, overseeing the security posture of critical infrastructure operators.
  • Spearheaded Full-Chain Adversary Simulations: Led a team of 10+ specialists in simulating APT-level attacks against hybrid-cloud environments, resulting in the discovery and remediation of systemic architectural flaws.
  • Operationalized "Purple Teaming": Integrated offensive findings into automated detection engineering workflows, reducing the organization's average detection gap for lateral movement by 65%.
  • C-Suite Interface: Serve as the primary technical advisor for senior leadership, providing quarterly risk assessments and justifying multi-million dollar security investments based on simulated breach results.
  • Oversaw vulnerability assessment and penetration testing of software (in-house, COTS, open-source), conducting security testing of Windows, Linux, and mobile applications using SAST/DAST methods with tools like Coverity, Burpsuite, Kali, Netsparker, and CIS-CAT framework, including risk analyses.
  • Leading Teams for Vulnerability Assessment of IAF NCW Infrastructure including Data Centre, IDS, IPS, UTM, NGFW, NAC appliances Cisco ISE with tools i.e. Nessus, GFI LanGuard, Nipper, Nmap etc.
  • Driving MITRE ATT&CK framework integration with SIEM Qradar and Ensuring most of the ATT&CK techniques are covered through our business aligned implemented security controls i.e. Ensuring necessary SIEM rules are in place to trigger MITRE ATT&CK TTPs, EDR, BinAlyze rules.
  • Actively hunting adversaries using the XDR, SOAR TIP & third party threat intelligence like DSCI, IBM X-force, Cert-In, CSK, DSCI, EYCCC etc.
  • Implemented successfully Security Orchestration Automation and Response (SOAR) (implementation phase) to minimize the L1 and L2 response time to the security incidents to maintain the SLA effectively.
  • Managing the team to conduct Security assessment of application using Burpsuite, Coverity, Acunetix, Appscan, Mobisec etc.
  • Built the team of IR, Digital Forensics & Malware Analysts by enhancing their knowledge to carry out routine cyber & security operation and creating educational materials for teams, conducting security awareness workshops to build cyber aware IAF personals.

Chief Manager | Dte of Ops IW

INDIAN AIR FORCE
Delhi
05.2012 - 09.2018
  • Headed team to implement indigenous forensics lab, achieving ISO certification for IAF.
  • Led the team to conduct forensics on seized evidence and artifacts using FTK imager, Encase, and Cellebrite UFED.
  • Managed third-party/vendor risk in military operations, including oversight of foreign vendors from Russia, Israel, and the US.
  • Implemented Cyber Kill Chain process to track and mitigate adversaries, successfully containing phishing campaigns.
  • Support L2 & L3 SOC analysts for critical incident cases in Triaging, investigating, escalation and closing alerts and also focuses on advanced threat management and mentorship for Threat Hunting and Incident Response Management.
  • Implement the Malware Analysis LAB in IAF.
  • Participated in intelligence and counter-intelligence missions as an active military member.
  • Part of various Cyber Security offensive exercises internal (military operations) and external agencies (CERT-IN).

IT & IW Security Expert | Communication & IW

INDIAN AIR FORCE
Carnic
05.2010 - 04.2012
  • Managed and maintained critical IT infrastructure and flying assets, including operating systems, security tools, applications, servers, email systems, endpoints, and military flying communication security.
  • Handled business-critical flying IT operations and processes, supporting essential flying operations related to communications and data backup/storage.
  • Enable faster and smarter flying business operations with the help of accounted and operationally maintained IT assets in day-to-day flying plans and sorties.
  • Coordinated with internal teams and external vendors on project status and activities to enhance IT operations, ensuring optimal support for airborne equipment and operations.
  • Analyzed website traffic patterns and implemented changes based on user feedback to strengthen information security.

IT & IW Administrator | IT & IW

INDIAN AIR FORCE
Jammu
05.2007 - 04.2010
  • Maintained daily operations of desktop/laptop computers, servers, routers, switches, firewalls, printers, and IP phones to support overall IT infrastructure.
  • Managed the IT help desk and network teams to troubleshoot and identify root causes of reported incidents.
  • Managed maintenance and administration tasks for user/group management, security permissions, group policies, and print services, ensuring seamless operation of system components.
  • Perform routine and scheduled audits of all assets like endpoints, network devices and other IT assets.

Education

Master of Business Administration - Information Technology

SVSU
Meerut
03-2026

Master of Computer Applications - Computer And Information Systems

SVSU
Meerut
08-2021

Associate Degree in Science - Science

IGNOU
Delhi
10-2013

Skills

  • Security strategy
  • Cyber resilience strategy
  • Penetration testing
  • Digital forensics
  • Incident management
  • Incident response
  • Security audits
  • Compliance management
  • Risk compliance
  • VAPT management
  • Threat Intelligence
  • Cloud security
  • Application security
  • Secure SDLC
  • Cyber intelligence
  • Adversary simulation
  • Red & Blue Team Management
  • Security policies
  • Security metrics
  • Security Automation
  • Access management
  • Third-party risk
  • Vendor management
  • Supply Chain Management
  • IS Budget Management
  • Project management
  • Business continuity
  • Disaster recovery
  • Malware analysis
  • AI Governance
  • Cyber operations
  • DevSecOps Integration
  • Cyber awareness
  • Analytical Skills
  • Communication skills
  • Client management
  • Ransomware management
  • Adversary simulations
  • Zero trust
  • Adversary simulations

Certification

• CISM (Certified Information Security Manager-ISACA)
• CISA (Certified Information Systems Auditor-ISACA)
• OPSWAT ICIP, OECA, OFCA
• DFIR (Cyber Triage)
• Cyber Forensics (DFIR) - CDAC
• CEH & ENSA (EC-Council)
• ISO 27001:2022 Lead Implementer
• IBM Cyber Threat Intelligence
• AFnet (IAF Network) 2.0 upgradation
• Pen-testing, Incident Response, & Forensics
• Advanced Information Warfare
• Certified Network Security Professional (ICSI)
• Network Security Associate (Fortinet)
• Exercise Chakravyuh, Cyber Suraksha Tri-Services, etc.
• CompTIA Network +
• Microsoft Security, Compliance, & Identity SC-900
• Microsoft Azure Fundamentals AZ-900

Projects

  • Headed the vendor management, product evaluation, product induction and successfully product implementation of cybersecurity tools in MCX.
  • Implemented GRC Automation Tool (Zeron) to automate the Governance, Risk & Compliance in MCX.
  • Implementation of Forensics LAB, Malware LAB & Software Vulnerability and Evaluation LAB in IAF.
  • Implementation of Sandbox i.e. VMRay, IR solution lab i.e. BinAnalyze.
  • Key member for intelligence or counter-intelligence military operational mission.
  • Management of Multiple Cyber security audits and VA of internal and external sister services.

Timeline

Senior Manager Information Security

MULTI COMMODITY EXCHANGE OF INDIA LTD.
07.2023 - Current

Chief Information Security Manager | Cert-IAF

INDIAN AIR FORCE
01.2020 - 06.2023

Chief SOC | SOC & Data Centre

INDIAN AIR FORCE
09.2018 - 12.2020

Chief Manager | Dte of Ops IW

INDIAN AIR FORCE
05.2012 - 09.2018

IT & IW Security Expert | Communication & IW

INDIAN AIR FORCE
05.2010 - 04.2012

IT & IW Administrator | IT & IW

INDIAN AIR FORCE
05.2007 - 04.2010

Master of Business Administration - Information Technology

SVSU

Master of Computer Applications - Computer And Information Systems

SVSU

Associate Degree in Science - Science

IGNOU

Similar Profiles

  • Sanjay K GawariSanjay K Gawari

    Senior Manager Information Security at Financial Software & Systems Pvt. Ltd.Senior Manager Information Security at Financial Software & Systems Pvt. Ltd.

  • Kiran CKiran C

    SENIOR MANAGER INFORMATION SECURITY at Genpact India Pvt LtdSENIOR MANAGER INFORMATION SECURITY at Genpact India Pvt Ltd

  • Vishnu Vijayan VSVishnu Vijayan VS

    Chief Information Security Officer at Zilicon Technologies Pvt. Ltd.Chief Information Security Officer at Zilicon Technologies Pvt. Ltd.

  • Tyler NguyenTyler Nguyen

    Director, Information Security at Advance Auto PartsDirector, Information Security at Advance Auto Parts

CREATE PROFILE
Abhishek Bhadauria (Military Veteran)