Drishti Agarwal
Cyber Security Consultant
Summary
Cyber Security Consultant with 5 years of experience, developing and implementing security solutions in fast-paced environments. Skilled in Security Reviews and Threat Modelling with proven history of delivering exceptional risk management support.
Overview
5
5
years of professional experience
6
6
years of post-secondary education
1
1
Certification
Work History
Senior Cyber Security Consultant
EY GDS
Gurugram
01.2022 - Current
- Providing Cybersecurity Consultancy, focusing on Strategy, Risk & Compliance with an expertise in Application security & Vulnerability assessments.
- Executing Threat Modelling to identify potential threats, threat actors, attack vectors with Asset and Security control identification practices along with the construction of data flow diagrams (DFDs).
- Conducting Dynamic Application and Static Application Security Testing through AppSec Tools & Manual analysis.
- Assisting in solution development and mitigation approaches in accordance with security frameworks. (OWASP, NIST CSF, CSA)
- Conducted Threat and Risk Assessments for Fintech sectors with the coverage of Open Banking, Cloud Infrastructure, API integrations,Digital Payment & Third Party related Systems.
- Building and Delivering threat landscape, threat mapping and security profiles for clients across APAC, EMEA, Americas region.
- Conducting Cyber Threat Exposure (Passive Reconnaissance) assessments on client's organizations/individuals and generating respective reports.
- Designing the IOT security framework and conducting maturity benchmarking assessments.
- Supporting competency leaders & PMs with Capability Pov, Presentations, Trainings & Go-To-Market activities.
Senior Information Security Analyst
FIS Global Business Solutions Pvt. Ltd.
Gurugram
04.2019 - 01.2022
- Completed Static and Dynamic Application Security Testing (SAST & DAST) for clients across the globe.
- Successfully performed Security Review for critical Banking Assets.
- Performed Threat Modeling and Architecture Analysis of applications with Vulnerability Risk Assessment (STRIDE, DREAD, CVSS).
- Handled manual code review on OWASP guidelines, maintained and delivered vulnerability reports with security mitigations.
- Assisted teams in understanding security issues, relevant risks and attack surfaces. Ensured Development teams to compliant with vulnerability management policy.
- Assisted product development and the operations teams to provide DevSecOps Practices and supported the applications with CI/CD solutions.
- Member of FIS Security Champions & Application Security Program, collaborated with clients/vendors across the enterprise.
- Deployed security architecture review program for various business units and Designed security checklist/standards throughout the SDLC stages.
- Managed project initiatives and the end-to-end Build/Release/Deployment process by coordinating production with various technology partners.
- Handled administrative tasks for various security tools (VeraCode, HP Fortify, Checkmarks).
Information Security Consultant
CyberQ Consulting Private Ltd
New Delhi
04.2018 - 04.2019
- Conducted Information Security Assessments for various government and non-government sectors.
- Completed Security Audit of web applications and delivered Vulnerability Assessment Reports.
- Have done the Security Audit of Quality server SAP application at Engineering Projects(India) Ltd.
- Experienced in Risk Analysis and proposing recommendations/mitigations for threats & vulnerabilities.
- Developed the application security standards and generated Security Review Reports. (OWASP & NIST)
- Assisted teams in understanding security industry standards and frameworks and ensuring clients/vendors to follow security procedures and policies.
Education
MBA - Information Technology
CDAC, Noida
08.2016 - 07.2018
Bachelors in Technology - Computer Science
Chandigarh Engineering College, Mohali
08.2012 - 07.2016
Skills
Vulnerability Assessment & Management
Threat Modelling - STRIDE, DREAD, PASTA, DFDs
Designing Security Controls/Checklist - OWASP, NIST, CSA
SAST & DAST - Veracode, Checkmarx, HP Fortify, Burp Suite, Qualys, Acunetix
Risk Management - CVSS, MITRE
Secure Software Development Life Cycle (Secure SDLC)
Security Reviews and Maturity Model Scoring
Secure Code Review & Patch Management
Threat Exposure and Mapping
Certification
Certified Ethical Hacker
Timeline
Senior Cyber Security Consultant
EY GDS
01.2022 - Current
Certified Ethical Hacker
10-2021
Senior Information Security Analyst
FIS Global Business Solutions Pvt. Ltd.
04.2019 - 01.2022
Information Security Consultant
CyberQ Consulting Private Ltd
04.2018 - 04.2019
MBA - Information Technology
CDAC, Noida
08.2016 - 07.2018
Bachelors in Technology - Computer Science
Chandigarh Engineering College, Mohali
08.2012 - 07.2016