SuryaPrasad TH

• Act as Subject Matter Expert, Serving as an Advisor for Cybersecurity Projects and Topics, Provide Guidance, Coaching and Expertise to help the Teams Design and Implement Cyber Secure Solutions.
• Technology Evangelist for Organization wide System and Product Security initiatives alongside establishing Governance, Risk and Compliance Objectives for Business Sustainability.
• Ensuring Product Development Teams abide with Risk- driven Cyber Security solutions by adopting Secure SDLC and Continuance.
• Perform Feature reviews from the Security perspective and Build, Analyze and Review Threat Models.
• Validate findings from Security Scanning tools and ideate data-driven enhancement strategies for Dynamic (DAST), static (SAST), Open-Source Application Security Testing (SCA) and Continuous process improvement.
• Provision guidance as a Security consultant on New Technology Implementations, feature enhancements and New Product Initiatives.
• Collaborate with Marketing and Product Departments for Specification and Definition of Secure Requirements alongside with Secure architectural patterns for the functional features.
• Participate and Contribute to the Organization wide Global Product Cybersecurity Architecture Committee.

• Audit Crestron Products to identify Vulnerabilities,risks and application of standard practices for hardening.
• Understand Features, participate in Security requirement reviews.
• Write Security Test Plans for the Products based on their features.
• Perform Manual Penetration Testing of Thick Client Applications, Web Application Interface of Devices and APIs based on defined Test Plans.
• Present Security reports to Senior Management post completion of Security Audits.

• Have been a Member of the Schneider Digital Governance & Certification Team, I was responsible for the Application Security for various applications that are being used across the globe in the organization and make sure that the vulnerabilities present in them are remediated.
• Acted as a Security Advisor for Driving Cybersecurity activities (Threat Modeling, Providing Security Requirements, SAST,DAST, SCA) and making sure that the Product is Cybersafe and Robust for Final Product Security Signoff Product Security Office by Secure SDLC Practice.
• Performing Web Application, APIs, Thick Client Application Security Assessments of the Schneider Internal Applications and Digital Offers as a part of Certification Activity in the Governance Team.
• Performing Security Scans for the Infrastructure using Nexpose and Nessus.
• Conducting Manual Vulnerability Assessment and Penetration Testing for the Web Applications and APIs using Burp Suite Professional.
• Performing Security scans for the Web Applications and few APIs using Burp Suite Professional.
• Conducted Manual Vulnerability Assessment for Schneider developed Thick clients for its Manufacturing Plants.
• Reporting the Vulnerabilities identified in the Security Assessments to the Digital Product Teams and revalidating the issues reported once the developers fix the issues.
• Providing Sign off for the assessment once all the issues are remediated as a part of certification.
• Leading Junior resources for the execution of VAPT tasks.
• Implemented many process Enhancements in the Security Assessment Area and have played a key role for Automation of the Report Generation for the VAPT Assessments.

Responsibilities -includes additional responsibilities and Activities : Additional Responsibilities : Management

• Performing Web Application and API Security Assessments on IBM Hybrid cloud and Non- Hybrid Cloud Products .
• Performing Security Scans for the Web Applications and APIs using Burp Suite Professional and IBM Appscan Standard Edition.
• Conducting Manual Vulnerability Assessment and Penetration Testing for the Web Applications and APIs using Burp Suite Professional.
• Reporting the Vulnerabilities identified in the Security Assessments to the Product Teams and revalidating the issues reported once the developers to fix the issue.
• Engaging 3rd Party Pentesting Vendor for some of the IBM Products to be Pentested.
• Selection of 3rd Party Vendors for the Pentesting engagement .
• Signing the Statement of Work between the CISO team and 3rd Party Pentesting Vendors.
• Tracking of Projects that was executed and needs to be executed by the 3rd Party Pentesting Vendors,
• Being the SPOC for some of the Product Teams and 3rd Party Vendors to provide the required data for Pentesting and engage them.
• Report review of the Penetration Test from the 3rd Party Vendors and recommend the product team to the vulnerabilities

• Perform Manual Web Application Security Assessments for the Clients, after onboarding different brands of products in their various websites present across the globe using Burp Suite Professional.
• Performing Security Scans for the Web Applications using Acunetix v11, IBM Appscan Standard.
• Performing Infrastructure Scans for various Servers set across the globe using Nessus, Qualysguard and Nmap.
• Conduct Manual Verification of the Infrastructure Security Assessment and perform Penetration Test of the same using Nmap, Metasploit Framework and tools present in Kali Linux.
• Reporting the Vulnerabilities identified in the Security Assessments to the client and raising the tickets against the same in the issue tracker for the developers to fix.
• Interacting with the client for the issues to be fixed and discussion about upcoming security measures to be implemented for the same.
• Pentest Report review of fellow team members.
• Tracking all activities performed, by setting clear deadlines and trying to ensure the same are met.