Mahesh Dare

Over 20 years of diversified IT experience in various security, architecture, networking, governance and cloud security positions. Proven and extensive hands on experience designing, engineering, and maintaining enterprise level security architectures for Fortune 500 companies.

Strong background in Cloud Security, Cyber Security, Risk and Governance System, Security Architecture, Vulnerability assessments, Penetration testing, Industry/government compliance, integration and network security.

Watchful professional offering comprehensive, hands-on experience identifying, investigating, and responding to information security alerts. Expertise in searching through data-sets to detect threats and anomalies and administering metrics to maintain security processes and controls.

Provide Cyber Security, Architectural & Governance guidance to multiple teams for areas like Threat Modeling, Security Guidelines, Secure Coding Practices, Technology Stack Selection, BCP, Drills, Threat Intelligence, Cloud Security, Security Qualification Support & Various Training Sessions

• Research and track new exploits and Cyber threats and interact with the Cyber Security community to obtain technical threat intelligence
• Experience with a Security Information and Event Monitoring (SIEM) and Big Data Analytics platform performing log collection, analysis, correlation, and alerting
• Expert understanding of Security design and architecture, Active Directory/LDAP, and computer virtualization
• Designed and Implemented Cloud Enterprise Policy framework based on NIST CSF, Zero Trust and CIS benchmarks and standards
• Has done Extensive research to build upon the existing work around the security of cloud-based ML/DL methods and present a broad overview of the existing state-of-the-art literature related to MLaaS and cloud-hosted ML services.
• POC on Cloud Autonomics SOAR (AI/ML) using a Virtual environment self￾protecting architecture for cloud infrastructures which is policy-based, and regulates security at two levels, both within and across infrastructure layers
• Implemented Cloud and Technology Governance Model with Agile software development, Continuous integration, Continuous delivery pipelines, Automated and continuous testing, Proactive monitoring and Improved communication and collaboration
• Coordinate the firm's vulnerability management program and implement and ensure compliance with the organization's compliance policies and procedures
• Uphold the compliance risk-based framework by identifying and assessing the effectiveness of controls in place via engagement with management and, where necessary, develop actions plans to address control deficiencies or gaps identified
• Performed Platform access audit of SLB all Cloud and Colo Platforms
• Report the levels of IT compliance risk and control effectiveness to key stakeholders such as IT-operating area management, senior management. Serve as trusted advisor to key business and technology partners - Head of Cloud, CISO, Head of DevOps, Head of Risk, Innovation Dev Teams
• Subject Matter Expert (SME) for advanced Tactics, Techniques, and Procedures (TTPs) within designated Area of Responsibilities (AORs) and provide foreign threat assessments identifying capabilities and intentions
• Threat modeling systems and architectures - MITRE ATT&CK, Cyber Kill Chain
• I have been sharing extensive knowledge on IAM (Identity Access Management) with products SIEM tools like QRADAR, GCP, AZURE, and EDR's like Carbon Black, and many more.
• Successful implementation of Automations of OWASP ZAP replacement for HCL App Scan
• Developed QP Dashboard Automation For Network, Cloud, Data and Cyber Security
• Developed single dashboard view for Vulnerability Assessment, SSL Grading & QP Status
• Provide Governance and guidance for the application security and enterprise architecture
• Subject Matter Expert (SME) for advanced Tactics, Techniques, and Procedures (TTPs) within designated Area of Responsibilities (AORs) and provide foreign threat assessments identifying capabilities and intentions
• Successfully set up the practice of Quality governance and ensured other clients also adopt and implement it

• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• REST APIs Security Assessment
• SSL Site Headers
• Malware Analysis
• Open-Source Licensing & Vulnerabilities
• Network Scan
• Cloud Security IAM
• Container Security
• Ransomware Recovery
• Secret Management
• Penetration Testing Audit
• Risk Management, Identity Management
• Cloud Governance, SOAR
• Monitored and analyzed network security events from network intrusion detection systems (NIDS), host intrusion detection systems (HIDS), and log data; opening/updating trouble tickets.
• Researched and analyzed known hacker methodology, system exploits, and vulnerabilities.
• Ability to write/document/author Security policy and security procedures and Ability to interpret and provide guidance on NIST 800-53 security control implementation

• National Level Award in Best Research Paper and Presentation (Cloud Security)
• Best Trainer at Onsite, Sydney, HP (Mphasis)
• Quarterly Appreciation Award, Decos
• Appreciated by the management for excellent contribution in Mphasis (Formerly EDS)
• Target Zero Delivery Achievement for NWB, Fiserv
• Designed, Developed, and Implemented anti Ransom-ware decrypt tool that can break PGP-128-bit encryption.
• Conduct oversight of SOC operations of the enterprise's security solutions through management of the organization's Security Analyst.
• Developed Mobile app which handle secret data in four weeks for enterprise use of Schlumberger

• Location Preference: Pune
• Date of Birth: 03/10/1977