PADMANABHAN SHEKAR

• Currently responsible for driving Digital Forensics and Incident Management/ Response.
• Responsible for global cyber threat incident management and forensics investigation involving incidents like DoS, APT, targeted phishing, targeted service disruption attacks, virus outbreaks, zero day attacks as part of Purple Teaming.
• Drive Incident Response calls on high severity security incidents.
• Initiate Cyber Crisis Management process and drive incidents throughout its lifecycle till closure of incidents including relevant corrective and preventive action.
• Analyze Malware samples in self-developed controlled environment to understand dynamic behavior of Malware samples.
• Write Incident reports for investigated incidents.
• Conduct Forensic investigation for incidents such as Threats, Data exfiltration, copyright infringement and more.
• Acquisition (live and switched off) and analysis of Servers, Laptops, Desktops, External
• Storage Devices using several software and hardware tools.
• Investigating and performing root cause analysis (RCAs) in cases related to corporate policies, Data loss, Financial frauds, Forgery, Corporate kickbacks, client mandates and incidents.
• Provide generic and long-term resolution to incidents raised by SOC Monitoring Team around threats and suspicious behavior (clean failures, repeated Threats and more).
• Conduct investigation on various client escalated cases around Threats, Data exfiltration, DDoS and more.
• Collect Malware samples, Memory dump, Network logs and other evidence from suspect Hosts/ Machines.
• Research and take necessary action on identified IOCs, Footprints and Threat behaviors.
• Investigated system issues and implemented resolutions to reduce downtime.
• Evaluated and adopted new technologies to address changing industry needs.
• Advised management, business and technical staff on solutions using specific domains or technology.
• Drove technical initiatives for large enterprise systems to align with long-term business strategies.
• Automated monitoring and security measures to reduce required employee attention.
• Assessed project milestones and team performance to keep staff on-task.

• Manage security event / incident responses resulting from suspected security breaches and coordinate communications between responders and management team.
• Implement notification and response procedures.
• Creating Rules and reports in Splunk based on malware patterns /IOCs
• Manage Security Incidents, Investigate suspicious behavior, Threat Management
• Performs security monitoring, security and data/logs analysis, and forensic analysis, to detect security incidents, and mounts incident response
• Analyze network traffic to detect security threats and identifying web based intrusion attempts using Splunk
• Log Analysis & packet Analysis: Identify suspicious activity, and respond appropriately RCA (Root Cause Analysis)
• Analyzing Phishing/Spear Phishing/Spam emails which comes to PhishMe (Confense) Triage Console and taking appropriate action
• Working on SEP IDS, Sourcefire IPS/IDS and Symantec AV Alerts
• Fine-tuning false positive alert correlation rules to reduce noise in SIEM tool
• Training new joiners, allocating daily task to Team and coordinating with On-site Team on Weekly-Ops call.
• Perform Security monitoring in Azure risky sign-ins such as impossible travel to atypical locations, anonymous IP address, infected devices users with leaked credentials and Cloud App security alerts
• Manage Threat and vulnerability management (Qualys) for entire organization.

• Initially started as aSpyware Analyst, Analyzing various kinds of Spywares, Financial crimeware, Phishing attacks, Adware, BHOs, etc
• Analyzing threat files by collecting log files by executing threat files on Virtual environment (VMware and VirtualBox etc..) Exclusion of False positives
• Adding signatures of detected threats files (signatures includes, screenshot, Hash value, Description, strings, Download path, payload server information etc., onto Database
• Proofing signatures by scanning analyzed files using latest updates signatures and cross check whether they are detected security tools.
• Installing and supporting Security products or suites provided by clients on end user PC on escalation basis (L3 level)
• Handling escalation chats and supporting customers globally in virus and spyware removal.
• Manage security event / incident responses resulting from suspected security breaches and coordinate communications between responders and management Team.
• Implement notification and response procedures.
• Assigning shift timings of Team and other activities
• Worked as Team leader, and used to take care of facilitating leaves and shift timings of sub-ordinates, assigning daily work flow, online chats, Malware analysis and related work to Team and directly report to Manager.

• Worked for Symantec Process (VSS Virus and Spyware support)
• Handling escalation calls for Recovery Department (Customer Relations)
• Handling escalation calls and supporting Symantec customers globally in virus and spyware removal
• Calling back the customers on Level 3 priority when escalated by the Level1 and Level 2 technicians
• Supporting the customers in virus and spyware removal remotely by initiating a chat or through voice calls using Support soft or Go-to-assist remote assisting tools
• Last contact person (HOTLINE) for the Technical troubleshooting in regards to the Norton/ Symantec Product and Virus/ Threat Removal
• Handling top customers calling from APAC, EMEA, US regions directly to the Symantec Management team routed directly to my team
• I used to handle those calls and were assisting the customers promptly in installing the security products, educating the customer about the online safety tips and also Malware removal on their respective PCs and were retaining the customers to our clients, in turn bringing more business to the clients.

• Worked as Freelance Trainer, Training people on Malware Analysis and removal from nfected machines.

● Resident Engineer at client place (San Locomotives Ltd, Bangalore).

● Installation, Maintenance and updating Antivirus Software and .DAT files.

● Installation of Operating system, Device Driver, etc.

● Troubleshooting basic Hardware, Printer and Network issues.

● Resident Engineer at client place (AIR INDIA, HAL Airport, Bengaluru).

● Installation, Maintenance and updating Antivirus Software and .DAT files.

● Installation of Operating System, Device Driver, etc.

● Troubleshooting basic Hardware, Printers, Thermal printers and Network issues.