Parthasarathi Reddy Vennapusa

Results-driven Security Architect with expertise in Security Architecture Review, Threat Modeling, and Penetration Testing. Proven ability to enhance application security and streamline security processes.

• AWS Security Specialist (SCS-C02)
• AWS Certified Solutions Architect Associate (SAA- CO2)
• AWS Certified Practitioner
• AZ-500
• Certified Ethical Hacker (CEH)
• ISC2 Certificate of Cybersecurity (CC)
• API Security Architect

MARS: Security Architect

• Evaluating applications against reference architectures, security policies, and standards to ensure that solutions are architected to mitigate the introduced risk
• Validating the deviation and compensation controls for any deviations from the approved template (security network controls, architecture diagram, data classification, encryption, etc.)
• Reviewing both cloud-based (IaaS, PaaS, SaaS) and on-prem applications
• Prepared security architecture review guidelines and user access management checklist, which helped to complete the security reviews with pace
• Review network security controls, data protection, IAM, security monitoring, vulnerability management, mobile application security, user access management, etc.
• Review third-party audit reports, like solution-specific SOC 2, ISO 27001, and BitSight score/analysis for SaaS solutions
• Based on the scope of application, performing vulnerability scans (web, code, and IVM scans)
• Working closely with PCI, PIA, and VRM (Vendor Risk Management) teams
• Experience with GRC tools like RSA Archer to create records for risks and gaps identified, and validating the action plan created (issues management)

MERCK: Target State Architecture Review (TSA) Security Architect

• Evaluating a complex system with multiple AWS resources (e.g., EC2, RDS, S3, Lambda) and complex interactions between components, along with a detailed examination of infrastructure, security integrations, high performance, and operational excellence to ensure that the application has been built based on the Well-Architected pillars (operational excellence, security, reliability, performance, costs).
• As part of the TSA review, focus on the scope of the application, TSA architecture diagram, application information, architecture decisions made, network components, data and integration components, security components (data storage, encryption, access controls, file transfers, authentication, authorization, internet exposure, etc.), operational components, and CI/CD support.
• As part of the TSA review for any SaaS solution, validation of prerequisites like EA review, VRM (Vendor Risk Management), etc. The review is about the integration of the SaaS solution and data handling

AEP and OLA: Threat modeling: 

• Created a solution-specific threat modeling template with all the stencils and components that are part of the architecture, along with the security risks and mitigations
• Defined the system and scope based on a walkthrough session, i.e. boundaries, components, and their interactions, created data flow diagrams (DFDs) using Microsoft Threat Modeling Tool (MTMT) covering all the elements of a DFD, i.e. External entities, processes, data stores, data flows, etc., and generating the threats based on methodologies like STRIDE
• Experience in creating threat modeling templates based on use case and project scope, experience with various tools like Threat Modeler, Microsoft Threat Modeling Tool (MTMT), OWASP Threat Dragon, and AWS Threat Composer, threat categorization using the STRIDE methodology, and risk rating based on DREAD
• Validating third-party access requests like VPN, VDI, SFTP/FTP connections, etc., independent research, and presenting conclusions to people at all levels of the organization, architecture review based on NIST CSF and OWASP ASVS standards, performed code review, and prepared developer-friendly programming language security checklists on Java, .NET, Python, C#, and JavaScript

HP Inc. R&D

• Application security analysis, both manual and automated, involves experience with web applications based on the OWASP Top 10
• Experience in remediation review and recommendations for vulnerabilities identified during security assessments
• Network assessment using Nmap, Nessus, and Wireshark, and experience in preparing executive reports for every assessment
• Check for regular security updates from standard bodies such as the Open Web Application Security Project (OWASP), supported for POC of various projects, and prepare documents on the security methodologies of various app modernization projects

Beckman Coulter: Thick client penetration testing

• Experience in performing thick client penetration testing reviews using different tools like SysInternal tools, Process Hacker, Procmon, Echomirage, Nessus, and Nmap, identified critical and high security issues like DLL hijacking, memory dump analysis for sensitive information, unsigned binaries, data at rest encryption missing, and network security vulnerabilities
• Performed REST API testing using tools like Postman, Burp

• Threat Modeler
• Microsoft Threat Modeling Tool (MTMT)
• OWASP Threat Dragon
• AWS Threat Builder
• RSA Archer
• Burp Suite Proxy
• Nessus
• NMAP
• ZAP
• SSL Labs
• Soap-UI
• Sysinternal
• Winhex
• Hxd
• Echomirage
• Process Hacker
• CheckMarx
• SonarQube
• Fiddler

• Date of Birth: 04/11/1988
• Nationality: Indian
• Marital Status: Married

• I hereby declare that the above written particulars are true to the best of my knowledge and belief.