Podishetti Harish

IT Information Security Analyst with 6+ Y experience expertise in risk management, unauthorized access, viruses, and a wide range of vulnerabilities and threats. Well-versed in direct and remote analysis with strong critical thinking, communication, and people skills. Able to thrive in fast-paced and challenging environments where accuracy and efficiency matter.

Splunk, Qradar, LogRhythm, Rapid & IDR, TrendMicro, Cylance, SEP, Crowd Strike, Carbon Black, CrowdStrike, TrendMicro, M365 EOP, TrendMicro, Proof Point, Proofpoint Phishing Protect, Trend Micro’s CAS, Abnormal Security, Qualys guard, Nessus, Tenable IO, Rapid 7, Insight VM, Proofpoint CASB, Digital Guardian, CrowdStrike, ThreatConnect, VM Ray, Cuckoo, CrowdStrike Native Sandbox, Hybrid Analysis, Living Security, KnowB4, Manage Engine, Palo Alto, Cisco ASA, Delina, Privilege Remote Access, Okta, Google Authentication, DUO, Guard Duty, CloudTrail, Cloud Guard, OCI Native Vulnerability Tool, Mark Monitor, Ransomware, DDOS, Business Email Account Compromise

• Working in the HTC Global services as a Senior Cybersecurity Engineer.
• A results-driven professional with 5.6 years of experience in the cyber security domain, including On-premises, Hybrid Cloud Environments such as AWS, Oracle Cloud Infrastructure, Azure and CASB (Cloud Access Security Broker).
• Expertise in SynAck penetration testing solutions for exploiting and remediating Web application vulnerabilities.
• Implementation and deployment experience with cybersecurity products such as LogRhythm SIEM, Rapid7 IDR, Splunk, Symantec EPO, Nessus (Tenable.io), Cybereason, Palo Alto firewall, URL filtering, Cylance Protect, Trend Micro Enterprise Protect, Abnormal Security, Proof point, CrowdStrike EDR, Digital Guardian, Proofpoint DLP and Insight Vulnerability products, Phishing Simulation Campaign & Security Awareness Training.
• Performed the Cybersecurity Table Top exercise for various Threat attack landscapes to identify security gaps in the organization.
• Malware analysis, log investigation, network analysis, sandboxing, and Security Use Cases are all areas of expertise.
• Expertise in Threat Hunting using various OSINT tools, as well as CrowdStrike and ThreatConnect.
• Extensive forensic analysis of various log source and log repositories.
• Performing vulnerability assessments and remediation across On-premises and Hybrid Cloud Environments.

• CEH V9

Project Description:

Organization:   HTC Global Services.

Role: Senior:   Cybersecurity Engineer

Duration:         From May’21 to Till data.

Security products skill:

SIEM Tool:            Rapid 7 IDR.

End Point Tool: TrendMicro & Crowd strike EDR

Operating Systems: Windows and Linux

Remedy tool: Manage Engine

Roles & Responsibilities:

SIEM Rapid 7 IDR:

• Integrated various types of log sources into the ManageEngine event logs analyzer.
• Created various types of dashboards based on business requirements.
• Created a custom correlation rule to detect Ransomware-related threats.
• Automated SOAR playbook for Phishing remediation with Abnormal Security, as well as blocking excessive Inbound Malicious Traffic in the Palo Alto firewall.
• Integrating the windows DC, Linux (Redhat, CentOS) servers, proxy, Palo Alto firewall, Cisco L3 switches, End point security and vulnerability logs sources to Rapid &IDR and performing the end-to-end activities.
• Investigating & analysing malware on Rapid 7 IDR & action reactive action and blocking IOCs at firewall & proxy end.
• Taking proactive action to prevent the on-going attacks from the organization, and collecting artefacts about IOA Indicator of Attack as well as IOC (Indicator of Compromise) IP’s and Hash, MD5 and SHA values prevented the organization for the Zero-day attacks and SPOC of the malware advisory team.
• Configuring the alerts, reports and creating the correlation rules based on the stakeholder’s requirements.
• Configured the Log Retention Policy and sanitizing the retired logs periodically.

CrowdStrike EDR:

• Have deployed CrowdStrike Falcon sensors across the various platform assets (i.e., Windows, MAC, Linux bases kernels operating systems).
• Enabled the Prevention, Response, Containment, Sensor, and USB Policies for Windows, Linux and MAC for platform machines.
• Endpoint detection alerts are being investigated and will be addressed as needed.
• In the USB policy, I managed the exceptions for USB and Engineering Devices and allowed the specific to have a USB exception.
• Separately managed Sensor Exclusion and Machine Learning Exclusion.
• Enable the Event Stream logs to in a internal server and log being monitored in Rapid 7 IDR Console .
• OnDemand Scan will be scheduled to scan the Critical servers to detect dormant malware at file at rest status on a weekly basis.
• Automated the sensor version upgraded through sensor policy based on the N-1 standard.
• Using the CrowdStrike Threat Intelligence platform to conduct Threat Intelligence and Threat Hunting.

Email Security Gateway (SEG: Trend Micro and Proof Point)

• Have migrated Trend Micro to Proof Point.
• Implemented the proof Point Email Security solution on top of the Office365 tenant.
• Enabled the various email gateway polices in Mimecast such Anti-Malware, Anti-Spam,
• Imposters, TLS, Attachment Management, Attachment Protection, DMARC, SPF and Graymail etc.
• Automated the Email Security Incident workflow through the Proof Point.
• Enable the TLS Enforcement policy at SEG to permit only TLS v1.2.
• Managed the automated block sender Policy for Bulk Email delivery based on the Machine Learning detection.

Anti-Phishing, Phishing Simulation and Cybersecurity Awareness Campaign:

• Deployed the Abnormal Security Anti-phishing tool on top of O365 Tenant with Read/Write Privileges to prevent the spear phishing, Wale Phishing, and Account Take overs attacks.
• Automated Email Incidents for User Reported Phishing emails.
• Enabled the User Report Phishing Button Add-on in the Outlook clients to Emphasis the user to reported suspicious emails
• Created the automate workflow to rest the compromised account credential through Abnormal security tool.
• Deployed the Quarterly Phishing simulation training to entire Organization users based on their profiles to increase the Cybersecurity Awareness Cross Organization through the KnowB4
• Scheduled the Annual Cybersecurity Awareness training through KnowB4.
• Publishing the Cybersecurity Article in the Cybersecurity Intranet site Monthly in order to increase the Cybersecurity Awareness.

PING SSO:

• Onboarded the new applications into PING SSO and enabled the MFA for them.
• Enabled the PING security control to identify the suspicious login and Excessive login failure activities.

Vulnerability Assessment & Management (Insight VM Rapid: 7):

• Performing the vulnerability assessment on the servers on weekly scheduled basis scanned report and identifying the critical & high vulnerabilities and working with respective stakeholders to remediate vulnerabilities accordingly.
• As per part of the vulnerability management profile, working closely with the stakeholders to patching the identified vulnerability in a monthly basis.
• Deployed and upgraded the Rapid 7 IVM vulnerability scanner and performing the vulnerability reports for the newly rollout machines across the organization and identified the critical and high vulnerability for the machines and recommended the respective team to patch vulnerability based on KB articles.
• Scrutinizing the weekly vulnerability reports and recommended the server owner to patch the critical and high vulnerabilities

Project Description:

Organization:    Synaptics india private limited

Role:                  Information security analyst

Duration:          November-2019 to March-2021

Security products skill:

SIEM Tool:                Splunk

End Point Tool:        Symantec EPO/EDR

Operating Systems: Windows and Linux

Remedy tool:            Service Now

Roles & Responsibilities:

• Perform monitoring, deployment, and support of the security infrastructure and other security and networking solutions within the enterprise.
• Worked Splunk,Endpoint protection, Advanced Malware Technologies, Incident Response, and Malware and breach mitigation.
• Creating the Dashboards and alerts and deploying UF agents on newly built servers.
• Performing the log analysis and configuring the IOC’s to prevent organization from the current cyber-attacks.
• Configuring the Indexer, Search Head in the prod environment and creating indexes, responsible for monitoring the health status of the indexer.
• Identified vulnerabilities, recommend corrective measures and ensure the adequacy of existing information security controls.
• Manage projects, including taking ownership of customer communication and coordinating internal resources.
• Analyse logs using Splunk, Symantec EPO for Incident Response.
• Configuring and Maintaining Syamantec ePO server and Symantec Policies.
• On boarding servers in the security environment with help of the change request.
• Monitoring and analysing sever logs based on the customers’ requests.

Symantec EDR:

• Installation, configuration, and day-to-day management of Symantec Endpoint Protection in various network environments, troubleshooting and optimizing the performance of this product in enterprise settings
• Setting up Symantec AV policies on the server and applying them to all client types.
• Creating installation packages for various client machines.
• Configuring the Live Update process.
• Regularly checking synchronization and monitoring to ensure updated signatures.
• Configuring, deploying, and maintaining Symantec AV clients on all Servers & Workstations.
• Assisting the network security personnel.
• Addressing issues related to signature downloading, updating, and virus infections/prevention.
• Managing Sensor Exclusion and Machine Learning Exclusion separately.
• Scheduling OnDemand Scans to detect dormant malware on Critical servers.
• Automating sensor version upgrades based on the N-1 standard

Digital Guardian DLP:

• Digital Guardian DLP agent for Windows and Mac platform assets has been deployed.
• Data protection policies have been implemented to prevent unauthorised data from being egressed to the external network.
• Implemented various customs policies to safeguard sensitive data being egressed to external Cloud Applications such as Box, Dropbox, Google Drive, and personal OneDrive.
• Regional workspaces were created to monitor endpoint device egress activities, including removable devices.
• Performed data classification across multiple countries based on their PII data policies.
• Implemented data classification policies to safeguard the organization's sensitive data.
• Deployed the PII policies to protected the regional based users’ PII data.
• Custom policies have been enabled to protect the organization's proprietary data, such as AUTOCAD files.

Vulnerability Assessment & Management in Nessus scanner (Tenable.io console):

• Performing the vulnerability assessment on the servers on weekly scheduled basis scanned report and identifying the critical & high vulnerabilities and working with respective stakeholders to remediate vulnerabilities accordingly.
• As per part of the vulnerability management profile, working closely with the stakeholders to patching the identified vulnerability in a monthly basis.
• Deployed and upgraded the Nessus vulnerability scanner and performing the vulnerability reports for the newly rollout machines across the organization and identified the critical and high vulnerability for the machines and recommended the respective team to patch vulnerability based on KB articles.
• Scrutinizing the weekly vulnerability reports and recommended the server owner to patch the critical and high vulnerabilities.
• Integrating the newly deployed Nessus scanner into Tenable.io. Console.