Prashant Khare

• Technology-driven professional with 15+ years of experience in application security, risk management, directing cross-functional teams, and achieving product delivery across regions. Strong ability to solve complex company problems using excellent judgment and decision-making skills. I believe in receiving ongoing education and running a customer service-oriented company.
• Increased company revenue by implementing innovative business strategies and expanding product offerings.
• Managed high-performing teams to successfully execute corporate objectives and drive organizational success.
• Built productive relationships with industry partners and competitors to support strategic business objectives
• Cultivated forward-thinking, inclusive, and performance-oriented business culture to lead industry in innovation and push progress.
• Enhanced sales performance through strategic planning initiatives, targeted training programs, and effective incentive structures for sales teams.
• Directed research and development efforts in alignment with long-term strategic goals to maintain competitive advantage within the industry sector.

Joined as Principal Consultant – Threat Management Service, I am currently leading a pool of pen testers for short-term client engagements comprising VAPT, web application security, mobile, and Red Teamwork, with a total team of 20 members. I am handling and mentoring engagements from a technical quality and efficiency perspective.

Core responsibilities include:

• Risk Management and Remediation
• Architecture, Reviews, Threat Modelling, and SDLC Reviews.
• Cloud Security & DevSecOps Audits & Consulting.
• Periodical training of developers and the pentest team.
• SLA Monitoring
• Planning of assessments for the YoY schedule.
• Coordinate with various stakeholders for security framework implementation changes and training requirement analysis for in-house development teams.
• Requirements gathering and planning of security testing activities.
• Resource Management

Joined as Deputy Manager - Risk Advisory, I was deployed on one of the financial clients to deliver SAST testing services and to manage a team of 12 pen testers performing code reviews. Core responsibilities include:

• Demand forecasting.
• SLA Monitoring
• Red Team Efficiency Throughput Analysis.
• Planning of assessments for the YoY schedule.
• Coordinate with various stakeholders for security framework implementation changes and training requirement analysis for in-house development teams.

Joined as an Associate Security Consultant, I was deployed on a project for CRM transformation. My role is that of a security SME and counterpart from the IT security side. The scope of this assignment was to engage in the ongoing CRM transformation program and to lead the security testing team, as well as coordinate with cross-functional teams to enable security testers to assess the risks in the applications and infrastructure within the vicinity of the CRM transformation program, where my key role is to:

• As a Security Consultant, I am required to interact with the Project Manager and track until closure. Coordination plays a key role in this type of work, where major efforts are spent in risk management, coordinating for security testing, and presenting the final report to business authorities. I am managing projects in the security review of developed applications, third-party vendor tools, and infrastructure/networking-related products.
• Liaise with the customer to understand the security requirements and to assess the initial risks associated with the product.
• Test planning, efforts estimation, resource planning, and test strategy documentation.
• Lead the application security testing team and enable them to perform security testing by arranging test data, ensuring environment availability, and providing appropriate support from the solution team.
• Coordinate with various teams to enable security testers to assess infrastructure and web applications from a security perspective.
• Sending weekly status reports to customers, dashboards, and producing reports.
• Triage meeting with the solution team to make them understand the vulnerabilities identified and the recommendations provided with implementation for the mitigation plan.
• Technical assistance was also provided to the project team to mitigate the vulnerabilities found, and to lower the risk by implementing the controls.
• Risk Management, patch management, and risk tracking until closure.
• Present business risks to authorities and seek sign-off.

• I have tested various internal web applications, as well as third-party applications used in HSBC for security perspectives. Android and iOS mobile application security testing and vulnerability assessment are also a part of my responsibilities. My responsibilities included creating a test plan, designing the test cases, test execution, defect management, reporting, and walk-through of the vulnerabilities found to the project team and business stakeholders. All the projects were handled and done independently.
• Technical assistance was also provided to the project team to mitigate the vulnerabilities found, and to lower the risk by implementing the controls.
• Apart from the projects, I have been training the new associates about the process followed in HSBC, and also providing technical assistance to new associates.

Positioned as a Senior Engineer in the organization, I was deployed at the client end to facilitate the security team with the following responsibilities:

• Identifying Possible Attack Vectors.
• Preparation of Test Cases and Test Scenarios.
• Exploitation of vulnerabilities found.
• PoC collection

Started as a Software Engineer, I was allocated to the Center of Excellence, where I developed my expertise in security testing skills and code review. I worked on various projects where I learned.

• Understand the product functionality, end objective, and its architecture.
• Exploitation of vulnerabilities.
• PoC collection
• Development of automated fuzzers and accelerators to automate the process.