Prawez Samani

• Managing In-House Vulnerability Management Operations (PAN-India footprints) over ~50k assets along with secure configuration over ~2k assets, and penetration testing over ~5k assets for IT infra, and cloud security assessments over ~1.5kresources via cutting-edge technologies like Tenable Suite and Metasploit Pro
• Acting as a subject matter expert and “single point person” for the Vulnerability Management Operations
• Designed and developed the Risk-based prioritized vulnerabilities reporting mechanism and implemented
• Governance with IT stakeholders for prioritizing vulnerabilities response on required treatment actions
• Deployed and operationalizing Tenable agents (end-to-end) over ~50k assets (Windows family/Linux)
• Conducted gap assessments to improve the overall vulnerability management program maturity
• Participating in various POCs and implementations, assisted with scope engagements, and facilitated end-to-end independent 3rd party security assessments over 1kassets
• Automated vulnerability reporting process using Power Queries to provide a rich visual summary for IT groups
• Developed and maintained enterprise reporting metrics on vulnerabilities and cyber dashboards
• Providing technical support to IT groups to propose mitigation and remediation of the identified vulnerabilities
• Oversing the development, maintenance, and continual improvement of the vulnerability management platforms, process, procedure, and technical assessments
• Assisting client-facing teams with client queries on various engagements, and facilitated providing the fulfillment of MSAs and RFPs (Vulnerability Management) and multiple Audits
• Providing input to the leadership for enhancing the vulnerability management strategies and, supporting the budget and resource forecasting in the decision-making process of the overall VM program
• Supervising staff, mentoring junior staff, and providing feedback and coaching, so they can grow their technical and management skills

• Managed Vulnerabilities Management Process for a dedicated client with over ~18k assets
• Worked with internal IT stakeholders to ensure remediation efforts adhere to the client’s policies
• Governance with IT stakeholders for prioritizing vulnerabilities response on required treatment actions
• Collaborated with client and IT teams to provide security expertise to implement the proper remediation solutions for security threats and vulnerabilities
• Automated vulnerability reporting process using Power Queries to provide a rich visual summary for IT remediation groups
• Assimilating technical data, working with large datasets, and translating into layman’s terms
• Prepared various deliverables/reports and assisted the immediate supervisor during submissions and client discussions
• Worked with the Cybersecurity GRC Team to contribute to the overall security goals and objectives

• Managed In-House Vulnerability Management Operations (Global footprints in US, Europe, LATAM, South Africa, India & Philippines) along with secure configuration over ~40k assets and penetration testing over ~7k assets of IT infra, and cloud security over ~15k resources via cutting-edge technologies like Qualys Cloud Suite and Metasploit Pro
• Acted as a subject matter expert and “single point person” for the Vulnerability Management Operations
• Designed and developed the Risk-based prioritized vulnerabilities reporting mechanism and implemented
• Governance with IT stakeholders for prioritizing vulnerabilities response on required treatment actions
• Facilitated various integration of security tools as and when required
• Implemented CIS hardening standard and operationalized over ~40k assets (Windows family, and MYSQL database)
• Deployed and operationalized Qualys agents (end-to-end) and maintain compliance over ~40k assets (Windows family/Linux)
• Conducted gap assessments to improve the overall vulnerability management program maturity
• Designed, developed, and implemented various use cases related to the vulnerability’s life cycle
• Participated in various POCs and implementations, assisted with scope engagements, and facilitated end-to-end independent 3rd party security assessments by BIG4 vendors over 7k assets
• Automated vulnerability reporting process using macros to provide a rich visual summary for IT groups
• Developed and maintained enterprise reporting metrics on vulnerabilities and cyber dashboards
• Provided technical support to IT groups to propose mitigation and remediation of the identified vulnerabilities
• Oversee the development, maintenance, and continual improvement of the vulnerability management platforms, process, procedure, and technical assessments to meet the various compliance (PCI DSS/ISO 27001/HIPAA/SOC/SOX/HITURST)
• Assisted client-facing teams with client queries on various engagements, and facilitated providing the fulfillment of MSAs and RFPs (Vulnerability Management) and Audits
• Provided input to the leadership for enhancing the vulnerability management strategies and, supported the budget and resource forecasting and the decision-making process of the overall VM program
• Supervised staff, mentoring junior staff, and provided feedback and coaching so that they can grow their technical and management skills
• Conduced Breached Attack Simulations using the MANDIANT Security Validation Platform to continuously measure and validate security effectiveness against today’s adversaries

• Conducted vulnerability assessments and penetration testing for client IT infrastructure over ~11k assets including servers and network devices using Qualys VM, Nessus Pro, Metasploit Pro, and other open-source tools
• Conducted secure configuration assessments for client IT infrastructure over ~2k assets including servers & network devices, using Qualys PC and Nessus Pro
• Conducted security testing assessments to meet the PCI DSS Requirements 11 and compliance over ~1k assets
• Discussed prioritized vulnerabilities response with IT stakeholders on required treatment actions
• Developed and implemented the scanning, reporting strategies, and various VM-related use cases
• Designed and developed various vulnerability data dashboards, used by the management in the decision-making process
• Automated vulnerability reporting process using macros to provide a rich visual summary for IT groups
• Facilitated end-to-end independent 3rd party security assessments by BIG4 vendors over ~4k assets
• Conducted Qualys agent POC and helped the management in the decision-making process for solution procurement
• Deployed Qualys agent on the critical servers over ~3k assets to optimize the vulnerability management program
• Integrated Qualys with CyberArk PIM Suite and implemented various platforms centralized authentication solutions

• Conducted vulnerability assessments for client infrastructure and prepared deliverable reports
• Discussed identified vulnerabilities with the client and possible solutions for remediation
• Conducted various social engineering campaigns for trust exploitation on specific targets
• Managed and maintained the C2 network and other security tools infrastructure
• Carried out the data analysis activities of various campaigns using the IBM i2® Intelligence Analysis platform
• Facilitated and designed the different scenario-based infection vectors to use for various social engineering campaigns

• Trained more than 60 candidates over 1 year in cybersecurity and prepare them to achieve the relevant certification
• Conducted daily hands-on training sessions on cybersecurity and information security domains for students
• Assisted and advised trainees on short-term projects on cybersecurity concepts
• Implemented an open-source firewall for Appin’s local office to optimize and control the network traffic
• Demonstrated implementation of various open-source security products like Firewalls (Endian, pfSense), IDS/IPS (EasyIDS, Smooth-Sec, Security Onion, and Snort IDS/IPS) for educational purposes to defend the IT Infrastructure