Sahil Thakur

Zero Trust Network Access (ZTNA) Implementation:

Spearheaded the end-to-end implementation of Zero Trust Network Access (ZTNA) solutions, replacing legacy VPN infrastructures. Successfully deployed both agent-based and clientless ZTNA to enable secure, seamless access to internal applications without endpoint installations. Enhanced access governance through granular policy enforcement, reducing unauthorized access and lateral movement risks.

Data Loss Prevention (DLP): Administration & Incident Response:

Managed DLP policies across endpoints, web, and email vectors. Created regex-based rules, handled whitelisting, and optimized detection to reduce false positives. Developed dashboards for policy effectiveness and compliance tracking. Designed incident response workflows for DLP alerts, led root-cause investigations, and refined policies based on incident learnings.

Email Security & Email DLP:

Deployed and administered Secure Email Gateway (SEG) platforms with integrated DLP. Designed and optimized filtering policies to identify and protect sensitive information such as PII and financial data in emails and attachments. Implemented encryption and quarantine measures to manage high-risk communications effectively.

Access Management & Policy Reconciliation:

Managed access controls aligned with the principle of least privilege. Utilized CASB and SWG solutions to block unsanctioned web access, mitigate shadow IT risks, and enforce secure cloud application usage. Oversaw exception handling for business-justified requests, conducted regular access reviews, and ensured compliance with governance and regulatory standards.

Error Troubleshooting & Monitoring:

Diagnosed and resolved complex issues across ZTNA, CASB, SWG, and email security platforms. Handled network-layer challenges like DNS mismatches, IP whitelisting conflicts, and private app routing failures. Troubleshot CASB/SWG policy errors, authentication failures, and email gateway issues (e.g., routing delays). Developed monitoring dashboards to track uptime, performance, and system alerts.

Extended Detection and Response (XDR):
Reviewed and audited detection logic and alerting rules within XDR platforms to identify and close coverage gaps. Collaborated with engineering and SOC teams to enhance rule quality, reduce noise, and improve detection of sophisticated attack patterns aligned with evolving threat landscapes.

Netskope Deployment & CASB Policy Support:
Assisted the lead during the deployment and basic configuration of Netskope CASB and SWG solutions. Through this, I gained hands-on experience in policy setup, access controls, and monitoring user activity. I learned how to review and escalate incidents, create support cases, and communicate with Netskope support engineers to resolve issues. This helped me understand cloud security enforcement and day-to-day CASB operations.

Forcepoint DLP Administration:
Worked closely with the lead to understand and support the administration of Forcepoint DLP across endpoints, web, and email. I contributed to creating DLP rules, building custom regex patterns, and managing whitelisting requests. I also helped monitor incidents, analyze alerts, and raise support tickets when needed. This experience helped me build a solid foundation in data loss prevention and policy management.

SentinelOne Deployment & Endpoint Monitoring:
Supported the lead in deploying and configuring SentinelOne on user endpoints. I learned to monitor alerts, identify basic threats, and document incident response actions. I also gained experience in raising support tickets and coordinating with SentinelOne engineers to troubleshoot issues. This exposure gave me practical insight into endpoint detection, prevention, and response processes.