Swarup Kumar Behera
Principal Cyber Security Specialist (Technical Lead)
Bengaluru,KA
Summary
Dynamic Cyber Security professional having 13 years of Cyber Security experience with extensive experience in Cyber Security Solution Delivery, specializing in Vulnerability Management and Risk Management . Proven track record in enhancing security postures through effective patch management and compliance with ISO 27001 , NIST standards. Strong collaborator, adept at driving security initiatives and fostering stakeholder relationships to achieve organizational goals.
Overview
13
13
years of professional experience
3
3
Certifications
Work History
Principal Cyber Security Specialist (Tech Lead)
Medtronics, Inc.
12.2018 - Current
- Leading the Vulnerability Management portfolio for Global Security Office and making sure all devices are discovered, assess/vulnerability scanned.
- Worked as Security Liaison for different Business/Operating Units. Making sure Business Unit follow the security standards per Global Security Office.
- Collaborate with Business group to ensure appropriate security requirements are included in the process.
- Improve Security Postures by driving different security programs.
- Worked as a Compliance Manager for Attack Surface Reduction Team.
- Develop and maintain Vulnerability Management program for Business Units and M&A (Merger and Acquisition).
- Review Policy Exception Requests, document risk statements.
- Initiate and drive Risk Acceptance Process.
- Create Cyber Security policy/standard for Security Office.
- Contributed to development of company-wide policies on information security, privacy, and acceptable use of technology resources.
- Build Vulnerability Management stand and remediation timelines.
- Reduced cyber risks by conducting regular vulnerability assessments and penetration tests.
- Vulnerability Remediation Prioritization. Provide Vulnerability analysis, reporting and remediation plan for the team.
- Create Security Policy Exceptions Management process and Risk Acceptance process.
- Drive awareness program for Vulnerability Management by creating educational videos.
- Created Security awareness training through Adds and Posters.
- Part of Security Engineering Pre- Architecture Gate review committee for review new or modification to Network/Application architecture.
- Drive Patch Management/Governance effort for monthly tracking of Patching Compliance which include making sure all systems are included to patch schedule.
- Lead Zero day vulnerability remediation program.
- Worked on automating vulnerability assignment through Service-Now Vulnerability Response (VR) Module.
- Drive weekly Threat Intelligence briefings for new Critical/Zero days vulnerabilities.
- Maintained up-to-date knowledge of emerging threats, providing proactive solutions for potential vulnerabilities.
- Process improvement by adding lesson learned from different remediation effort, adding new check points to enforce security guidelines.
- Manage/Responsible for improving external Security Ratting Services (Bit Sight/Security Scorecard/Black Kite) score.
- Drive Cyber Security as Business enabler / growth by getting new Business showing Security Score of Company/ BU's.
- Lead Cloud Security Posture Management program.
- Leads complete Vulnerability Management flow for Cloud environment. Facilitate and drive Vulnerability Remediation for external infrastructure penetration testing.
- Hands on experience in configuring / managing vulnerability assessment tools like Qualys Guard, Rapid7, Nessus.
- Experienced and lead Policy Compliance scan configuration / assessment for CIS Benchmark, ISO standards.
- Lead System hardening aligned with CIS and ISO and effective management of findings towards resolution.
- Develop and present Security metrics to assess the performance.
- Built strong relationships with stakeholders, ensuring clear communication channels for project updates and progress reports.
- Host / Drive Vulnerability Management office hours meetings to clarify vulnerability remediation queries/concerns.
Technical Lead (Cyber Security)
Happiest Minds Technologies
10.2015 - 12.2018
- Responsible for implementing End to End VM process (Starting from Scanner installation, scanning, Remediation of vulnerability as per standard timeline).
- Lead team to discover vulnerabilities and threats in servers, endpoints, network device, and communicate to business owners.
- Responsible for creating framework that defines vulnerabilities priorities aligned with business criticality.
- Responsible for providing governance, guidance and setting priorities for remediation.
- Weekly and monthly reporting of vulnerabilities and risks priorities.
- Ensure all Vulnerability scans are kept accurate and up to date.
- Exposure to Qualys API and working knowledge in RegEx.
- Responsible for creating script in McAfee ePO for Qualys Cloud Agent related requirement (Deploying cloud agent, deploying certificates, configuring proxy for agent).
- Responsible for 1st level of approval for Exception and Extension of vulnerabilities raised by stake holders / Asset Owner.
- Responsible for maintaining Policy Compliance of all servers in client Infrastructure.
- Responsible for creating controls for different technology as per Client's Security standards.
- Prepare Information Security process document for all technology supported in project.
- Publish patch governance reports to Windows, Unix, Oracle and end user computing teams.
Project Engineer (Enterprise Security Services)
Wipro Technologies
06.2012 - 10.2015
- Part of Security operations team, managing end point protection tools,Threat Management and Antivirus using Symantec end point manager for 7500+ clients.
- Responsible for up gradation of Symantec Manager as well as client version of Symantec Endpoint Protection on all clients.
- Closely monitor un-managed clients in network and remotely push client package on to these clients.
- Responsible for creating of content filtering policies and push them to requested group.
- Tracking all Botnet activity in client infrastructure and analyzing source of action and remediate malicious activity.
- Handling email security issues reported in incident and resolve within SLA .
- Track vulnerabilities detected on client infrastructure using Qualys Guard and coordinate with concerned teams to fix these vulnerabilities.
- Responsible for maintaining Policy Compliance of all servers in client Infrastructure.
- Responsible for presenting all Infrastructure Security CSL report/document to Clients.
Education
Master of Science - Computer Applications Development
Veer Surendra Sai University of Technology
Burla, India 04.2001 -
Bachelor of Science - Computer Science
Fakir Mohan Autonomous College
Balasore, India 04.2001 -
Skills
Vulnerability Management
Patch management
ISO 27001
NIST CSF2
System Hardening
Information Security Policies
Risk Management
Qualys , Rapid7 , CloudGuard
Security Metrics & Reporting
Security Project Management
Collaboration
Accomplishments
- Implemented automated dashboards, reducing manual review by 25% and enhancing reporting accuracy.
- Created Policy Exception Review Playbook standardizing Global security exception process.
- Lead Security Assessment for 50 plus suppliers and 5 Merger and Acquisitions . identifying 30% of high risk gaps and ensuring compliance.
- Supported audits, coordinating with stakeholders to address gaps, achieving a 90% remediation rate.
- Supervised and mentored a team, increasing productivity by 20% and ensuring timely SLA compliance.
- Lead team organization and skill mapping and alignment resulting 20% budget saving for the Team.
- Worked on improving Organization Public Cyber Security Score resulting new million dollar hospital deal.
Certification
CISSP - Certified Information System Security Professional
Timeline
CISSP - Certified Information System Security Professional
10-2022
Principal Cyber Security Specialist (Tech Lead)
Medtronics, Inc.
12.2018 - Current
ITIL
07-2017
Certified Ethical Hacker (CEH|V9)
07-2016
Technical Lead (Cyber Security)
Happiest Minds Technologies
10.2015 - 12.2018
Project Engineer (Enterprise Security Services)
Wipro Technologies
06.2012 - 10.2015
Master of Science - Computer Applications Development
Veer Surendra Sai University of Technology
04.2001 -
Bachelor of Science - Computer Science
Fakir Mohan Autonomous College
04.2001 -