Chandramouli Gurumoorthy

Chandramouli.G, CISA, ISO27001 LA, BS 10012:2017 LI, CSM M: - E:-Summary Dynamic professional with 17 years of experience in Information Security esp. in the area of Application Security, Governance, Risk & Compliance (GRC), and Development of software. Experienced senior level IS specialists and Expert Level Technologist, bringing vast knowledge, best practices in architecting security solutions to various companies and enterprise customers in all aspect of IT security. Expert knowledge in performing ISMS Implementations & Audit, , vulnerability management, application vulnerability assessments and penetration testing in all its form from Web Application, API, Enterprise applications and Mobile Application and also provide proactive advisory for enterprise customer on Secure-SDLC. Well versed in cyber security and software development process with certifications in CISA, ISO 27001:2013 LA, BS 10012:2017 (GDPR) LI, Certification Scrum Master (CSM), and ISTQB. Organization Scan Mar 2018 onwards: Freelance Security Consultant. Notables: ü As an expert security consultant actively working on providing security consultation in the areas of Application Security – Penetration Testing of Web, Mobile and Native applications, Secure Source Code Reviews, Network Penetration Testing, ISMS Audit & Implementation, Personal Information Management System – GDPR Implementation. ü Executed over 20 Penetration Testing projects since March 2018 ü Designed & Implemented ISMS policy, procedure & controls in compliance with ISO 27001 for clients from healthcare and finance domain. ü Performed Architecture and design reviews of applications developed in Java and .NET and worked with development teams of various sizes ranging from 4 to 150 ü Conducted source code reviews manually and using automated tools such as IBM AppScan Source, Fortify, Checkmarx etc. ü Assisting client is evaluating their current security compliance level and aiding them to bridge the gap between current and ideal security posture. Sep 2014 – March 2018 : CSC as Cyber security–Global Manager – Application Security Notables: ü Functioned as Technical Consulting India Lead and Global practice manager for Application security ü Contribute and involved in inception to Development of AppSec on Demand service ü Involved in developing Service offering for Mobile VA and PT service offering including consulting service for Mobility. ü Managing the overall security practice team of 20 fulltime security professionals primarily providing Security Testing for WAPT, Mobile Pen testing, Application security testing (Dynamic and Secure Code review) and API ü Managing pre-sales initiative and overall security service in terms of Network, Server, security perimeter devices audit and penetration testing ü Developed and re-defined Process and delivery model for Application security ü Played a pivotal role in presenting Application as a major service in sales group and bring Security Testing opportunities form Large Enterprise customers including G1000 clients. ü Actively involved in Client Management, Initiating Sales drive run for SA and India ü Involved from inception to build Maturity model for secure code review services across all regions. ü Actively participating in conference and provided lectures for professional and student communities ü Provided proven solutions and developed secure software development lifecycle programs for couple of larger enterprise organizations with application landscape of over 500+ applications ü High efficiency in People management and project management skills. Page 1 of 3 Courtesy Google Images Certifications Aug 2010 – Sep 2014: Verizon Data Services Pvt Ltd –Technical Manager & GRC Liaison Notables: ü As a GRC Liaison, responsible for training, implanting and auditing ISMS controls for over 100 groups within Verizon India. ü Played an important role in implementing compliance standards such as ISO 27001, SOX and Internal Verizon Security procedures (CPI 810) ü Technical Manager responsible delivering projects to production based on the business requirement. ü Instrumental in defining and implementing Secure – SLDC (Waterfall) and Secure Agile on various projects. ü Successfully implemented secure code review process across various projects ü Mentored over 50 highly efficient developers on secure architecture, design and development esp. on Java and .NET technologies. IT SKILLS Security Products Oct 2006 – Jul 2010: Verizon Data Services Pvt Ltd. – Senior Software Architect Notables: ü Responsible for developing High Level and Low Level architecture of complex applications. ü Worked with various development teams and guided them all through the project development phase. ü Responsible for performing security assessment using HP Fortify and Web Inspect tools, across provisioning application suite and guiding the development team in remediating the vulnerabilities. ü Actively involved in defining and implementing Secure SDLC framework April 2004 –Sep 2006: Computer Associates (CA) – Senior Research Engineer Notables: ü R&D, Vulnerability Assessment and Penetration testing ü Key person in building Vulnerability Assessment and Penetration Testing Team (VAPT) in CA, India ü Involved from Defining process and procedure for performing activities and Mentoring engineers from other groups to be part of VAPT, ü Identification/introduction of new tools and process like Threat modeling using STRIDE ü Successfully delivered CA security applications post security testing. ü Effective usage of Penetration testing tool (E.g. App scan) and Code analysis tool (E.g. Code Assure) in determining security holes. o ACCOMPLISHMENTS: o Initiated and develop the process Plan for the CA-VPT o Identified ~100 Security vulnerabilities and certified 6 products for Security certification Oct 2003 – April 2004: Cyberwrex Software Solution – Software Engineer AWARDS Notables: ü Involved in Design level activities of new element manager components. ü Developing, Maintaining and Debugging of Code for SCM Element Manager. ü Setting up environment (with Cisco Devices) for EM Development (SCM and CEMF) ü Developing Scripts for White box testing. ü Coordinating with the QA team on SCM and CAF specific activities. ACCOMPLISHMENTS: o Rewarded for completing the development and testing of SCM releases on time and with quality. o Chosen for onshore training in COM Automated Framework (CAF) and CEMF in Cyberwerx Incorporation, Cary, North Carolina, USA and Cisco Systems, RTP, North Carolina, USA., for setting up CAF environment in Cyberwerx (India) Office.Created Verizon Shining Star May 2003 – Sep 2003: Zenith Infotech Pvt. Ltd – Software Engineer Notables: ü Designing and Prototyping of Linux and Network Monitors. ü Linux Server Monitoring System Study and Creation of Functional and Technical Documents. ü Design of Linux Server Monitor, which can be integrated with the existing Monitoring Architecture. ü Coordinating with the development team on Database and Network Monitoring Page 2 of 3 Courtesy Google Images Received Star of the Month CA (Computer Associates) Nov 2002 – May 2003: Bi-Tech International Singapore Pte. System Analyst Notables: . ü Responsible for System Study and Creation of Functional and Technical Design Document for MXI Main Server. ü Designed the Integration Plan for MXI Main Server Integration other Servers and components in MXI. ü Prototyping and Coding MXI Main Server – Real Server and XML Parser using LIBXML Education Bachelor of Commerce from D.G. Vaishnav College, in May 1999 Personal Dossier Date of Birth: 01-Aug-1978 Languages Know: Tamil, English, Hindi Page 3 of 3 Courtesy Google Images