Chandramouli.G, CISA, ISO27001 LA, BS 10012:2017 LI, CSM
M: -
E:-Summary
Dynamic professional with 17 years of experience in Information Security esp. in the area of
Application Security, Governance, Risk & Compliance (GRC), and Development of software.
Experienced senior level IS specialists and Expert Level Technologist, bringing vast knowledge,
best practices in architecting security solutions to various companies and enterprise customers in
all aspect of IT security.
Expert knowledge in performing ISMS Implementations & Audit, , vulnerability management,
application vulnerability assessments and penetration testing in all its form from Web Application,
API, Enterprise applications and Mobile Application and also provide proactive advisory for
enterprise customer on Secure-SDLC.
Well versed in cyber security and software development process with certifications in CISA, ISO
27001:2013 LA, BS 10012:2017 (GDPR) LI, Certification Scrum Master (CSM), and ISTQB.
Organization Scan
Mar 2018 onwards: Freelance Security Consultant.
Notables:
ü As an expert security consultant actively working on providing security consultation in the
areas of Application Security – Penetration Testing of Web, Mobile and Native
applications, Secure Source Code Reviews, Network Penetration Testing, ISMS Audit &
Implementation, Personal Information Management System – GDPR Implementation.
ü Executed over 20 Penetration Testing projects since March 2018
ü Designed & Implemented ISMS policy, procedure & controls in compliance with ISO
27001 for clients from healthcare and finance domain.
ü Performed Architecture and design reviews of applications developed in Java and .NET
and worked with development teams of various sizes ranging from 4 to 150
ü Conducted source code reviews manually and using automated tools such as IBM
AppScan Source, Fortify, Checkmarx etc.
ü Assisting client is evaluating their current security compliance level and aiding them to
bridge the gap between current and ideal security posture.
Sep 2014 – March 2018 : CSC as Cyber security–Global Manager – Application Security
Notables:
ü Functioned as Technical Consulting India Lead and Global practice manager for
Application security
ü Contribute and involved in inception to Development of AppSec on Demand service
ü Involved in developing Service offering for Mobile VA and PT service offering
including consulting service for Mobility.
ü Managing the overall security practice team of 20 fulltime security professionals primarily
providing Security Testing for WAPT, Mobile Pen testing, Application security testing
(Dynamic and Secure Code review) and API
ü Managing pre-sales initiative and overall security service in terms of Network, Server,
security perimeter devices audit and penetration testing
ü Developed and re-defined Process and delivery model for Application security
ü Played a pivotal role in presenting Application as a major service in sales group and bring
Security Testing opportunities form Large Enterprise customers including G1000 clients.
ü Actively involved in Client Management, Initiating Sales drive run for SA and India
ü Involved from inception to build Maturity model for secure code review services across all
regions.
ü Actively participating in conference and provided lectures for professional and student
communities
ü Provided proven solutions and developed secure software development lifecycle
programs for couple of larger enterprise organizations with application landscape
of over 500+ applications
ü High efficiency in People management and project management skills.
Page 1 of 3
Courtesy Google Images
Certifications
Aug 2010 – Sep 2014: Verizon Data Services Pvt Ltd –Technical Manager & GRC Liaison
Notables:
ü As a GRC Liaison, responsible for training, implanting and auditing ISMS controls
for over 100 groups within Verizon India.
ü Played an important role in implementing compliance standards such as ISO
27001, SOX and Internal Verizon Security procedures (CPI 810)
ü Technical Manager responsible delivering projects to production based on the business
requirement.
ü Instrumental in defining and implementing Secure – SLDC (Waterfall) and Secure
Agile on various projects.
ü Successfully implemented secure code review process across various projects
ü Mentored over 50 highly efficient developers on secure architecture, design and
development esp. on Java and .NET technologies.
IT SKILLS
Security Products
Oct 2006 – Jul 2010: Verizon Data Services Pvt Ltd. – Senior Software Architect
Notables:
ü Responsible for developing High Level and Low Level architecture of complex
applications.
ü Worked with various development teams and guided them all through the project
development phase.
ü Responsible for performing security assessment using HP Fortify and Web Inspect
tools, across provisioning application suite and guiding the development team in
remediating the vulnerabilities.
ü Actively involved in defining and implementing Secure SDLC framework
April 2004 –Sep 2006: Computer Associates (CA) – Senior Research Engineer
Notables:
ü R&D, Vulnerability Assessment and Penetration testing
ü Key person in building Vulnerability Assessment and Penetration Testing Team (VAPT)
in CA, India
ü Involved from Defining process and procedure for performing activities and Mentoring
engineers from other groups to be part of VAPT,
ü Identification/introduction of new tools and process like Threat modeling using STRIDE
ü Successfully delivered CA security applications post security testing.
ü Effective usage of Penetration testing tool (E.g. App scan) and Code analysis tool (E.g.
Code Assure) in determining security holes.
o
ACCOMPLISHMENTS:
o
Initiated and develop the process Plan for the CA-VPT
o
Identified ~100 Security vulnerabilities and certified 6 products for Security
certification
Oct 2003 – April 2004: Cyberwrex Software Solution – Software Engineer
AWARDS
Notables:
ü Involved in Design level activities of new element manager components.
ü Developing, Maintaining and Debugging of Code for SCM Element Manager.
ü Setting up environment (with Cisco Devices) for EM Development (SCM and CEMF)
ü Developing Scripts for White box testing.
ü Coordinating with the QA team on SCM and CAF specific activities.
ACCOMPLISHMENTS:
o
Rewarded for completing the development and testing of SCM releases on time
and with quality.
o
Chosen for onshore training in COM Automated Framework (CAF) and CEMF
in Cyberwerx Incorporation, Cary, North Carolina, USA and Cisco Systems,
RTP, North Carolina, USA., for setting up CAF environment in Cyberwerx
(India) Office.Created
Verizon Shining Star
May 2003 – Sep 2003: Zenith Infotech Pvt. Ltd – Software Engineer
Notables:
ü Designing and Prototyping of Linux and Network Monitors.
ü Linux Server Monitoring System Study and Creation of Functional and Technical
Documents.
ü Design of Linux Server Monitor, which can be integrated with the existing Monitoring
Architecture.
ü Coordinating with the development team on Database and Network Monitoring
Page 2 of 3
Courtesy Google Images
Received Star of the Month
CA (Computer Associates)
Nov 2002 – May 2003: Bi-Tech International Singapore Pte. System Analyst
Notables:
.
ü Responsible for System Study and Creation of Functional and Technical Design
Document for MXI Main Server.
ü Designed the Integration Plan for MXI Main Server Integration other Servers and
components in MXI.
ü Prototyping and Coding MXI Main Server – Real Server and XML Parser using LIBXML
Education
Bachelor of Commerce from D.G. Vaishnav College, in May 1999
Personal Dossier
Date of Birth: 01-Aug-1978
Languages Know: Tamil, English, Hindi
Page 3 of 3
Courtesy Google Images