I am an experienced information security and software development consultant and researcher who can perform web and mobile application penetration tests, automated and manual code reviews, software debugging, security testing on smartphone platforms such as iOS and Android, and develop security-aware web and mobile applications. I have a masters degree in Computer Security from Columbia University, New York.
Senior Security Engineer
Apr 2016 - Present
San Francisco Bay Area, CA
VMware virtualizes computing, from the data center to the cloud to mobile devices, to help our customers be more agile, responsive, and profitable. My job functions include finding new vulnerabilities in VMware products, analyzing externally reported vulnerabilities, developing demonstration exploits, developing vulnerability mitigations and workarounds, act as the technical reviewers for external security communications such as VMware Security Advisories, security response engineering and tools development.
Senior Security Consultant
Oct 2014 - Apr 2016
IOActive is an industry leading security services firm. My essential job function is to perform security services for IOActive's Global client portfolio. These can include penetration testing, vulnerability assessments, reverse engineering, fuzzing, exploit development, and more. The focus of my work is to provide leadership on mobile penetration testing for Android and iOS platforms. Other important job functions include participation in the business development process, performing research and delivering talks at industry events.
Apr 2013 - Sep 2014
The essential job functions include vulnerability assessments and analysis, penetration testing and source code review of web and mobile applications and platforms, reporting and documentation of all security findings, and travel to customer site locations as required.
Feb 2012 - Jan 2014
A freelance Information Security Consultancy and Secure Software Development agency. I provide Secure Software development, Web and Mobile Applications penetration-testing, automated and manual code reviews for security vulnerabilities. Security testing on smartphone platforms such as iOS and Android, is what I love to do. I also provide Security-aware Web and Mobile applications development, Operating System development and Software debugging services. References from clients can be provided on request.
Research Engineer / Mobile App Development Manager
Mar 2012 - Feb 2013
Development of Secure SMS and Secure VoIP applications on Android and iPhone. The core task was to help the programmers apply the theory of information security, cryptography and secure development in real world mobile applications. I managed a team of mobile application developers to achieve these tasks. I was also responsible for completing reports and deliverables to meet requirements of the funding agency.
Aug 2012 - Dec 2012
Courses Taught: Data Communication & Networking
Mobile Development, Security and Testing - Intern
May 2011 - Dec 2011
New York, NY
The concentration of my work was on penetration testing of a number of iPhone, iPad applications for some of the fortune 50 companies. I also worked on image assessment, and some linux based embedded system pen-testing.
Research Engineer / Team Lead
Apr 2008 - Jul 2010
The aim of this project is to develop an intelligent Bio-inspired self-defending/ self-healing security frame work for IP Multimedia System (IMS) and Next Generation All-IP Networks, which will complement existing authentication and encryption mechanisms to protect infrastructure nodes and subscribers against the attacks launched by malicious nodes in the network. These unique and real-time vulnerabilities which need to be addressed in the IMS network include: IMS framework-related vulnerabilities, SIP protocol vulnerabilities, VoIP/ video/ PoC/ Messaging/ Presence/ Conferencing application vulnerabilities; and voice spam, media plane related vulnerabilities. This framework is expected to become a cardinal component that will protect against the misuse of the network resources of an operator. The goal is that our system will ultimately become integral part of security for IMS and Next Generation All-IP networks.
MS - Computer Science (Security)
Columbia University - Fu Foundation School of Engineering and Applied Science
2010 - 2011
New York, NY
BE - Electrical Engineering
National University of Science and Technology
2004 - 2008