Sravan Kumar Dhikonda

Mobile: +1- (813) 563-2393

E-mail: [email protected]

Objective:

A seasoned Information Security expert with more than 17 years of advancing expertise in
Cybersecurity, Cloud Security, Application Security, Network Security, Incident Management,
Vulnerability Management, Pentesting, Risk Management, Threat Modeling, Data Compliance, and
DevSecOps. Expert in devising security strategies and roadmaps for private and public cloud
environments, and adept at creating technical solutions. Demonstrates a track record of successful
Cybersecurity framework implementation, continuous integration, delivery, release management, and
product management. Recognized for exceptional leadership in cultivating high-performing,
collaborative teams that break down barriers, enhance efficiency, and achieve business objectives
effectively.

Key Qualifications:

 CISM, ISO 27001, and Multi-cloud certified Cybersecurity professional with 17 years of
technical expertise in assisting C-suite executives to understand cyber risks effectively.
Demonstrates a proactive attitude towards challenges, with specialization in Enterprise Risk
Management, implementing industry-specific standards, Security Policies & Procedures,
and providing Information Security advisory and assurance.
 Proficient in Identity & Access services, including Identity Management (IDM) and Access
Governance (IAG), Role-based Access Control (RBAC), Privileged Access Management
(PAM), Single Sign-on (SSO), and Multifactor Authentication (MFA).
 Hands-on experience in SSO and Authentication, managing various tools and products.
Successfully executed SSO integrations, streamlining user access to applications.
 possessed a comprehensive 5-year experience with PingFederate and Suite, actively con-
tributing to their integration and ongoing support.
 Implemented robust multifactor authentication solutions, enhancing the overall security
posture of the organization. Led critical operations activities, including certificate renewals
and production implementations.
 Proficient in protocols such as SAML, Web SSO, WSFED, WSTS, and OAuth, ensuring secure
data transmissions. Demonstrated proficiency in SSL communication and key management,
contributing to a fortified security infrastructure.
 Possess an in-depth understanding of Directory Services communication and effective inter-
action with F5.Aligned PAM program goals with the mission and objectives of the IAM orga-
nization, ensuring a cohesive and integrated approach to privileged access management.
 Formulated, organized, and monitored inter-connected projects and workstreams, making
informed decisions and delivering suitable short-term and long-term strategic objectives.
 Managed program issues, risks, changes, and resources, employing effective strategies to
ensure project goals were achieved within established timelines and budgets.
  Delivered comprehensive issues and risks tracking, resolution documentation, decision
logs, communication plans, and other program documentation to maintain transparency
and facilitate effective communication.
 Defined and implemented Security Standards based on Information Security Best Practices
to meet data compliance requirements (ISO series, GDPR, PCI-DSS, HIPAA, SOC2, NIST Spe-
cial Publications, ITIL, and threat modeling). Actively participated in regular knowledge
sharing sessions, staying updated on emerging technologies and industry best practices.
 Strong knowledge of Amazon cloud infrastructure (AWS) and MS Azure security and iden-
tity services, including Azure Active Directory, Azure Security Center, Azure Governance,
Authentication, Authorization, and more.
 5+ years of extensive experience in GCP security services, such as IAM, VPC-SC, Sentinel,
Data Encryption, and Cloud HSM.
 Expertise in design, configuration, and support of Web Application Firewall (WAF) and BOT
mitigation policies for on-premises and cloud deployments.
 Advised Senior Management and Board of Directors on information security risks and sup-
ported M&A activities.
 Skillfully implemented authorized changes and updates to the newly developed solutions, in
full compliance with organization Change Management and Service Request procedures,
preserving the network's integrity.
 Consistently evaluated and recommended improvements to systems and processes, result-
ing in increased operational efficiency and enhanced security measures. Created and man-
aged timelines as requested, ensuring the projects were completed on schedule and within
budget.
 Assessed system tools and determined their suitability for the agency and its customers, op-
timizing technology investments and enhancing operational efficiency.
 Provided mentorship and guidance to junior and journeyman Cybersecurity staff, fostering
skill development and knowledge sharing within the team.
 Operated within the constraints of enterprise security policies on security, privacy, and pro-
cedures, ensuring full compliance with all regulatory standards and best practices.
 Documented work activities through Agency Change Management, Service Desk, and Cost
allocation procedures, ensuring complete transparency and traceability in all projects.
 Strong understanding of operational controls management, compliance, and emerging
cloud technologies.
 Skilled in customer engagements, technical delivery, and sales enablement, collaborating
with stakeholders to develop mutually beneficial solutions.

Technical Experience

 Proficiently familiar with various security tools, including Kali Linux, Wireshark, Nmap, Nes-
sus, Splunk, ArcSight, Snort, SAST, and DAST tools like HCL AppScan, Checkmarx, Veracode,
OWASP ZAP, Nessus, PaloAlto Prisma, and CrowdStrike Falcon Platform.
 An expert in implementing AWS SCP (Service Control Policies), AWS WAF, AWS BOT con-
trols, and adept at utilizing cloud health check monitoring tools such as PaloAlto Prisma,
Trend Micro Deep Security, Tenable Nessus, and open-source tools like Prowler.
  Proficient in conducting Manual Pen testing and utilizing various pen testing tools like
NMAP, Metasploit, Nessus, Nikto, and Wireshark.
 Skilled in AWS Amazon Detective, AWS Guard Duty, AWS WAF, AWS Security, AWS Macie,
Network Firewalls, and Firewall Manager.
 Extensive experience in common cybersecurity technologies, including IDS & IPS, Advanced
Anti-malware prevention and analysis, Firewalls, Proxies, and MSS.
 Proficient in Cloud Security Assessments and working with Cloud Audit Security & Compli-
ance tools such as Qualys, Dome9, Tenable, Prisma, and CrowdStrike.
 Competent in Risk assessments, vulnerability assessment, and Audits.
 Experienced in building and reviewing cloud architecture and implementing cloud security
controls.
 In-depth understanding of Public Key Infrastructure (PKI), Symmetric Cryptography, and
their applications in SSL/TLS and SSH for secure access and authorization.
 Successfully participated in AWS official cloud security events like JAM and others.
 Familiar with juniper JUNOS Operating System and CISCO IOS Operating System Architec-
ture, Virtual context for routing, administrative domain separation, and Security Hardening.
 Expertise in security features (VPNs) like IPsec, SSL, Group VPN, and firewall concepts. Profi-
cient in monitoring AWS resource utilization using Amazon CloudWatch.
 Hands-on experience in maintaining Data Integrity and access control while using AWS ap-
plication platform.

Certifications: -

 CISM (Certified information Security Manager)

 ISO/IEC 27001:2013 Lead Auditor.
 ISO/IEC 27001:2013 Lead Implementer
 AWS Certified Security – Specialty from AWS
 AWS DEVOPS professional from AWS.
 AWS SysOps from AWS
 CEH (Certified Ethical Hacker) from EC Council.
 PCI-DSS compliance
 CSM (Agile Certified scrum master) from scrum alliance
 CCNA from Cisco Systems Pvt Ltd.

Key Interfaces:

 CTO, CIO and CISO

 IT Security Operation Teams
 IS, & Data Privacy Teams
 IT Innovation & Architecture teams
 Global Communications teams
 External, Internal & Client Auditors
 Legal and Compliance teams
 Vendor / Supplier Security Teams
Professional Memberships:

 ISACA (Information Systems Audit and Control Association): ISACA is an esteemed interna-
tional professional association focused on IT governance and security. It plays a vital role in
shaping and advancing the field of information technology.
 DSCI (Data Security Council of India): Premier industry body on data protection in India,
DSCI was established by NASSCOM®. It serves as a prominent advocate for data security and
privacy in the country.
 OWASP (Open Web Application Security Project): OWASP is a nonprofit foundation dedi-
cated to enhancing the security of software. Its mission involves working collaboratively to
identify and address web application security challenges.
 Open Stack Foundation: The Open Stack Foundation actively supports global development
and distribution while promoting the adoption of open infrastructure. With an impressive
community of over 105,000 members from 187 countries, it fosters collaboration world-
wide.
 ICS (Irish Computer Society):
Founded in 1967, the Irish Computer Society is a professional organization representing in-
formation and communication technology professionals in Ireland. It plays a significant role
in advancing the ICT industry in the country.

Professional Experience:

 Security Operation Manager at Prudential (November 2022 - Present)

 Enterprise Security Leader at Hitachi Vantara (August 2021 - November 2022)
 Head of Security Operations at Acuity Knowledge Partners (formerly Moody's Analytics sub-
sidiary) (August 2020 - August 2021)
 Enterprise Information Security Architect at Varutra Consulting (October 2019 - July 2020)
 Project Lead at Ericsson through Wipro Technologies (May 2016 - October 2019)
 Technical Lead at CISCO SYSTEMS through HCL Technologies (November 2014 - May 2016)
 Senior Test Engineer at Juniper Networks through Paxterra Software Solutions (June 2012 -
October 2014)
 Lead Engineer at HCL Technologies (August 2007 - February 2012)

Key Projects: -
Working as  Security Operation Manager in Prudential from November 2022 to till date.

Technical Skills: SOC, Threat Modeling, Information security, Cyber Security, Cloud Security Posture
Management, Network Security Cloud Security Assessment, SIEM, Application Security, Secure
SDLC & DevSecOps, Vulnerability Management, Data Leakage Prevention.

Key Roles/ Responsibilities:

  SSO integrations, providing seamless access solutions across diverse applications and systems.
 Implemented and maintained authentication processes using PingFederate and Suite, actively con -
tributing to their integration and ongoing support.
 Successfully managed both SSO integrations and production support, ensuring continuous opera -
tional efficiency.
 Developed and implemented multifactor authentication solutions to enhance overall security mea -
sures.
 Led operations activities, including certificate renewals, production implementations, and rigorous
testing in development environments post Proof of Concepts (POCs).
 Independently addressed complex operational issues, demonstrating a high level of problem-solving
skills.
 Proficiently worked with various protocols such as SAML, Web SSO, WSFED, WSTS, and OAuth, en-
suring secure data transmission and access.
 Collaborated with cross-functional teams and stakeholders to ensure effective communication and
integration of security measures.
 Performed internal and external pen testing, fine-tuning application security posture before deploy -
ment in production and release environments.
 Configured log generation and collection from diverse products, covering servers, network devices,
security devices, databases, and applications.
 Actively participated in enterprise working groups, providing comprehensive solutions for Cyber Se -
curity issues, including threat identification and security assessment based on NIST Cyber Security
Risk Management program.
 Utilized Splunk to onboard applications for logging capabilities in the SOC team.
 Analyzed vulnerability scan results and recommended appropriate fixes to stakeholders.
 Collaborated with engineering teams, developers, and IT security compliance teams to drive project
success.

Worked as Security Engineering Leader in Hitachi Vantara from August 2021 to November 2022.

Technical Skills: Cloud Security , Cloud Security Posture Management ,DevSecOps, SAST, DAST,
IAST, decency check. Deploying hybrid cloud solutions for IaaS, SaaS, and PaaS. Leveraging
Docker /Kubernetes containers and Micro - Services for application rework and migrations.
Incorporating Encryption and credentials management and rotations method using Secrets Key
management encryption services

Key Roles/ Responsibilities:

 Established PAM program metrics and evaluation methods, regularly assessing program
strengths and identifying areas for improvement. Provided timely reporting of program status
throughout its lifecycle.
 Prepared and presented detailed reports for program sponsors and leadership, ensuring they
were well-informed and able to make strategic decisions based on accurate information..
 Aligned PAM program goals with the mission and objectives of the IAM organization, ensuring a
cohesive and integrated approach to privileged access management.
  Formulated, organized, and monitored inter-connected projects and workstreams, making
informed decisions and delivering on suitable short-term and long-term strategic objectives.
 Managed program issues, risks, changes, and resources, employing effective strategies to
ensure project goals were achieved within established timelines and budgets.
 Delivered comprehensive issues and risks tracking, resolution documentation, decision logs,
communication plans, and other program documentation to maintain transparency and
facilitate effective communication.
 Prepared and reviewed Multi-Cloud Governance Security Policies & Procedure documents for
AWS, GCP & AZURE. Established a robust framework for Cloud Application architecture review
and devised a comprehensive review checklist to enhance product security controls before
deployment to Prod and live environments.
 Conducted both internal and external pen testing using Manual & Automated tools, ensuring
our products are free from vulnerabilities before being deployed to PROD and release
environments.
 Successfully implemented Cloud Security Assessments and utilized Cloud Audit Security &
Compliance tools such as Qualys, Dome9, Tenable, Prisma, SAST, DAST, SCA tools to monitor
and analyze critical vulnerabilities in Source code, infrastructure, and custom-built images.
 Implemented hardened container-based deployments adhering to CIS and OWASP benchmarks.
 Integrated Code Quality Analysis Techniques like Find Bugs and PMD with CI tools for improved
code quality analysis.
 Designed and implemented scalable SaaS-based digital web applications utilizing GCP compute,
storage, IAM, Kubernetes, VPC, and Network security.
 Configured and maintained GCP security system rules for effective traffic management within
VMs based on specified configurations.
 Collaborated closely with Development, Operations teams, and project management to
establish efficient build and Deploy jobs across multiple environments.
 Designed SIEM monitoring, Security controls, and intrusion detection using Guard Duty,
Inspector, VPC flow log, Cloud Watch, and Cloud Trail to ensure robust user login monitoring.
 Developed road maps and remediation plans following NIST, CIS-20, PCI, HIPAA, OWASP Top-
10, and SANS Top-25 guidelines.

Worked as Head of the Security Operations in Acuity knowledge partners formerly part of Moody’s
analytics subsidiary from August 2020 to August 2021.

Technical Skills: SOC, Threat Modeling, Information security, Cyber Security, SIEM, Network
Security Cloud Security Assessment, SIEM, Application Security, Secure SDLC & DevSecOps,
Vulnerability Management, Data Leakage Prevention.

Key Roles/ Responsibilities:

 Led platform engineering and infrastructure initiatives, playing a pivotal role in the company's
digital transformation and cloud migration strategy.
 Collaborated closely with Data and Security Architects to design and implement infrastructure
and system solutions, ensuring they met the highest security and performance standards.
  Designed end-to-end data solutions, incorporating hybrid cloud architecture on AWS, for opti-
mized data processing, storage, and analytics.
 Enforced Data Governance best practices and established Data Lakes, ensuring data security
and compliance with regulatory standards.
 Implemented robust Data Security measures, including encryption and tokenization, to protect
sensitive data across the organization.
 Demonstrated strong familiarity with Enterprise Architecture and Application Integration re-
quirements, ensuring seamless operation of diverse systems.
 Engineered scalable applications that handled increasing workloads, contributing to improved
performance and efficiency.
 Proficiently handled user Authentication and Authorization, bolstering data security and ensur-
ing only authorized access.
 Deployed Data Security tools to monitor and protect data assets, ensuring proactive threat de-
tection and incident response.
 Effectively communicated with cross-functional teams, stakeholders, and executives, translating
complex technical concepts into actionable strategies and recommendations.
 Actively participated in regular knowledge sharing sessions, staying updated on emerging tech-
nologies and industry best practices.
 Implemented Cloud Security Assessments and leveraged Cloud Audit Security & Compliance
tools (Qualys, Dome9, Tenable, Prisma, SAST, DAST, SCA) to monitor and analyze critical vulner-
abilities in Source code, infrastructure, and custom-built images.
 Conducted Vulnerability Assessments and Penetration Testing for multiple clients in the West-
ern New York region to assess organization security.
 Formulated road maps and remediation plans aligned with NIST, CIS-20, PCI, HIPAA, OWASP
Top-10, and SANS Top-25 guidelines.
 Integrated IDS/IPS, network devices, and firewalls with SIEM, efficiently analyzing logs to filter
out false positives and optimize IDS/IPS rule sets.
 Configured and tested log generation and collection from diverse products, covering servers,
network devices, security devices, databases, and applications.
 Managed IAM accounts (with MFA) and IAM policies to meet security audit & compliance re -
quirements effectively.

Worked as Enterprise Information security architect in Varutra consulting Hyderabad from October
2019 to July 2020.

Client -
Project : Cloud Information Infrastructure
Designation : Information Security Architect
Duration : October 2019 to July 2020
Technical Skills : SOC, Information security, Network security ,Cyber Security, SIEM, Network
Security Cloud Security Assessment ,SIEM, Network Security, Cloud Security Audit, Vulnerability
Management, Data Leakage Prevention
Key Roles/ Responsibilities:
 Oversaw the Security Operations Center (SOC) and led engineering efforts for SIEM, Network
Security, Vulnerability Management, Data Leakage Prevention, and user behavior analytics ser-
vices.
 Collaborated closely with other divisions within the bank, such as Security Architecture, to align
security and risk advice effectively.
 Conducted various audits, including ISMS audit, PCI DSS compliance audit, RBI PSS regulatory
audit, SOC2 audit, Internal audit, and client audits.
 Integrated IDS/IPS, network devices, and firewalls with SIEM, meticulously analyzing logs to
eliminate false positives and enhance IDS/IPS rule sets.
 Streamlined monitoring and reporting activities through effective automation using scripts.
 Developed alerts and reports based on business requirements and implemented Threat model-
ing with specific security control requirements.
 Monitored and identified suspicious security events using the ESM console and initiated appro-
priate actions by raising tickets in the SOC portal.
 Conducted in-depth investigations to identify potential security breaches, raised security inci-
dent alerts, and performed technical and management escalations as necessary.
 Provided strategic security recommendations based on real-time threats.
 Evaluated IAM architecture and assisted in the implementation of Role-Based Access Control
(RBAC) and Multi-Factor Authentication (MFA).
 Effectively managed IAM accounts (with MFA) and IAM policies to ensure compliance with se-
curity audit and compliance requirements.

Worked as Project Lead with Ericsson from Wipro technologies. Hyderabad from May 2016 to July
2019.

Client -
Project : Data center Security Operations
Designation : Project Lead
Duration : July 2016 to Nov 2018

Technical Skills : DevOps, AWS, IAAS, PaaS, Ansible, Cloud Architect, docker, RHEL, CentOS,
Continuous integration continuous delivery ,GITHUB, Kubernetes, Jenkins, Monitoring :Nagios,
Splunk.

Key Roles/ Responsibilities:

 Developed essential Information Security, Risk, and Compliance reporting metrics to ensure
effective management and understanding of progress by leadership.
 Conducted both internal and external pen testing using Manual & Automated tools, ensuring
 products are free from vulnerabilities before deployment to PROD and release environments.
 Configured log generation and collection from a diverse range of products, including servers,
network devices, security devices, databases, and applications.
 Actively participated in various enterprise working groups, offering comprehensive
implementation, oversight, and mitigation solutions for Cyber Security issues, including threat
identification and security assessment, as part of the NIST-based Cyber Security Risk
Management program.
 Provided Nessus Vulnerability Scan results to team leads, facilitating the resolution of Cyber
Security issues.
 Conducted confirmatory Cyber Security Vulnerability assessment re-scans using Splunk.
 Delivered Cyber Security Awareness and Training sessions for end users and management in
collaboration with the SOC Team.
 Collaborated with engineering teams, developers, and IT Security compliance team to drive
project success.
 Attended security governance meetings and collaborated with senior security experts to fine-
tune existing global security policies.
 Devised strategies to address advanced global security threats and establish recovery
mechanisms.
 Implemented security setups in public, private, hybrid cloud environments, and custom agents,
while driving solutions for continuous Integration with DevOps.

Worked as Technical Lead with CISCO Systems from October 2014 to May 2016.

Client :
Project : Cisco NCS-5500 platform
Role : Technical Lead
Duration : Oct 2014 to May 2016

Key Responsibilities:

As a technical lead, I contributed to multiple system-testing projects at Cisco Systems. My focus was on
validating various Layer 2 and Layer 3 security features, such as MACSEC and IPSEC, on Cisco NCS and
ASR platforms. Additionally, I conducted simulations of KVM-based virtual machines and VMware-
based virtual machines, including email security appliance (ESA) and web security appliance (WSA),
thoroughly testing their functionalities.

Below are key responsibilities.

 Implemented agile/scrum methodologies, resulting in significant team efficiency im-

provements, reduced defects, and accelerated and more frequent releases. This trans-
formation positively influenced the business perception of IT.
  Successfully executed continuous integration, delivery, and deployment practices, ac-
tively contributing to project success and seamless technology implementation.
 Managed project and resource allocation, establishing structured processes for precise
project progress tracking. Presented regular update reports to senior leadership teams.
 Meticulously filed problem reports, analyzing failures to identify actual feature issues.
Actively provided support to team members, offering training, technology guidance, and
process expertise.

Worked as senior software engineer in Juniper Networks Bangalore- June 2012 to October 2014

Client :
Project : SPARKS (IPsec VPN Validation on Juniper MX, SRX platforms)
Role : Senior software Engineer
Duration : June 2012 to Oct 2014.

As an individual contributor, I actively participated in multiple system-testing projects at Juniper Net-

works. I played a key role in validating various Layer 2 and Layer 3 security features, including global se-
curity policies and different zones like TRUST, UNTRUST, DMZ. I also validated IPSEC, IDP, IPS, and
Group VPN on Juniper MX routers, such as MX80, MX240, MX480, MX960, and SRX-100h, SRX-210,
SRX-240, SRX-650, SRX-1k, and SRX-3k series gateways.

Key Responsibilities:

• In my day-to-day role, I am responsible for comprehending function specifications,

conducting thorough research, and transforming them into well-defined test plans. Ad-
ditionally, I develop automation suites and produce clear and understandable test re-
ports.
• By understanding functional specifications and conducting research, I create compre-
hensive test plans that align with project requirements.
• I take charge of building automation suites and presenting test reports in a format that
is easily comprehensible and actionable.
• Collaborating with various teams, including PM, Dev, and QA, I ensure that the granu -
lar details of use cases are finely tuned, and I seek clarifications on any ambiguous use
cases.
• I set up and configure initial LAB environments and test beds to facilitate smooth test -
ing processes.
• Performing manual validation of test case features, I diligently report any identified is-
sues.
 • I efficiently replicate critical bugs encountered at customer sites to expedite resolu-
tion.
• When a genuine feature problem arises, I promptly file problem reports after analyz-
ing the failures.
• I skillfully build test setups and topologies for integrating new scripts and ensuring
seamless testing.
• Supporting my team members, I helped in training, technology, and process-related
matters.
Academia:

 Master of Computer Science (M.Sc.) from Osmania University– [May2007].

 Bachelor of Education (B.Ed.) from Osmania University– [April 2005].
 Bachelor of Computer Science (B.Sc.) from Osmania University– [April 2003].
 Intermediate (I.P.E) from Board of Intermediate– [March 1999].
 Secondary School Certificate (S.S.C) from Board of Secondary Education– [March 1997].