Sahil Dev Pal

• Collaborated with CSC head to implement Threat Intelligence platform and align it with ISO 27001 controls.
• Spearheaded research on the OSNIT platform to shortlist tools for threat intelligence analysis.
• Collaborated with VAPT team member to understand different TTP's used by him to conduct VAPT exercise.
• Implemented Self hosted OSNIT (Open-CTI) and MISP to pull threat feeds and analyse IOC and IOA.
• NOTE: I had changed my domain from VAPT and GRC to threat intelligence after having a brief discussion with MCA and client.

However, within a month of joining the firm I was forcibly asked to put papers by threatening to blacklist me.

• Designed and implemented governance frameworks to support strategic objectives and regulatory compliance.
• Provided training and guidance to employees on compliance best practices, Importance of OWASP top 10, and phishing as well as social engineering exercises in adherence by 50 percent.
• Implemented end to end internal audit process for S-SDLC process. Additionally, provided support in building policies around S-SDLC to ensure governance and compliance is maintained.
• Collaborated with C-suite executives and the board to provide insights and recommendations on risk exposure and mitigation.

• Performed comprehensive internal audits for cloud entitlement services to assess the governance posture and operational readiness while ensuring that the entitlements are properly approved, tracked and monitored.
• Perform audit scoping, planning, fieldwork and wrap-up of engagements that defines, executes and manages Information Technology audits to assist in completion of the annual audit plan.
• Delivered actionable recommendations to enhance platform security, maintain compliance, and support the organization's commitment to robust and secure development lifecycles.
• Review the controls implemented for policy lifecycle management to ensure governance structure is adhered to.
• Reviewed and implemented controls in alignment with NIST standards, ensuring seamless integration with policy lifecycle management processes.
• Mapped controls to NIST frameworks to strengthen governance structures, enhance compliance, and support the organization's commitment to robust cybersecurity practices.
• Conducted InfoSec readiness assessments for IT Audit Hub India and coordinated with Data Intelligence for related documentation and compliance.
• Assessed compliance with regulatory requirements, industry standards, and organizational policies related to information security governance.
• Championing the integration of best practices and robust design principles throughout the Secure Software Development Lifecycle (SDLC), ensuring the delivery of secure, resilient, and high-quality software solutions aligned with industry standards and organizational goals.
• Drive Cyber Design Review for Cloud Services and S-SDLC to ensure controls are efficient and effective and cannot be overridden.
• Provided comprehensive support to BU to manage and track security findings and to initiate control adoption mechanisms for SAST and DAST tools.
• Strategically managed end-to-end audit processes, delivering actionable insights to strengthen governance structures, mitigate risks, and enhance enterprise-wide compliance readiness.
• Successfully spearheaded audit initiatives to ensure organizational compliance with critical regulatory frameworks, including ITGC, SOX, and SOC2 Type 2.
• Conducted threat intelligence analysis, gathering insights to initiate the internal audits for internal platforms and S-SDLC process to inform threat modelling efforts and secure system design.
• Leveraged threat intelligence platforms (e.g., ThreatConnect, Anomali) to monitor threat actors, analyze attack vectors, and refine threat models in alignment with current threat landscapes.

• Overseeing end-to-end security assessments while leading and managing a high-performing team of 10 to 15 members to ensure seamless delivery of strategic cybersecurity initiatives.
• Driving excellence in execution, aligning deliverables with organizational goals, and fostering a culture of collaboration and technical precision.
• Training and managing highly skilled penetration testers and cyber security professionals to enhance capability building in terms of latest technologies.
• Performed security assessments and exfiltrated critical user data on the mobile applications for leading banks in India.
• Developed security architectures that are resilient scalable and ensure protection of critical data assets, users and systems.

• Successfully exploited critical reporting application to exfiltrate critical user data identifying external threat areas and drafting mitigation strategies to manage risk exposure of the firm.
• Ensuring end to end delivery for all my clients in Black and Grey box pen-testing, red and purple teaming, Cyber Security Maturity Assessments, Preparation, Implementation and governance of ISMS and many strategic and tactical problem solving.
• Directed a skilled team in executing sophisticated social engineering campaigns to simulate real-world attack scenarios, identify human vulnerabilities, and provide actionable insights to strengthen organizational defense mechanisms and security awareness programs.
• Performed infrastructure security assessment for on prem and cloud assets along with an action plan to mitigate the vulnerabilities.
• Conducted comprehensive OT security configuration and network architecture audits for global clients, identifying critical vulnerabilities and providing strategic recommendations to enhance security posture, optimize infrastructure resilience, and ensure compliance with industry standards.
• Managed ongoing Vulnerability Risk assessment, determined appropriate controls for Risk mitigation.

• Collaborated with business leaders to determine security needs and integrate security measures into business operations.
• Delivered a detailed vulnerability assessment report, outlining critical security gaps and providing a robust action plan to mitigate identified vulnerabilities.
• Led the VAPT process for a leading financial institution, driving actionable insights to enhance their cybersecurity defenses and ensure compliance with industry best practices.
• Delivered critical insights and metrics to enhance security training programs, fostering a stronger organizational defense against social engineering threats.
• Collaborated with a leading global insurance firm to design and execute a comprehensive social engineering exercise, strategically identifying key vulnerabilities in employee awareness and behavior.
• Demonstrated experience in designing and implementing security policies and procedures.
• Conducted OS / network configuration review activities and enterprise architecture review for leading organizations in India.
• Led in-depth network and cloud architecture reviews for leading organizations across diverse sectors, identifying optimization opportunities and security gaps and provided strategic recommendations to enhance infrastructure resilience, ensure compliance, and align architecture with industry best practices and organizational goals.
• Contributed as a key team member in executing both external and internal simulation exercises for a leading bank across Kuwait and India, assessing vulnerabilities and refining response strategies to strengthen the bank's overall security posture and resilience against evolving cyber threats as per MITRE attack framework.
• Managing key application security programs - including Container Security implementation And leading projects to drive the assessment, operationalization and adoption of new technologies, platforms, tools, and frameworks.
• Drive security initiatives such as developing security requirements, threat modelling, strengthening application security, vulnerability reduction, etc., across that product areas.

• Drafted secure configuration documents (MBSS documents) for various network devices and operating systems.
• Provided comprehensive report on vulnerabilities assessment and provided action plan to mitigate the identified vulnerabilities and VAPT process.
• Create and maintain KPIs and KRIs for Information Security and business continuity & compliance activities.
• Stay at the forefront of cyber threats and vulnerabilities, anticipating potential risks and driving proactive measures and updates to our strategy to safeguard the organization.
• Examine, evaluate, and verify policies, procedures, and internal controls around information systems and networks and map the according to ISO 27001 framework.

• Security and Risk Assessment for EKYC's, DBS, Aadhar and critical enterprise applications against OWASP standards.
• Successfully exploited critical reporting applications to exfiltrate critical user data, identifying external threat areas and drafting mitigation strategies to manage risk exposure of the firm to external and internal threat agents.
• Application security testing against mobile applications using E'KYC APIs to discover bugs leading to potential transactional frauds.
• Provided comprehensive report on Lead infrastructure security testing on enterprise network and action plan to mitigate the identified vulnerabilities and VAPT process.