Summary
Overview
Work History
Education
Skills
Certification
Awards/Recognition
Tools
Timeline
Generic

Yogesh Kadam

IT Security Professional
Mumbai

Summary

A judicious professional with 11+ years of experience in various fields of Information Security. Currently associated with WTW, Mumbai as Lead Associate. My experience includes Threat Modeling, SSDLC, SAST, DAST, Assessor, Penetration Testing, Vulnerability Assessments and recommendations, Risk and Controls, preparing technical security documentation. An effective leader with honed communication, interpersonal, relationship management, analytical and problem-solving skills.

Overview

12
12
years of professional experience
6
6
Certifications
3
3
Languages

Work History

Lead Associate

WTW
01.2022 - Current
  • Successfully led and managed end-to-end third-party annual Web and Infra Pen Testing projects, demonstrating expertise in orchestrating assessments to identify and address security vulnerabilities.
  • Performed threat modeling to analyze and assess potential security threats, ensuring proactive approach to identifying and mitigating risks in diverse environments.
  • Conducted thorough Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) to evaluate the security robustness of applications, systems, and infra components.
  • Developed and implemented Secure Software Development Life Cycle (SSDLC).
  • Engaged in contract reviews, providing specialized expertise in the realm of application security.
  • Demonstrate proficiency in translating technical concepts into accessible language for diverse stakeholders. Deliver expert insights on application security, contributing to informed decision-making and ensuring the implementation of robust security measures.
  • Reviews of security exceptions submitted by various business units. Assess each exception based on the compensatory controls, and mitigation plans.
  • Leading and conducting Information & Cyber Security awareness sessions.
  • Work on client engagement which includes security questionnaires, RFPs, Contracts.
  • Create and manage security training for application team on annual basis.
  • Provide consulting and support for other line of business in the organization.
  • Maintain and update new entries of client response database.
  • Interact with management on current and improvement in the process.
  • Attend client security review call and resolve their doubts and queries.
  • Create and constantly update security overview and whitepaper for applications under assigned line of business.

Senior Consultant S2

ControlCase LLC
04.2020 - 01.2022
  • Ensure compliance with hardening standards, access controls and security related configuration settings.
  • Performed Assessments of Banks, Payment Gateway, Service Providers, Backoffice, BPO.
  • Performed PCI DSS assessment, Audit of clients in Vietnam, Philippines, Indonesia, Singapore, Kuwait, Bahrain, Jordan, Sri Lanka. Provided mitigation support to clients on gap identified in various standards (PCI DSS, ISO 27001).
  • End to end responsibility of PCI DSS Certification. Information security risk assessment or risk management
  • Conduct and document Information Security Application and System risk assessments using the global standards.
  • Work closely with the business and operations teams to identify risk in different processes and provide assistance in closure of the same. Conduct information security audits as per information security standards.
  • Assisting customer for mitigation of the gaps.
  • Review or interview personnel to establish security risks and complications.
  • Execute and properly document the audit process on a variety of computing environments and computer applications.
  • Develop rigorous “best practice” recommendations to improve security on all levels.
  • Work with management to ensure security recommendations comply with company procedure.
  • Handle multiple regions clients such as USA, APAC.
  • Effectively delivered the PCI DSS certification, penetration testing, vulnerability assessment, firewall ruleset review, application penetration testing activities on time.

Senior Consultant S2

ControlCase
10.2019 - 04.2020
  • Help make improvements and give recommendations for IT Security and PCI DSS Audit.
  • Lead meetings to deliver PCI DSS and status reports to business compliance leads, IT and management.
  • Work alongside the security risk assessment programme to identify and document any risks that are discovered.
  • Drafts clear and meaningful findings, assessment reports, presentations, and other materials for presentation to management.
  • Assist in providing compliance training to IT and auditstaff.
  • Report status to senior management and executive management
  • Interface with clients to review and analyze complex systems (Applications, operating systems, databases, and Networking devices), to identify risks and vulnerabilities within the client environments.
  • Analyze sensitive data flows (business and application data flows) and accordingly identify the risks to sensitive data.
  • Engage in advisory work to provide value-added feedback to assist management in improving their operations.
  • Perform security testing on different activities as Application Security Testing, Mobile Application Security Testing, Payment Gateway Security Testing, Internal Network Vulnerability Assessment (INVA), Internal Network Penetration Testing (INPT), External Network Penetration Testing (ENPT), Firewall Rules Review, Approved Scanning Vendor (ASV) Security Testing, Segmentation Penetration Testing (SPT), Credit Card Data Discovery (CDD).
  • Experience as an Information Security Analyst involved in OWASP Top 10 based Vulnerability.
  • Assessment of various internet facing point of sale web applications and Web services.
  • International client call handling for Evidence reviews, achieving compliance on set goal.
  • Manage, review, examine and monitor artifacts and evidence provided in support of compliance.
  • Create/maintain team staffing and scheduling to include time tracking and capacity planning.

Senior Consultant TS1

ControlCase LLC
04.2017 - 09.2019
  • Conducted systematic security assessments. The assessments involve manual testing and analysis as well as the use of automated web application vulnerability scanning/testing tools.
  • Testing on various types of Payment gateways and testing according to the test plans.
  • Black box penetration testing on internet and intranet facingapplications.
  • Experience in different web application security testing tools like Burp Suite, Netsparker, Nexpose, Nessus, SQLmap, OWASP ZAP Proxy, Acunetix and Metasploit.
  • Responsible for Vulnerability Assessment and Security Testing.
  • Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and prioritizing them based on the criticality.
  • Execute and craft different payloads to attack the system to execute XSS and different attacks.
  • Good experience in static application security testing, dynamic application security testing and manual penetration testing of applications.
  • Providing details of the issues identified and the remediation plan to the banking clients.
  • Participate in Security Assessments of networks, systems and applications
  • Actively involved and participated in various training/sessions on Info security topics.

Senior Consultant

ControlCase
04.2016 - 03.2017
  • Burp suite to identify issues like sql injection, XSS, CSRF, Qualys etc.
  • Train the development team on explaining the security vulnerabilities in the form of security awareness sessions by explaining the security requirements prior to development.
  • Understanding of network protocols coupled with experience with web proxies, web application firewalls, and vulnerability assessment tools.
  • Experience with creating systems and applications security test plans and performing hands–on security testing.
  • Provide remediation steps to the client and follow up.
  • Retest the fixed issues and ensure theclosure.
  • Having day to day contact with the clients; responsible for keeping the client informed of the progress of the testing and any issues that arise.
  • Provide the report and explain the issues to the client team.

Executive Security Testing

ControlCase LLC
12.2013 - 03.2016
  • Automated Scan of 4 different projects on a weekly basis using Burp Suite to ensure the changes does not reflect any new vulnerability.
  • Manual Security testing of the applications and APIs to identify the OWASP Top 10 vulnerabilities.
  • Conduct vulnerability assessment and penetration testing and configuration review for web applications, mobile applications.
  • Good knowledge of TCP/IP and other application and network level protocols.
  • Knowledge of industry standard scoring models such as CVSS,CCSS
  • Responsible for identifying and classifying cyber security vulnerabilities and working on mitigation plans with clients and provide remediation solutions of vulnerabilities.
  • Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions for standards such as PCI, ISO 27001.

Support Agent L1

ControlCase
06.2012 - 12.2013
  • Assisted customers with more difficult technical issues requiring a greater level of personalized care and in greater length.
  • Escalated support desk tickets to Level 2 in the most crucial circumstances and after considerable time had been spent on a single ticket.
  • Onboarded and trained all incoming junior tech support specialists.
  • Identity and access management for all existing and new joinee.
  • Providing daily assistance for PC builds and software support

Education

Bachelor of Science - Information Technology

Mumbai University
Mumbai
04.2001 -

Skills

Effective Communication

undefined

Certification

ISO 27001:2013 LA - Certified

Awards/Recognition

Received "Certificate of Appreciation" award from ControlCase LLC for PCI ASV Requalification exam

Tools

Burp Suite, Appknox, SQL Map, Ettercap, NMAP, Metasploit Framework, Nessus, Qualys, IBM AppScan, Acunetix, Mobsf, SoapUI, Echo Mirage, Postman, Apktool, Tenable.io, Kali Linux framework, Loopio, Sirion Labs Comet Tool, Invicti, Snyk, Checkmarx, Microsoft Threat Modeling, Irusrisk

Timeline

Lead Associate

WTW
01.2022 - Current

Senior Consultant S2

ControlCase LLC
04.2020 - 01.2022

Senior Consultant S2

ControlCase
10.2019 - 04.2020

Senior Consultant TS1

ControlCase LLC
04.2017 - 09.2019

Senior Consultant

ControlCase
04.2016 - 03.2017

Executive Security Testing

ControlCase LLC
12.2013 - 03.2016

Support Agent L1

ControlCase
06.2012 - 12.2013

Bachelor of Science - Information Technology

Mumbai University
04.2001 -

Similar Profiles

  • Kelly Rhodes

    Kelly RhodesKelly Rhodes

    Client Success Manager at WTWClient Success Manager at WTW

    View Profile
  • Charles (Chuck) Walker

    Charles (Chuck) WalkerCharles (Chuck) Walker

    NA Regional Head of Billing to Cash (B2C) at WTWNA Regional Head of Billing to Cash (B2C) at WTW

    View Profile
  • YING YING FOO

    YING YING FOOYING YING FOO

    Assistant Manager - Placement Team at WTWAssistant Manager - Placement Team at WTW

    View Profile
Yogesh KadamIT Security Professional