10+ years of overall IT experience out of which 8+ years is in IT Governance, Risk and
Compliance, Information Security solution Design, Develop, Deploy, Systems Audit, advisory
and consultancy to large clients across globe
Experience of working Vulnerability Assessment, Penetration Testing (VA/PT), IT Risk
Assessment, Business impact analysis (BIA) and Regulatory Compliance activities.
Experience in to Design, Develop, Implement, Review and Fine-tune, Information
Security/ BCM (BCP/DR) Solutions, Policies, Controls, Standards, Procedures and
Organizational Information Security Posture
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Resume of Naresh Raghupatruni
1. Page 1 of 1
NARESHKUMAR RAGHUPATRUNI
+91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni
nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA
Experience Summary
10+ years of overall IT experience out of which 8+ years is in IT Governance, Risk and
Compliance, Information Security solution Design, Develop, Deploy, Systems Audit, Cyber
Security, advisory and consultancy to large clients across globe
Experience of working Vulnerability Assessment, Penetration Testing (VA/PT), IT Risk
Assessment, Business impact analysis (BIA) and Regulatory Compliance activities.
Experience in to Design, Develop, Implement, Review and Fine-tune, Information Security/
BCM (BCP/DR) Solutions, Policies, Controls, Standards, Procedures and Organizational
Information Security Posture
Skills Summary
Industry
Automobile & Manufacturing, Health-Care & Pharmaceuticals,
Semiconductor, Retail, Oil Refinery, Energy, Government (India) and
Media
Programming
Languages
Knowledge on Python, Java
Operating System /
DB/ERP Version
Windows, Linux, Knowledge on DB- RDBMS and SAP
Technical
Perform Vulnerability Assessment (On-demand and
scheduled)& Penetration Testing
Perform Information Security Risk Assessments
Perform Information Security gap analysis
Conduct business impact analysis (BIA)
Identify key risk areas (i.e. vulnerabilities with associated risks
and security gaps)
Review regulatory compliance requirements
Perform systems audits & Checklist Preparation
Perform Vendor Risk Assessments
Identify the control requirement
Develop information security metrics
Functional
Establish and oversee information security posture of the
organization which includes policies, procedures, standards and
guidelines.
Presenting and communicating the overall information security
posture and metrics to steering committee
Perform Information Security assessments throughout the
organization periodically
Implementing & Maintaining ISMS (as per ISO 27001:2013)
Design and review information security solution related to IT
GRC (Governance, Risk and Compliance)
Developing, Reviewing and Updating the security policies,
2. Page 2 of 2
NARESHKUMAR RAGHUPATRUNI
+91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni
nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA
processes, procedures including IT BCM (BCP/DR)
Design, Develop and Reviewing Cyber Security Solutions
Ability to learn and understand the Organizations information
security assessment controls
Design, develop, test, fine-tune and implement information
security controls
Conducting Information Security Awareness Trainings to All
Levels of Employees
Engage with pre-sales team to provide information security
GRC solutions as customer requirements.
Information Security
Regulatory and
Compliance
Framework/IT
Governance, Risk
and Compliance (G
RC) Applications and
Vulnerability
Management,
Penetration Testing
and Cyber Security
Solutions
Information Security Framework
ISO 27001:2013 ISMS, ISO 31000 (Information Risk) and ISO 22301 BCP,
CoBIT, CIS Security Bench Marks, COSO ERM.
Information Security Regulatory and Compliance
SOX 302 & 404, PCIDSS, HIPAA.
IT GRC Applications
R-SAM (user level), Archer (user level) & Open pages (user level).
VA/PT Tools
QualysGuard, Tenable security center (Nessus), HP Web Inspect,
Accountix, Zenmap, Angry IP Scanner, eEye Retina, McAfee
Vulnerability Manager, AppScan, Core Impact, Critical Watch Fusion VM
and Kali Linux.
Cyber Security
SIEM, Net-flow Analyzer, Real-time Packet Inspection, IPS, VA, Web and
Email Security, Anti-Virus, Database Security, Threat Intelligence and
Cyber forensics
Document Version
Control
Borland StarTeam
Virtualization &
Cloud
Knowledge on Private, Public and Hybrid cloud model, Virtualization
and Cloud Security
Professional Certifications/ Trainings
Certifications
ISO 27001:2013 IRCA Lead Auditor – ISMS (Information Security Management System)
ITIL v3 Foundation
QualysGuard vulnerability and compliance management
Trainings attended
Certified Information Systems Security Professional (C.I.S.S.P)
Certified Information Systems Auditor (C.I.S.A)
Certified in Risk and Information Systems Control (CRISC)
Ethical hacking, Penetration Testing and Cyber Forensics
3. Page 3 of 3
NARESHKUMAR RAGHUPATRUNI
+91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni
nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA
Work Experience
Project 1
Project Name
Central Board Of Direct Taxes (CBDT),
Gov. of India
Team Size 3
Start Date November 2015 End Date
December
2015
Project
Description
Project Insight is to “Develop a comprehensive platform for effective
utilization of information to promote voluntary compliance, deter
noncompliance, to impart confidence that all eligible persons pay
appropriate tax and to promote fair and judicious tax administration.”
Build and host the Project Insight application and related software
components on the server infrastructure at the facility of existing CBDT
Data Centre at New Delhi, India. The DC shall comply with at least Tier-III
standards and TIA-942 norms and it includes the various projects
components certified for ISO 27001, ISO 20000 and ISO 22301
Role &
Contribution
Define the scope of ISMS according to ISO 27001:2013
Identify ISO 27001:2013 control objectives
Identify ISO 27001:2013 controls
Designed the ISMS implementation according to ISO 27001:2013
Tools ISO 27001:2013 framework
Project 2
Project Name
False Positive Removal Service - Chevron
EAST US
Team Size
2
Start Date December 2015 End Date January 2016
Project
Description
Chevron EAST required to develop a process for eliminate/remove false-
positives during vulnerability scanning.
Role &
Contribution
Understand the client requirement
Identify the requirements for eliminate/remove false-positives
Design the process for false-positive removal
Tools BeyondTrust Retina, HP WebInspect
Key Achievements Successfully designed process for eliminate false positives and handover to
Chevron.
Project 3
Project Name NESA Compliance – Bunduq UAE Team Size 3
4. Page 4 of 4
NARESHKUMAR RAGHUPATRUNI
+91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni
nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA
Start Date February 2016 End Date March 2016
Project
Description
The overall objective of this project which includes the IT/OT
environments to have consultancy to:
• Implement NESA IAS (Information Assurance Standard) controls for
IT/OT.
• To mitigate the risks identified during an earlier NCRMF compliant risk
assessment exercise.
Role &
Contribution
Understand the client requirement
Understand NESA compliance Entity level, Sector level and National
level
Identify the requirements according to NESA compliance
Design the audit process for NESA compliance standard
Tools NESA, ISO 27001:2013 and NIST
Key Achievements Successfully designed NESA compliance process.
Project 4
Project Name
Vulnerability Management Solution POC
- L&T Infotech IMS Internal
Team Size
3
Start Date November 2015 End Date March 2016
Project
Description
The overall objective of this project which includes build vulnerability
management POC with SAAS model. This new vulnerability management
services add to the IMS portfolio.
Role &
Contribution
Understand the requirement
Select QualysGuard as a SAAS vendor for vulnerability management
Build the entire POC in SCALE lab using temporary license given by
vendor.
Designed documents for vulnerability management services, POC, User
guide and cost model
Tools QualysGuard
Key Achievements Successfully completed POC
Project 5
Project Name Cyber Security Solutions for Media
Client
Team Size 7
Start Date May 2016 End Date Till Date
Project
Description
The overall objective of this project which includes Design, Deploy and
management Cyber Security Solutions for media client.
Design new operational process according to ITIL standards
5. Page 5 of 5
NARESHKUMAR RAGHUPATRUNI
+91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni
nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA
The entire process segregated in to four phases (which includes Level 1,
Level 2, Level 3 and SME (Design, POC (Proof of Concept) Deploy Solution
and Reviews
Finally overall auditing which includes (Information Security and Quality)
Role &
Contribution
Taking overall responsibility for this project
Understand project requirements
Interact with client on regular basis
Understand the functional and technical features of the various cyber
security tools/application in the client environment
Currently Designing L1 phase
Tools Standard ITIL and ISMS templates
Key Achievements Successfully submitted draft version of Level 1 process to client
Other Experience
Title Xerox Business Services – Information Security Principal (Team Lead)
Start Date October 2013 End Date October 2015
Role &
Contribution
Project: Information Security Risk and Compliance – Xerox services and
Xerox Technology
Responsible for leading information security, vulnerability, Risk and
compliance implementation and adversary service for various clients.
Conduct risk assessments, vulnerability assessments and threat
analyses periodically and consistently to identify risk to organization's
information. Determine appropriate risk treatment options to manage
risk to acceptable levels.
Evaluate information security controls to determine whether they are
appropriate and effectively mitigate risk to an acceptable level
Report non compliances and other changes in information risk to
appropriate management to assist in the risk management decision-
making process.
Designing operational documents and process guides
Conduct client reviews and analyze security vulnerability data to
identify applicability and false positives.
Audit information security controls as per company and client
requirements
Research and develop testing tools, techniques, and process
documents
Conduct penetration testing according to client requirement.
Mentoring team to build their skills and contribution levels
Writing a technical report, this includes suggested resolution for
identified problem areas, and performing operational risk assessments
6. Page 6 of 6
NARESHKUMAR RAGHUPATRUNI
+91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni
nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA
Other Experience
Title
Hewlett-Packard Global Soft Ltd. – Technology Consultant (Information
Security)
Start Date January 2011 End Date October 2013
Role &
Contribution
Project 1: Information security, Risk and compliance Management GRC –
Retail Client – US
Responsible for leading information security, Risk and compliance
implementation and managing GRC
Establish and maintain information security policies to
communicate management's directives for development of
standards, procedures and guidelines
Evaluate information security controls to determine whether they
are appropriate and effectively mitigate risk to an acceptable level
Report non compliances and other changes in information risk to
appropriate management to assist in the risk management
decision-making process
Manage and maintain organizational information security
standards, procedures, guidelines and other documentation to
support and guide compliance with information security policies
Conduct information security awareness training to the teams
according to the clients requirements in a timely manner
Project 2: Vulnerability Management Solution Design – Automobile Client
US
Solution Engineer for the QualysGuard vulnerability management.
Managing user accounts for accessing Qualys Vulnerability
Management Module
Qualys Asset (Device) management i.e. Adding devices for Qualys
Vulnerability scanning
Managing Qualys Option Profiles
Customize vulnerability report generation with QualysGuard
Managing Qualys search lists
Managing Qualys authentication records.
Creating the EWO Document (Engineering Work Order) i.e.
Implementation guide, product guide based on all the
requirements gathered.
Simulating the whole solution built in development Labs before
certifying it to be used by the operations in the production
environment
Making sure all the steps in the Engineering solution process is
peer reviewed and approved before the process is completed and
solution handed over to the operations team for implementation.
Technical assistance for operation teams.
7. Page 7 of 7
NARESHKUMAR RAGHUPATRUNI
+91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni
nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA
Other Experience
Title Intelligroup Asia Pvt. Ltd. An NTTDATA Company – Systems Engineer
Start Date October 2007 End Date
December
2010
Role &
Contribution
Project : Vulnerability Assessment for Semiconductor, Pharmaceutical –
US, Sea Food Products – Greenland - Clients
Preform vulnerability assessment i.e. to run demand and schedule
vulnerability scans.
Generating vulnerability scan reports and identifying vulnerabilities
Provide counter measures according to industry IT security standards
Review false-positives
Work with respective team members to fix or remediate the
vulnerabilities
Review patch implementation for vulnerabilities
Other Experience
Title Netmetric Solutions – Sr. Network Security Engineer
Start Date March 2007 End Date October 2007
Role &
Contribution
Project: Deploy network security Solution
Implement maintain and integration of the corporate WAN, LANs
network security.
Implement and administration of network security hardware and
software, enforcing the network security policy and complying with
requirements.
Perform analysis of network security needs and contributes to design,
integration, and installation of hardware and software.
Analyze, troubleshoot network security issues
Maintain and administrate perimeter security systems such as firewalls
and intrusion detection systems.
Other Experience
Title Tick Business Solutions Pvt. Ltd. – Network Security Administrator
Start Date October 2005 End Date March 2007
Role &
Contribution
Project: Infrastructure security Management - eSeva Govt. of
Andhrapradesh India – Govt. Client
8. Page 8 of 8
NARESHKUMAR RAGHUPATRUNI
+91 8884566900 nareshitsec https://in.linkedin.com/in/nareshkumarraghupatruni
nareshitsec@gmail.com nareshitsec@gmail.com Indian Passport and USA B1/B2 VISA
Manage network security infrastructure
Provide secure communications Ho / Bo ‘s
Implant Network security
Provide secure access controlling Internet Access (HTTP/HTTPS) to
Users
Block unauthorized sites as per policy, monitor & maintain the access
logs
Failover configurations
LAN/WAN administration
Educational Qualification
Education &
Credentials
Bachelor of Technology in Electronics and Telecommunications