Alaison Benny

ALAISON BENNY Cyber security analyst( 6+ years experience) Ahmedabad, Gujarat-- A cyber security passionate, ethical hacker and a researcher with a great acumen of overall technical risk assessment domain. While my real passion is to find vulnerabilities in web and cloud applications, a mere thought of ethically hacking into a mobile app gives me goose bumps. With an impeccable interest in the fundamentals of XSS, CSRF and SQL injection I love deep-diving into less known attacks in the web security world too. Even at a personal level I am still a cyber security gal, but of course ethical in what I do. Showing off my tech-skills is not exactly me, but when my sql injection attack shows up lots of data on the screen and lots of frown on customer's face, I can't say that I am not excited. The security comes into picture only if there are cyber attacks taking place and hence to move on I'm extremely passionate about investigating the cyber crimes nowadays that are increasing tremendously. Apart from investigation it gives me thrills to face new challenges while going through the scenarios. #readytowork #Ready to work on remote or freelance basis #No need of fixed monthly salary, please pay my for the projects you are going to give me only Sponsorship required to work in the US WORK EXPERIENCE Security lead Invesics - Ahmedabad, Gujarat March 2017 to Present • Cyber Forensics • Malware analysis • IT Network security testing • Mobile app security assessment • Cloud app pen-testing • Web app vulnerability assessment • VAPT Cyber Security Analyst INVESICS - Ahmedabad, Gujarat 2016 to 2017 • eep up to date with the latest security and technology developments • research/evaluate emerging cyber security threats and ways to manage them • plan for disaster recovery in the event of any security breaches • monitor for attacks, intrusions and unusual, unauthorised or illegal activity • test and evaluate security products • design new security systems or upgrade existing ones • use advanced analytic tools to determine emerging threat patterns and vulnerabilities • engage in 'ethical hacking', for example, simulating security breaches • identify potential weaknesses and implement measures, such as firewalls and encryption Sr. Cyber Security Analyst INVESICS - Ahmedabad, Gujarat 2015 to 2016 • investigate security alerts and provide incident response • monitor identity and access management, including monitoring for abuse of permissions by authorised system users • liaise with stakeholders in relation to cyber security issues and provide future recommendations • generate reports for both technical and non-technical staff and stakeholders • maintain an information security risk register and assist with internal and external audits relating to information security • monitor and respond to 'phishing' emails and 'pharming' activity • assist with the creation, maintenance and delivery of cyber security awareness training for colleagues • give advice and guidance to staff on issues such as spam and unwanted or malicious emails Intern INVESICS - Ahmedabad, Gujarat 2014 to 2015 • Perform a variety of entry-level administrative staff duties related to areas such as compliance regulations and procedures. • Conduct vulnerability assessments • Monitor and analyze relevant vulnerability announcements and recommend appropriate actions. • Assist in writing instructions to describe and improve cyber security methods and systems. EDUCATION Master's in M.Tech CSIR, SCADA Systems and Network Gujarat Forensic Sciences University - Gujarat 2014 to 2016 Master's in M.C.A, Computer Softwares Gujarat Technological University - Gujarat 2011 to 2014 Bachelor's in B.C.A, Computer Programming/Programmer, General Gujarat University - Gujarat 2008 to 2011 Higher Secondary(12th Pass) in Plus two M.K.H.S - Gujarat 2005 to 2008 SKILLS • Scada • Vulnerability Assessment • Penetration Testing • Supporting and Managing Security Services • Technical Background in Data Loss Prevention • Staying One Step Ahead of Cyber Attacks • Responding to Security Events • Providing Timely and Relevant Security Reports • Providing Host-Based Forensics • Security Monitoring • Cyber and Technical Threat Analyses • Specialized Cyber Threat Reports • Remediating Security Issues • Security Regulations and Standards • Evaluating and Deconstructing Malware Software • Discovering Vulnerabilities in Information Systems • VMWare • TCP/IP • Azure • Active Directory • Microsoft Windows • Active Directory • Azure • DHCP • LAN • Microsoft Windows • TCP • TCP/IP • VMWare • PowerShell • WAN • Microsoft SQL Server • DNS • AWS • Microsoft Exchange • Computer Networking • Microsoft Windows Server AWARDS Common information security management frameworks • ISO/IEC 27001, • ITIL • COBIT • National Institute of Standards and Technology (NIST) • Cyber Security Framework (CSF) • SP800-XX frameworks • NERC, CIP. CERTIFICATIONS AND LICENSES 100W Operational Security (OPSEC) for Control Systems Microsoft Technical Associate CEH certified CISSP CISM CPT MSSP (Managed Security Services Provider) SIEM PUBLICATIONS Projects • experience or equivalent in Network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc.), Subnetting, DNS, encryption technologies and standards, VPNs, VLANs, VoIP, and other network routing methods, Checkpoint, Cisco ASA, McAfee intrusion detection/prevention protocols, CISSP, CISA, CISM. Certifications preferred are CISSP or CCNA or CCNP. • Experience with Microsoft Windows Environments, Microsoft Office Suite, VMware cloud environments, Azure Iaas, PaaS & SaaS, Microsoft Office 365, Citrix Virtualization, client/server technology, DRM and Internet/intranets. • Expertise in SIEM, firewalls, VPNs, intrusion detection, content filtering, file integrity monitoring, and endpoint protection technologies. • DS/IPS, penetration and vulnerability testing. • Expertise in designing secure networks, systems and application architectures, coding practices, ethical hacking, and threat modelling. • Experience with vulnerability scanners and penetration tools such as Nmap, Nessus, Rapid7, Metasploit, etc. • System administration, supporting multiple platforms and applications including Microsoft Windows 2012/2016 Active Directory, Microsoft PKI, Microsoft Exchange 2013/2016, Office 365. • Experience with SD WAN and SDN (VMware NSX) vSphere and Cisco ACI. Experience with securing SCADA networks. ADDITIONAL INFORMATION • Knowledge of a variety of Internet protocols. • Knowledge of a variety of Operating systems (Linux, Macos, Windows…). • Experience in analyzing security logs generated by Intrusion Detection/Prevention Systems (IDS/IPS), firewalls, network flow systems, Anti-Virus, and/or other security logging sources in correlation with vulnerability analysis • Experience performing security analysis utilizing SIEM technologies. • Experience in scripting and / or programming language. • Ability to multi-task under strict deadlines. • Great planning, interpersonal, verbal and written communication skills. • Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively. • A demonstrated passion towards information security. • Education: Bachelor's Degree in Computer Science or equivalent experience • Certifications can be considered a plus if applicable (CISSP, SANS GIAC…)