Aman Tiwari
Summary
My name is Aman Tiwari and I am from India. I am currently pursuing a Master's in Cybersecurity from Georgia Tech and will be graduating in May 2024. I have had the opportunity to work with both technical implementations of cybersecurity as well as Compliance and Auditing. I am currently looking for full-time positions as a cyber security analyst or cyber security engineer as well as in organizational GRC Teams.
Overview
4
4
years of professional experience
Work History
Graduate Teaching Assistant (GTA)
Georgia Institute of Technology
Atlanta, GA
08.2023 - Current
- Evaluated and mentored over 200 students during my tenure as a GTA for Secure Computer Systems (CS-6238) which is a system security and hardening course offered at Georgia Tech that enables students to learn about Operating Systems Security through technical implementations of security concepts in Python
- Implemented innovative teaching techniques that catered to various learning styles, resulting in increased student engagement during lessons.
- Collaborated with fellow teaching assistants to provide additional support for struggling students, leading to improved academic outcomes.
Information System Security Officer Intern
Gainwell Technologies
05.2023 - 08.2023
- Improved the timeline of resolution of vulnerabilities by 50% and reduced the security deficits in AWS Resources by 75% by assisting the Information Security Team to maintain compliance and assess risk on State Medicaid Information Systems and collaborating with IT and Operations on vulnerability management and risk mitigation
- Streamlined security risk management and put a process of risk mitigation in place with cross-functional teams using Plan of Actions and Milestones (POAMs) and Inventory Lists using Excel by prioritizing vulnerabilities using CVSS Scores
- Reduced the vulnerability and risk component of AWS cloud resources using internal offerings such as Security Groups, AWS IAM, Gaurduty, CloudTrail and AWS Verified Access as well as by running continuous external checks in Crowdstrike, Nessus and Splunk to ensure compliance with NIST 800-53 Medium Controls and HIPAA
- Aligned existing policies to processes for security audits such as SOC2 and ISO 27001 of State Medicaid Systems
Web Application Penetration Testing Intern
Hacker Daddy Cyber Solutions
06.2020 - 08.2020
- Secured client environments with 95% client satisfaction and resolved close to 90% of the vulnerabilities by analyzing and evaluating client's web applications through detailed Internal as well as External Penetration Tests which included running checks against the OWASP Top 10 Web Application Remediation.
- Secured the internal organization resources by analyzing the flow of traffic using Wireshark and Splunk as well as producing secure data transmission code using Python and its cryptographic modules
- Conducted research for various projects, leading to well-informed decisions and successful outcomes.
Education
Master of Science - Cybersecurity
Georgia Institute of Technology
Atlanta05.2024
Bachelor of Science - Computer Engineering
SRM Institute of Science And Technology
India05.2022
Skills
- Python
- Bash
- TOR Network
- Burp Suite
- Wireshark
- Open-Source Intelligence
- Linux
- Linux Privilege Escalation
- Network Security
- Phishing
- Information Security
- TCP/IP Concepts
- Role Based Access Control
- Splunk
- AWS Guard Duty
- AWS Cloudtrail
- AWS Elastic Load Balancer (ELB)
- AWS Web Application Firewall (WAF)
- Microsoft Excel
- Binary Exploitation
- IDA
- Ghidra
- NIST CSF
- PCI-DSS
- SOC2
- HIPAA
- NIST 800-53
- NIST 800-37
- Governance, Risk & Compliance (GRC)
- Threat Intelligence
- Communication
- Time-Management
- Adaptability
- Team-Work
- Problem-Solving
Projects
TITM (Threat Intelligence Topic Mapping): (Ongoing)
TITM is a threat intelligence labeling and delivery platform that gathers threat intelligence from various sources using a threat intelligence aggregator called MISP, labels them into specific topics and then delivers to organizational assets in real-time according to their topic subscription using Message Queueing Telemetry Transport (MQTT).
Distributed Security System:
Implemented an intricate Distributed Security System using Python in a Linux Environment with Mutual User Authentication using user-side Certificates, Time-Based Identity and Access Management (IAM) using Time Dependent Access Control Lists (ACLs) and Data-at-Rest Encryption by saving all data either hashed or encrypted and Proper File Management after Logout.
Asset Finder:
An Open-Source Intelligence (OSINT) tool built using Bash in Linux to find information on websites and their sub-domains.
Binary Exploitation Challenges:
Lab server-based challenges in assembly language to work on various concepts ranging from static analysis using IDA-Pro and Ghidra as well as basic reverse engineering, bypassing canaries and ASLR, Return-oriented programming and Heap Exploitations.
Publications
An Enhanced Optimization of parallel firewall filtering rules for scalable high-speed networks:
Material Proceedings, Volume 62, Part 7, 4800-4805, 06/2022:
Implemented a parallel firewall infrastructure that can assess and process multiple packets at the same time hence providing additional speed to a security-dependent firewall architecture.
Theoretically enhanced efficiency of the proposed model over existing solutions.
Try Hack Me - Username
atdbbh1507
Timeline
Graduate Teaching Assistant (GTA)
Georgia Institute of Technology
08.2023 - Current
Information System Security Officer Intern
Gainwell Technologies
05.2023 - 08.2023
Web Application Penetration Testing Intern
Hacker Daddy Cyber Solutions
06.2020 - 08.2020
Master of Science - Cybersecurity
Georgia Institute of Technology
Bachelor of Science - Computer Engineering
SRM Institute of Science And Technology