Summary
Overview
Work History
Education
Skills
Certification
Timeline
Tools
Hi, I’m

Anil Gunda

OT/ICS Cyber Security Specialist
Doha,Qatar
Anil Gunda

Summary

A well - presented and adaptable professional, with a distinguished IT\OT track record underpinned by work experience in environments demanding self-motivation and focused approach. I can work without supervision and willing to assume additional responsibilities. A committed team player with leadership ability, uses high standards of communication to establish positive interpersonal relationships. I am seeking a secure, challenging, and rewarding position to apply my practical knowledge and experiences to contribute to an organization's success.

Overview

11
years of professional experience
4
years of post-secondary education
5
Certificates

Work History

Qatar Airways
Doha, Qatar

OT/ICS Cyber Security Specialist
05.2018 - Current

Job overview

  • Leads implementation and management of OT/ICS Security Operations Center (SOC) to monitor security risks to Operational Technology (OT) environments in real-time.
  • Core member of review committee for Qatar 2022 Cyber Security Draft Framework.
  • Overseeing implementation of security controls in ICS & IT environments to comply Qatar 2022 Cyber Security Framework.
  • Utilize existing and newly deployed OT Security Solutions to perform threat assessments, substantiate security incidents, and effectively respond.
  • Participate in security requirements, network design reviews, and security testing for network, systems, and applications.
  • Evaluate new security technology & emerging threats and provide recommendations to strengthen the OT security environment.
  • Evaluate available vendor security solutions to determine if and how they should be deployed in OT environment.
  • Lead the development, deployment, management, and enforcement of OT Security Policies. This will include leading the effort in adopting applicable components of IEC 62443 & NIST Cyber Framework that provide increased OT Security while minimizing increased production risk.
  • Consult on ICS security matters as needed and act as liaison between operations and corporate IT security teams.
  • Respond and Participate in ICS security incident response through all phases including investigating computer and network intrusions and remediation support.

Qatar Airways
Doha, Qatar

Cyber Security Lead Engineer
01.2016 - 04.2018

Job overview

  • Conducted application penetration testing of airport/airline applications.
  • Conducted vulnerability assessments for 100+ severs of airport infrastructure.
  • Established policies and procedures in line with ISO 20000 and ISO 27001.
  • Member of change management board.
  • Conducted department risk assessments.
  • Working closely with anti-virus and patch management teams to ensure systems and servers are regularly updated.
  • Managing Internal Audits.
  • Member of SOC team working closely with MSSP SOC, responsible for incident investigations and tracking closure of them with operational teams.
  • Assisting operational teams in implementing OTSOC and Industrial IDS.
  • Overseeing cyber security hygiene of OT networks.
  • Proactively looking for IoCs, threat signatures, file hashes etc. and ensure to block them on perimeter devices.

HSBC
Hyderabad, India

Senior Information Security Analyst
08.2012 - 12.2015

Job overview

  • Conducted application penetration testing of 250+ business applications.
  • Conducted vulnerability assessments for 500+ severs of various platforms and network devices.
  • Acquainted with various approaches to Grey & Black box security testing.
  • Proficient in understanding application level vulnerabilities like XSS, SQL Injection, response splitting attacks, session hijacking, authentication bypass, weak cryptography, authentication flaws etc.
  • Evaluate risk for application and network infrastructures as per OWASP and organizational security control standards and guidelines.
  • As part of research and development, I have helped in developing two new services – Thick Client and Mobile application security testing services.
  • Developed test checklists for Web, ThickClient and Mobile application platforms.
  • Played crucial role in streamlining processes and as part of it, I have written process documents and testing methodologies.
  • Incident management and handling skills; including knowledge of common probing and attack methods, viruses, botnets and other forms of malware. Correlating events from Network, OS, Applications or IDS/Firewalls and analyzing them for possible threats.
  • Ensure secure computing environment within organization.
  • Monitor security violations, flag potential violations and investigate security incidents.
  • Manage and monitor tools to ensure security of internal and perimeter network while ensuring that adequate packets and network activity information is captured for investigating potential security incidents .
  • Developed and implemented security awareness programs and acted as business unit trainer, helped in training new batches on various occasions.

Paladion Networks
Mumbai, India

Security Engineer
12.2010 - 07.2012

Job overview

  • Conducted application security testing of 200+ business applications.
  • Worked on long term project with leading bank in India.
  • Listed below are some of the key projects;
  • Application Security Test of online Banking Applications.
  • Application Security Test of Internet Trade Applications.
  • Application Security Test of Online portal of Stock trade company.
  • Application Security Test of Online Exam Application.
  • Application Security Test of various Internet and Intranet facing applications of well-known bank in India.
  • External and Internal network penetration tests of internet/intranet facing servers and devices.
  • Performed vulnerability assessments of critical servers includes OS, databases and web/app servers and network devices.
  • Experienced on service delivery, managing project requirements, customer relationship, allocating work, conducting status meetings and customer reviews, technical support and system administration.
  • Provide security assessment/approval for all internal projects; perform security assessment for production environment.

Education

JNTU Kakinada
India

Bachelor of Science from Electronics And Communications Engineering
08.2006 - 05.2010

Skills

OT/ICS Vulnerability Management: Nozomi / Claroty / Other Open source tools

Risk Assessments: ISO 27001 / NIST / ICS 62443

Application Security Assessment: OWASP / SANS

Penetration Testing: Kali Linux / Metasploit / Other Open source tools

Incident Management - SOC Operations: SIEM / NSM / Industrial IDS

Certification

SANS GCIH (Trained)

Timeline

SANS GCIH (Trained)

01-2022

Certified Information Systems Auditor (CISA)

05-2018

OT/ICS Cyber Security Specialist

Qatar Airways
05.2018 - Current

Certified Ethical Hacker (CEH)

05-2017

ITIL Foundation (2011)

08-2016

Cyber Security Lead Engineer

Qatar Airways
01.2016 - 04.2018

ISO 27001 Lead Auditor

03-2013

Senior Information Security Analyst

HSBC
08.2012 - 12.2015

Security Engineer

Paladion Networks
12.2010 - 07.2012

JNTU Kakinada

Bachelor of Science from Electronics And Communications Engineering
08.2006 - 05.2010

Tools

  • Tenable Nessus, Qualysguard, Nmap
  • Proxies like Burp, Paros etc. Automated Scanners like IBM AppScanner, Netsparker, HP WebInspect, Burp professional, Acunetix etc.
  • EchoMirage, Wireshark, Process Monitor, Winhex, Windows Sysinternal tools
  • iExplorer, Open SSH, IOS SDK, FireSheep, Android Studio etc.
  • RSA Archer
  • SymenticVontu, RSA Archer, Iron Mail, AD Audit Plus, Nexthink, SecOnion
  • LogRhythm, Splunk
Anil GundaOT/ICS Cyber Security Specialist