Hi, I’m
Anil Gunda
OT/ICS Cyber Security Specialist
Doha,Qatar
Summary
A well - presented and adaptable professional, with a distinguished IT\OT track record underpinned by work experience in environments demanding self-motivation and focused approach. I can work without supervision and willing to assume additional responsibilities. A committed team player with leadership ability, uses high standards of communication to establish positive interpersonal relationships. I am seeking a secure, challenging, and rewarding position to apply my practical knowledge and experiences to contribute to an organization's success.
Overview
11
years of professional experience
4
years of post-secondary education
5
Certificates
Work History
Qatar AirwaysDoha, Qatar
OT/ICS Cyber Security Specialist
05.2018 - Current
Job overview
- Leads implementation and management of OT/ICS Security Operations Center (SOC) to monitor security risks to Operational Technology (OT) environments in real-time.
- Core member of review committee for Qatar 2022 Cyber Security Draft Framework.
- Overseeing implementation of security controls in ICS & IT environments to comply Qatar 2022 Cyber Security Framework.
- Utilize existing and newly deployed OT Security Solutions to perform threat assessments, substantiate security incidents, and effectively respond.
- Participate in security requirements, network design reviews, and security testing for network, systems, and applications.
- Evaluate new security technology & emerging threats and provide recommendations to strengthen the OT security environment.
- Evaluate available vendor security solutions to determine if and how they should be deployed in OT environment.
- Lead the development, deployment, management, and enforcement of OT Security Policies. This will include leading the effort in adopting applicable components of IEC 62443 & NIST Cyber Framework that provide increased OT Security while minimizing increased production risk.
- Consult on ICS security matters as needed and act as liaison between operations and corporate IT security teams.
- Respond and Participate in ICS security incident response through all phases including investigating computer and network intrusions and remediation support.
Qatar AirwaysDoha, Qatar
Cyber Security Lead Engineer
01.2016 - 04.2018
Job overview
- Conducted application penetration testing of airport/airline applications.
- Conducted vulnerability assessments for 100+ severs of airport infrastructure.
- Established policies and procedures in line with ISO 20000 and ISO 27001.
- Member of change management board.
- Conducted department risk assessments.
- Working closely with anti-virus and patch management teams to ensure systems and servers are regularly updated.
- Managing Internal Audits.
- Member of SOC team working closely with MSSP SOC, responsible for incident investigations and tracking closure of them with operational teams.
- Assisting operational teams in implementing OTSOC and Industrial IDS.
- Overseeing cyber security hygiene of OT networks.
- Proactively looking for IoCs, threat signatures, file hashes etc. and ensure to block them on perimeter devices.
HSBCHyderabad, India
Senior Information Security Analyst
08.2012 - 12.2015
Job overview
- Conducted application penetration testing of 250+ business applications.
- Conducted vulnerability assessments for 500+ severs of various platforms and network devices.
- Acquainted with various approaches to Grey & Black box security testing.
- Proficient in understanding application level vulnerabilities like XSS, SQL Injection, response splitting attacks, session hijacking, authentication bypass, weak cryptography, authentication flaws etc.
- Evaluate risk for application and network infrastructures as per OWASP and organizational security control standards and guidelines.
- As part of research and development, I have helped in developing two new services – Thick Client and Mobile application security testing services.
- Developed test checklists for Web, ThickClient and Mobile application platforms.
- Played crucial role in streamlining processes and as part of it, I have written process documents and testing methodologies.
- Incident management and handling skills; including knowledge of common probing and attack methods, viruses, botnets and other forms of malware. Correlating events from Network, OS, Applications or IDS/Firewalls and analyzing them for possible threats.
- Ensure secure computing environment within organization.
- Monitor security violations, flag potential violations and investigate security incidents.
- Manage and monitor tools to ensure security of internal and perimeter network while ensuring that adequate packets and network activity information is captured for investigating potential security incidents .
- Developed and implemented security awareness programs and acted as business unit trainer, helped in training new batches on various occasions.
Paladion NetworksMumbai, India
Security Engineer
12.2010 - 07.2012
Job overview
- Conducted application security testing of 200+ business applications.
- Worked on long term project with leading bank in India.
- Listed below are some of the key projects;
- Application Security Test of online Banking Applications.
- Application Security Test of Internet Trade Applications.
- Application Security Test of Online portal of Stock trade company.
- Application Security Test of Online Exam Application.
- Application Security Test of various Internet and Intranet facing applications of well-known bank in India.
- External and Internal network penetration tests of internet/intranet facing servers and devices.
- Performed vulnerability assessments of critical servers includes OS, databases and web/app servers and network devices.
- Experienced on service delivery, managing project requirements, customer relationship, allocating work, conducting status meetings and customer reviews, technical support and system administration.
- Provide security assessment/approval for all internal projects; perform security assessment for production environment.
Education
JNTU KakinadaIndia
Bachelor of Science from Electronics And Communications Engineering
08.2006 - 05.2010
Skills
OT/ICS Vulnerability Management: Nozomi / Claroty / Other Open source tools
undefinedCertification
SANS GCIH (Trained)
Timeline
SANS GCIH (Trained)
01-2022
Certified Information Systems Auditor (CISA)
05-2018
OT/ICS Cyber Security Specialist
Qatar Airways
05.2018 - Current
Certified Ethical Hacker (CEH)
05-2017
ITIL Foundation (2011)
08-2016
Cyber Security Lead Engineer
Qatar Airways
01.2016 - 04.2018
ISO 27001 Lead Auditor
03-2013
Senior Information Security Analyst
HSBC
08.2012 - 12.2015
Security Engineer
Paladion Networks
12.2010 - 07.2012
JNTU Kakinada
Bachelor of Science from Electronics And Communications Engineering
08.2006 - 05.2010
Tools
- Tenable Nessus, Qualysguard, Nmap
- Proxies like Burp, Paros etc. Automated Scanners like IBM AppScanner, Netsparker, HP WebInspect, Burp professional, Acunetix etc.
- EchoMirage, Wireshark, Process Monitor, Winhex, Windows Sysinternal tools
- iExplorer, Open SSH, IOS SDK, FireSheep, Android Studio etc.
- RSA Archer
- SymenticVontu, RSA Archer, Iron Mail, AD Audit Plus, Nexthink, SecOnion
- LogRhythm, Splunk
Similar Profiles
Edward EnriquezEdward Enriquez
Head of Cabin Appearance at Qatar Aviation Services / Qatar AirwaysHead of Cabin Appearance at Qatar Aviation Services / Qatar Airways
Balwin KaurBalwin Kaur
Sales Assistant at Qatar Duty Free (Qatar Airways)Sales Assistant at Qatar Duty Free (Qatar Airways)
Mobin Ali TuriMobin Ali Turi
Cargo Service Agent (Dangerous Goods Agent) at Qatar Aviation Service (Qatar Airways Group)Cargo Service Agent (Dangerous Goods Agent) at Qatar Aviation Service (Qatar Airways Group)
June NjeruJune Njeru
Senior Sales Assistant- Travel Retail at Qatar Airways (Qatar Duty Free)Senior Sales Assistant- Travel Retail at Qatar Airways (Qatar Duty Free)
Christopher KimathiChristopher Kimathi
Purchase Executive at Al Jassim GroupPurchase Executive at Al Jassim Group