Krittika Lalwaney

Led Penetration Testing, Adversarial Simulation, and Purple Teaming functions in performing Offensive Security testing from initiation to completion, which encompassed the planning, organizing, and management of resources to ensure the successful completion of security testing goals and objectives.

• Oversaw all aspects of security engagements, including scoping, planning, execution, and reporting.
• Led and managed a team of offensive security testers, providing guidance, mentorship, and support throughout the testing lifecycle.
• Managed relationships with security vendors, providing guidance on Capital Group methodology and reporting, oversite on vendor quality, participate in contract renewals and statement of work creation and review.
• Collaborated with clients, internal stakeholders, and cross-functional teams to identify and prioritize testing requirements, objectives, and deliverables.
• Collaborated closely with key stakeholders to ensure vulnerabilities are addressed in a timely manner.
• Developed forecasting, planning and monitor schedules to ensure that penetration testing is initiated and completed within established deadlines.
• Identified mitigation strategies, communicate remediation status, and develop KPI’s to measure program effectiveness.
• Analyzed the performance of technology systems and execute continuous improvement initiatives to effectively respond to problems and explore new opportunities.
• Regularly benchmarked against published standards and best practices for technology systems and cybersecurity practices.
• Prepare comprehensive and accurate penetration testing reports, including detailed findings, recommendations, and remediation strategies.
• Communicated effectively with clients, presenting findings and recommendations in a clear and non-technical manner.
• Provided subject matter expertise and support during client meetings, discussions, and presentations related to penetration testing projects.
• Interfaced with all levels of business and technical management staff, as well as application teams to facilitate problem resolution and the resolution of competing priorities.
• Created and executed a vision, motivating others to adopt strategies in collectively moving the organization forward
• Successfully managed multiple, concurrent projects, with a track record of completing projects successfully on time and on budget.

• Led Red Team operations and development within Ethical Hacking Methodologies from kickoff to remediation, mentoring less experienced staff.
• Conducted Red Team assessments against cloud environments and enterprise threat landscape to identify vulnerabilities in software, systems, networks, and logic.
• Researched and verified known attacks, exploits, and security weaknesses using researched and/or developed custom tools.
• Developed comprehensive reports and presentations for both technical and executive audiences to help drive remediation efforts.
• Led and drove Red Team internal development of scripts, tools, or methodologies to enhance Capital Group’s red teaming, offensive security operations and development.
• Worked with the Engineering & DevOps teams to ensure we have a comprehensive secure software development life cycle program.
• Led purple team exercises, penetration tests and security assessments from kickoff to remediation, and mentored less experienced staff.
• Led threat models with developers and architecture teams to enhance security testing.
• Effectively communicated findings to stakeholders, including technical staff, executive leadership and legal counsel to drive remediation efforts for the organization.

• Led Red Team operations and utilizes tools such as Burp Suite, Cobalt Strike, Metasploit, Empire, Nessus, NMAP, Wireshark, and similar tools
• Conducted several security assessments and penetration testing by emulating adversarial tactics
• Served as a Social Engineer SME on Red Team operations
• Consulted and briefs Blue Teams on vulnerabilities found during operations
• Built custom tools and scripts to enable targeted testing
• Created and maintains Red Team documentation and best practices
• Utilized various risk frameworks (MITRE ATT&CK, NIST, DREAD) to drive remediation efforts and strengthen Blue Team defenses

• Led and coordinated Red Team findings’ remediation
• Consulted and served as a SME on technical details of Red Team findings to the Blue Team
• Led several remediation working sessions to close critical vulnerabilities
• Briefed senior leadership on enterprise wide initiatives that originated from Red Team findings
• Created a data repository and automated metrics reporting

• Developed expertise in daily incident response by operating multiple platforms for data analysis and working a Security Information and Event Management (SIEM) system.
• Developed a training program for new SOC analysts and trained them on incident response.
• Delivered innovative solutions to continually improve our incident detection, proactive hunting
  and IR capabilities at scale, across numerous products and platforms
• Increased knowledge of TCP/IP and networks to include firewalls, routers, and ACLs.
• Made correlations across various data sources and constantly pivoting indicators from
  intelligence sources into Capital One’s environment
• Strengthened the working knowledge of malware in its varying forms, common delivery
  mechanisms, and common mitigation steps
• Experienced with and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS
  technologies, proxy technologies, and antivirus, spam and spyware solutions
• Experienced with open source technologies such as Kibana, Timelion, Bro, and Sysmon
• Communicated cybersecurity events to both technical and non-technical audiences
• Experienced with IDS/IPS, Splunk, FireEye, and similar technologies