Tejaswi Volety

Guide the strategic vision, roadmap, and execution to advance the security posture at the Enterprise and Product level. Own the execution and continuous improvement of incident response, implementing automated and scalable systems that are both preventative and detective. Designed secure solutions for technical and business teams to improve App/Infra sec.

• Developed and deployed comprehensive security solutions for applications and enterprise-wide programs such as Data security posture management and Governance, DevSecOps, and Vuln mgmt.
• Developed and implemented a comprehensive DLP and CI/CD solution, guided by a strategic roadmap and data-driven decision-making based on detailed metrics and analysis.
• Advanced the security organization and mitigated risks by working cross-functionally to prioritize investments spanning M&A and third party integrations that reduced the total Critical and High risk by 80%.
• Authored and published 100+ Security policies, procedures, patterns standards and guidelines. Drafted clear documentation outlining company-wide security procedures, enabling all team members to understand their roles in upholding organizational safeguards properly.
• Worked closely with vendors to assess third-party products'' compatibility with existing systems while maintaining stringent security standards.
• Developed security metrics and technical analysis to give insight into performance and trends.
• Created frameworks by designing and developing technical solutions.
• Performed Security assessments, basing SCF framework, and reported risks with its mitigation options to executive and technical teams.
• Develop and lead a security team to architect innovative solutions to prevent financial fraud and money laundering.
• Advance the security organization and mitigate risks by working cross-functionally to prioritize investments spanning implementations, acquisitions, and third-party integrations.
• Protect data at every stage of the journey by leading the team to design and implement an encryption solution to secure sensitive PII across OLAP and OLTP Data stores.
• Enable the delivery of secure, stable, and highly performant applications, designing a secure CI/CD pipeline.
• Train and preach security practices across the organization by developing standards, patterns, and guidelines.
• Designed encryption protocols to safeguard sensitive corporate information from unauthorized access or disclosure.
• Evaluated emerging technologies for their potential impact on system security, staying ahead of industry trends and anticipating future challenges.
• Collaborated with cross-functional teams to develop secure software applications, reducing instances of data breaches and security incidents.

• Bitcoin Forensics for Prof. Raymond Choo (Reverse Engineering, Vulnerability assessment, Exploit) - Performed reverse engineering techniques to identify the vulnerabilities on e-wallets and using efficient algorithms with GO, & Python, exploited the application
• Automobile Forensics for Prof. Raymond Choo (Reverse Engineering, Vulnerability assessment, Exploit) - Root the device on Audio/Smart device (Android) on the automobile (Car) to gain administrator access and identify forensic artifacts, assess the vulnerabilities and exploit
• Text mining for Prof. HR Rao (Data Analytics, Machine learning, Neural Networks) - Designed a neural network to recognize features from a corpus to analyze the behavior and deduce the further results
• Cloud computing & Big data analytics for Prof. Yoris, Au - Instructor for the Data analytics – Masters students on Big data and Cloud technologies for a semester

• Performed a risk assessment (Red Team) and submitted reports for various level of corporate (Developer summary, Executive summary, detailed summary) and assessed the application to meet the standards (OWASP, SANS, NIST, WASC, ISO 27001) for a Web application being developed on AWS cloud
• Guided the organization with security best practices to advance technical and business security posture.
• Performed Cloud well architecture reviews and provided recommendations to improve the security posture.

Championed the design and implementation of robust security solutions to safeguard critical applications, proactively identifying vulnerabilities and providing solutions to mitigate risk. Worked cross-functionally to ensure the development and deployment of secure software while continuously monitoring and improving application security practices.

• Built and oversaw a team of engineers, advancing the development of security features across all products.
• Inspired a culture of continuous security validation, performing validations and penetration tests on application solutions to improve security outcomes and optimize governance, risk, and compliance.
• Served as technical product expert, executing threat hunting, incident response, and forensic analysis.
• Conducted regular audits of applications and systems, ensuring compliance with industry standards and regulatory requirements.
• Developed metrics and reporting mechanisms to track application security performance over time, supporting data-driven decision-making processes within the organization.

• Assess and enhance the security posture and maturity of the organization
• Performing gap analysis on the existing systems, builds and configurations
• Design threat models, identifying attack vectors and recommending controls to mitigate the risk/threat
• Plan a strategy and assist the engineers and analysts to build tactical solutions with best possible ROI
• Built an architectural framework for the security and risk teams that aligns with DevOps pipeline to provide security recommendations right from the inception of efforts
• Built a standard framework for the organization to assess the applications across teams and identify risks involved
• Strategic planning for a Command Center, capable of logging and monitoring the activity across the organization and incident handling
• Performing security reviews on the systems / services and provide advisory services
• Work along with the Executive leadership team (ELT) to build security controls necessary for the organization to be compliant with SOX, SOC, ISO, NIST, PCI, ITAR, Fed-Ramp and GDPR frameworks
• Recommendations on implementing and maintaining CIS benchmarks on the assets across organization
• Design and manage the training program to upskill the team and also a security awareness program across organization
• Work along the Bug bounty and the Internal pen test programs
• Role of a Scrum master and SME for Security to ELT (stake holders), and ensured to meet the TTM for the projects managed and handled
• Working along with Governance/Risk/Compliance teams facilitate the operational tasks involved
• Automated security solutions and architecture enhancements for the infrastructure on cloud and on-premises setups
• Experience in designing the Automation scripts, for malware analysis and forensic analysis
• Designed and deployed the AWS infrastructure for various projects and designed a well architected posture for the organization
• Experience in designing Application Infra, Data Streaming, Machine learning, Neural network algorithms developed for academic and Text mining research projects undertaken at UTSA
• Developed course work for Masters students in Big data and Cloud computing using Apache Spark

• Worked on below mentioned fraud detection and fraud prevention systems and applications
• Enterprise Security and Compliance Assessment(ESCA)
• Transaction Risk Analyzer (TRA)
• Wires Interdiction
• FTS Interdiction
• Above applications are used to perform multiple fraud screenings, Knowledge Based Authentication (KBA), Alert & Member notifications, prevent ATO (Account Take Over) frauds etc
• Responsibilities include complete analysis of the requirements to provide industry specific solutions for detection/ mitigation of Fraud and AML over monetary or non-monetary transactions
• Perform Scrum role (Stand-up, Retrospective, Story board, etc.)
• Integral role in entire SDLC (Design, Develop, Validate and Deploy)
• Design and Automate the rules for Fraud/AML (Report/Case creation)
• Design flags for automating the Alert/Case tagging system
• Involved in Algorithm analysis and design to detect Fraud over transactions
• Application development (MVC-Architecture), end-end Software Development Cycle (SDLC) and CI-CD pipeline
• Worked in developing and deploying automation scripts within the framework and maintaining the code standards

• Designed and developed a team of robots (team of 3) that follow the swarm principles as a part of my Engineering final semester academic curriculum
• This project was sponsored by the College with collaboration of cross major teams
• The algorithm developed was capable of accomplishing the end effector
• Programming XBee module to interact with GSM & GPS modules
• Programmed the controller to perform the basic operations