Udayasanthar Krishnamurthy

Project 2 - AWS Migration – Oct'2023 – Current

• Contributed to the AWS migration project from on-prim to AWS
• Reviewed the AWS architecture and the on prim security posture model
• Provide a range of cybersecurity services, inputs
• Provide recommendation on the endpoints, servers, DC and file servers
• Provide updates on the latest threats and vulnerabilities.
• Reviewed the client architecture and provided inputs based on the client logging into the on-prim servers.

Project 1 – April'2023 – Sept’2023

• Provide a range of cybersecurity services, inputs, including risk assessments, vulnerability assessments, security audits, and incident response planning.
• Review the existing on-prim data center and provide inputs on the security posture.
• Provide recommendations on continuous monitoring mechanisms to detect and respond to security threats in real-time based on the endpoints and servers.
• Constant review of the network architecture, to enhance the security posture

• Analyzing endpoints using DFIR methodology to identify the traces of the TA and collect evidence using eric Zimmerman’s tools, chainsaw etc.
• Heading a Team of 10 Analyst from India and Philippines which takes care of the Rapid Response Service Provided by Sophos.
• On-board customers to Rapid Response who are likely to be infected with Ransomware attacks and oversee the on-going Incident investigation for them until the containment zone and report is created.
• Identify emerging security threats and vulnerabilities, and proactively adjust security strategies accordingly.
• Monitor security events and incidents, responding promptly to mitigate potential threats.
• Leads incident response activities, ensuring security incidents are properly contained, eradicated, and recovered.
• Manage and mentor a team of security professionals, setting clear goals and expectations.
• Develop and deliver security training and awareness programs for employees at all levels of the organization.
• Manages a team responsible for ensuring adequate security processes and solutions to mitigate or remediate identified risks sufficiently to meet business objectives, contractual and/or regulatory requirements.
• Delivers Key Performance indicators to drive success to leadership.
• Manages teams that perform forensic analysis for the customers’ entire environment.
• Accountable for the oversight and management of a functional area within the Rapid Response Service, including supervision and mentorship..
• Evaluate new trends in information security and potential use cases.
• Provide people leadership services to a team of 10 analyst associates within a leadership environment.
• Identify the risk present in the customer network and machines which are encrypted.
• Keep up to date on new cyber threats and vulnerabilities, and make sure the Incident Response team has the tools and skills necessary to respond.
• Schedule a frequent call with the customer to provide update on the status of the investigation.
• Evaluate the collected evidence by the Analyst and oversee the investigation carried out.
• Taking care of the triage process done by the Analyst and moving the customer to Neutralise phase as quick to stop spreading of the Ransomware.
• Having bi-weekly 1:1 with the Team members to understand their career goals and aspiration and address their challenges if any.
• In addition to Rapid Response the Team also takes care of the Compromised Assessment service and Business email Investigation (BEC)
• Review the Incident Report which was prepared based on MITRE ATT&CK based on the evidence that collected from the Customer’s endpoints.
• Create a war room environment in case of Active Threat Actor presence in the customer environment.
• Develop and maintain a high performing team through effective hiring and training.
• Establishes goals and objectives for team performance and manages attainment of those goals.
• Provide technical direction to Analysts and Incident Leads in critical situations.
• Contribute to the definition, development, and process of Rapid Response as a service.

NTT INDIA GDC PVT. LTD

Designation: Team Lead, GSOC | Jan 2019 – May 2021

• Manages a team of Security incident Response Analyst, consist of L1, L2 and L3 which is 16/5 operations.
• Leading security personnel, developing strategy, setting goals and providing performance and professional development feedback.
• Regularly report SOC activities to top management, including incident reports, trends, and metrics using power Bi dashboard that is built.
• Driving major incidents and managing respective SOC workflow and activities to support the incident response process.
• Take part in Incident Response tasks to make sure the SOC team is ready to control and lessen security incidents.
• Keep up to date on new cyber threats and vulnerabilities, and make sure the SOC team has the tools and skills necessary to respond.
• Work with staff and management across all levels of the organization to detect and protect the environment.
• Provide input to SOC evaluations and recommendations to the business units.
• Establishing team and individual goals that support team objectives, coaching and mentoring, and providing career development guidance.
• Make recommendations and assist in the implementation of changes to work methods and procedures to make them more effective and to strengthen the team.
• Oversee the monitoring of security alerts and events across the organization's IT infrastructure and networks. Ensure that the team is effectively analyzing data to identify potential security threats and vulnerabilities.
• Manage the day-to-day activities of the global security operations team, including task assignment, scheduling, and performance management. This also involves conducting regular performance reviews and providing constructive feedback to team members.
• Planning and managing the delivery of Security Operation team's roadmap projects and initiatives.
• Global Solutions Delivery and support development of all Security Operation metrics, Service Level Agreements (SLA) and Operational Level Agreements (OLA).
• Develop, modify, and execute Standard operating procedures (SOP's).
• Serve as primary point of contact for Project management and other related issues.
• Oversee a team of 12 who perform the Incident Response, events from Crowd strike Falcon.
• Work closely with key internal partners HR, recruiting team to support and drive the individual team member's goals.
• Responds to alerts from Crowd strike falcon to address potentially malicious events in a timely manner.
• Responsible for the day-to-day operations of the team and address the challenges.
• Having frequent one-on-one with the GSOC team members and address the challenge and provide guidance.
• Handling the escalation incidents which are unsolved.

• Incident Investigation: Conduct in-depth investigations into security incidents to determine the scope, impact, and root cause. This involves analyzing logs from SIEM, network traffic, and other relevant data sources.
• Analyze advanced and persistent threats to understand their tactics, techniques, and procedures (TTPs)
• Evaluate and priorities incidents based on their severity and potential impact on the organization's assets and operations which is escalated from L1 Analyst.
• Analyze Malicious software (PUA) to determine its behavior, capabilities, and potential impact on the organization's systems and data.
• Lead efforts to contain and eradicate threats from affected systems. This may involve isolating compromised systems or reimaging the machine and in case removing malicious software escalated to the local IT team.
• Conduct more complex analysis of security events and incidents to identify advanced threats and indicators of compromise and use those IOC to put a block in place in the security tools.
• Investigate compromised endpoints and network traffic to identify suspicious patterns and behaviors.
• Day-to-day Security Incidents investigation from Splunk Dashboard which is monitored by L1 Analyst
• Threat Hunting - Proactively search for signs of hidden threats within the organization's systems and networks.
• An alert which triggers in Splunk will be sent to the InfoSec email box, which L1 basically monitors, and SIR's will be created in SNOW by L1 with the basic level of investigations updated in the work notes.
• Analysis of the infected workstation machine and finding out the reason for the cause.
• Participated in on-call rotation over the weekend to provide incident response coverage and the escalated incidents from L1 Analyst.
• Responsible for handling infections related to workforce machines, time bound monitoring of SIEM solution to detect unusual network behavior and isolate the infected workstation for containment and remediation.
• Detecting web application attacks through automated alert notification from Sourcefire IPS, investigation, and fine tuning of the alerts to avoid false positives.
• Investigation of Malware traffic events from FireEye ATP solutions for Zero-day attacks as well as signature-based detection.
• Having in-depth knowledge of Splunk SIEM for Analysis/operation.

• Worked as a Cyber Security Analyst (L1) in a SOC team for American based Bank - Ally Bank
• Review and analyze security events and logs to identify potential data breaches or policy violations
• Investigate and triage alerts to determine the severity and take appropriate actions
• Conduct thorough investigations to determine the cause, scope, and impact of security incidents
• Collaborate with relevant teams to mitigate the Threat
• Prepare regular reports on a daily basis and present them to the client over a call and review it
• Manage security alerts from key information security dashboards (IDS, SIEM, Antivirus, Email-Gateway, Sandbox analysis, Vulnerability Management)
• Day-to-day Security Events and Incident investigation of various events from different platforms
• Investigation of Malware traffic events from FireEye ATP solutions for Zero-day attacks as well as signature-based detections
• Post investigation from our team into the incident will be escalated to CIRT L2 team.

• Daily Analysis of reports from Qualys Guard for Vulnerability Management
• Day-to-Day security incidents and operations
• Perform the first response with the given SLA, triage the alert that triggered
• Respond to clients' requests, concerns, and suggestions
• Proactively support the team during an Incident Analysis
• Performs and reviews tasks as identified in a daily task list
• Handle the Security Incident alert and resolve within the given SLA
• Performing deeper analysis and need to interact with client in daily calls and need to take responsibility of handling the True Positive incidents on time
• Investigate & escalate validated and confirmed incidents to designated incident response team
• Notify Client of incident and required mitigation works
• Perform threat hunting and initiate incident response
• Ability to run and understand Sandbox Static & Dynamic Analysis.

• Perform Real-Time monitoring of security alerts detected by a multiple security system
• Perform Investigation/analysis of logs to triage incidents
• React and respond to real-time security incidents
• Performing basic static and dynamic analysis on malicious artifacts
• Incident Response (IR) when analysis/investigation confirms actionable incident
• Develop SIEM co-relation rule and Dashboards to improve SOC detection capabilities
• Phishing email operations
• Documenting every minute details of investigation in ticketing system
• Identifying security issues
• Provide ideas and feedback to improve the overall SOC capabilities and maturity.