Summary
Overview
Work History
Education
Skills
Certification
Publications
Timeline
Generic

Venkatesh Popuri

Leander,TX

Summary

Venkatesh Popuri is an advisory manager in Cyber Risk services. Possess a proven track record of leading and managing critical security initiatives for Fortune 500 companies, resulting in significant improvements in client security posture and reduced risk exposure. Recognized as a subject matter expert in AppSec, spearheading the development and implementation of comprehensive security programs, driving enterprise-wide security tool adoption, and overseeing the work of security professionals. Actively contribute to the industry through thought leadership initiatives and mentorship, fostering a culture of knowledge sharing and innovation within the team. He specializes in Secure Software Development Lifecycle (SSDLC), DevSecOps, Vulnerability Management and Application Security and in streamlining processes and implementing automated security solutions, analysis of application security scans, secure code development, software development, and penetration testing.

Overview

6
6
years of professional experience
1
1
Certification

Work History

Advisory Manager

Deloitte & Touche, LLP
05.2023 - Current
  • Led and managed teams of security professionals in conducting assessments of client enterprise application security and production security programs utilizing frameworks like NIST CSF, NIST SSDF 800-218, and OWASP SAMM
  • Developed and implemented robust AppSec programs for clients, including foundational documents such as policies, standards, and guidelines
  • Guided clients in security tool evaluation, design, implementation, and enterprise-wide integration, resulting in a 50 - 60% increase in overall security posture for clients
  • Led teams to deliver multiple security workflows, including Application Security Assessments (ASA), various AST methodologies (DAST, SAST, IAST), Security Operations Center (CSOC) integration, data protection initiatives, and Web Application Firewall (WAF) implementation
  • Performed security risk assessments based on project scope, identified security risk areas, assigned security risk scores, and documented findings in reports
  • Designed and implemented application security solutions that strengthened controls in the Software Development Lifecycle (SDLC), ensured compliance with regulations, improved operational efficiency, and reduced costs
  • Created security architecture diagrams explaining proposed solutions specific to projects, embedding them into design documents and security risk assessment reports
  • Developed reporting and key performance indicators (KPIs) to track security posture improvements and participated in the creation of enterprise information security and risk management documents (policies, standards, baselines, guidelines, and procedures)
  • Coordinated penetration testing engagements, including facilitating the development of security testing scenarios/scripts, validating test completion, and ensuring the quality of deliverables created by the team
  • Developed proposals for new engagements, supported sales initiatives, and contributed to thought leadership by developing best practice guidelines
  • Mentored junior staff on AppSec best practices, fostering professional growth within the team
  • Liaised with executive level personnel, led client-facing meetings, and managed teams with multiple work streams throughout the full lifecycle of engagements
  • Supported clients throughout complex M&A engagements, managing security integration and due diligence activities from sign-to-close
  • Successfully identified and mitigated security risks during the integration of acquired companies.

Advisory Senior Consultant

Deloitte & Touche, LLP
04.2019 - 05.2023
  • Assessed current state and developed an Application Security program for large financial and healthcare clients to allow them to improve their security posture
  • This focused on expanding the current processes and creating a defined policy for maintaining a specified level of secure architecture and development patterns to be used when developing applications as well as testing standards
  • Executed newly defined processes and identified learning opportunities and incorporate feedback to improve processes
  • Performed black box and grey box security testing of web applications which involved information gathering, vulnerability assessments, penetration testing, and assisting for remediation of the vulnerabilities
  • Performed technical scoping with the client to facilitate proper documentation for application scope and preparation for testing, improving the overall scope coverage and quality of testing
  • Performed application security testing (SAST, DAST, MPT, SCA, Manual Code Review, Security Design Review) to reduce the attack surface of the applications by identifying vulnerabilities and mitigating those identified vulnerabilities based on the defined SLA
  • Conducted advanced manual and dynamic pen testing in accordance with OWASP standards on components such as web, Thick and mobile applications identifying major and exploitable vulnerabilities
  • Performed vulnerability assessment of iOS & Android application developed to support the 'bring your own device (BYOD)' Concept at the enterprise level
  • Testing activities included identifying vulnerabilities, providing recommendations, and re-testing the issues fixed by the client
  • Identification of Injection, Business logic, Authentication, Session Management, etc
  • Related flaws in applications and encasing attack scenarios and associated risk to the business
  • Providing preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy
  • Developed high level triaging guidelines to enable the application teams to analyze, identify and remediate issues reported by the scan tools
  • Socialized testing reports and high-level guidelines with the client stakeholders and development teams
  • Provided the development team with detailed reports based on the findings obtained from the manual and automated testing methodologies, also provide the necessary remediation for individual findings
  • Communicating and coordinating day-to-day project activities within the project team and assure that priorities are developed and known
  • Documented information security guidance in step-by-step operational procedures
  • Provided the development team with detailed reports based on the findings obtained from the manual and automated testing methodologies, also provide the necessary remediation for individual findings
  • Assisting customers in understanding risk and threat levels associated with vulnerability so that customers may or may not accept risk with respect to business criticality.

Cyber Security Analyst

The Execu|Search Group
06.2018 - 04.2019
  • Conducted application penetration testing of various business applications
  • Reviewed and analyzed security vulnerability data to identify false positives
  • Providing details of the issues identified and the remediation plan to the stakeholders
  • Validate the fix applied for the vulnerabilities and closure of the assessment
  • Communicating and coordinating day-to-day project activities within the project team and assure that priorities are developed and known
  • Manual and dynamic penetration testing of web applications using burp suite and hp webinspect scanner
  • Planning, conducting, and reporting vulnerability and risk assessment of applications
  • The risk associated with vulnerability is explained to the project team for better understanding and guiding the project team towards its remediation
  • Providing remediation to the developers based on the issues identified
  • Ensured applications were secured from the latest vulnerabilities
  • Documented information security guidance in step-by-step operational procedures
  • Provided the development team with detailed reports based on the findings obtained from the manual and automated testing methodologies, also provide the necessary remediation for individual findings
  • Providing preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy
  • Assisting customers in understanding risk and threat levels associated with vulnerability so that customers may or may not accept risk with respect to business criticality.

Education

Master's Degree in Information Systems Engineering and Management -

Harrisburg University of Science and Technology

Skills

  • Application Security (AppSec)
  • NIST Cybersecurity Framework (CSF)
  • NIST Secure Software Development Framework (SSDF)
  • OWASP Software Assurance Maturity Model (SAMM)
  • AppSec Program Development
  • Security Policy & Standards Creation
  • Security Tool Evaluation & Implementation
  • Application Security Testing (AST) Methodologies (eg, DAST, SAST, IAST)
  • M&A Security Integration & Due Diligence
  • Operating Systems: Windows 10, Kali Linux, Mac OSX
  • Web Application Security tools: Burp Suite Pro, HP WebInspect, sqlmap, SoapUI, Fortify Static Code Analyzer
  • Mobile Application tools: Passionfruit, Objection, Needle, Xcode, Hopper Disassembler, Cydia tools(iOS), Frida tools, MobSF, Drozer, APK tool, JADX

Certification

  • CISSP - Certified Information Systems Security Professional
  • Exam AZ-500: Microsoft Azure Security

Publications

Popuri V (2024) Secure and Efficient Federated Learning Framework for Advanced Credit Card Fraud Detection with Optimization, International Journal of Management Technology, Vol.11, No 3, pp.42-63


Popuri V. (2024) Securing Healthcare Data: Federated Learning for Privacy-Preserving AI in Medical Applications, International Journal of Management Technology, 11 (3), 64-82

Timeline

Advisory Manager

Deloitte & Touche, LLP
05.2023 - Current

Advisory Senior Consultant

Deloitte & Touche, LLP
04.2019 - 05.2023

Cyber Security Analyst

The Execu|Search Group
06.2018 - 04.2019

Master's Degree in Information Systems Engineering and Management -

Harrisburg University of Science and Technology

Similar Profiles

  • Puja K. Patel

    Puja K. PatelPuja K. Patel

    Audit Associate at Deloitte & Touche LLPAudit Associate at Deloitte & Touche LLP

  • Avery Spalter

    Avery SpalterAvery Spalter

    Audit & Assurance Intern at Deloitte & Touche LLPAudit & Assurance Intern at Deloitte & Touche LLP

  • Ankur Bhalla

    Ankur BhallaAnkur Bhalla

    Managing Director – Risk & Financial Advisory, GRC & IT Compliance Leader at Deloitte & Touche LLPManaging Director – Risk & Financial Advisory, GRC & IT Compliance Leader at Deloitte & Touche LLP

  • SUJA JAYAN

    SUJA JAYANSUJA JAYAN

    Manager, Accounting, Controls & Reporting Advisor at Deloitte & Touche LLPManager, Accounting, Controls & Reporting Advisor at Deloitte & Touche LLP

  • Peyton Lyckman

    Peyton LyckmanPeyton Lyckman

    Administrative Assistant at Go Play IncAdministrative Assistant at Go Play Inc

CREATE PROFILE
Venkatesh Popuri