Experience

 
 
 
 
 

Security Engineering

Miro

Oct 2020 – Present Amsterdam, Netherlands

Leading the production security engineering for a hyper-growth online collaborative white board platform.

  • Solving scalable Security Engineering problems
  • Building & Managing Production Security
  • Working with global teams and building a security culture
  • Learning and sharing with the community :)
 
 
 
 
 

Cloud Native Security Specialist

Xebia

Feb 2020 – Sep 2020 Amsterdam, Netherlands

Working with wide variety of teams, clients and community to learn and share pragmatic security knowledge

  • Security Engineering & Consulting
  • Cloud, Containers and Kubernetes security
  • Learning and sharing with the community :)
 
 
 
 
 

Security Automation Engineer

Appsecco

Aug 2018 – Jan 2020 Bangalore, India

Appsecco is a specialist application security company that ‘gets’ web security and can advise you on the best route for your business.

We provide simple solutions to problems and don’t confuse our clients with technicalities.

Every team member shares a passion for providing the best possible security solutions that meet the commercial needs and challenges of the clients and organisations we work for.

No matter where they are based they bring the same strategic and pragmatic thinking to ensure that security, operations and commercial goals are aligned to bring you the best possible results.

 
 
 
 
 

Automation Ninja

Appsecco

May 2016 – Jul 2018 Bangalore, India

Appsecco is a specialist application security company that ‘gets’ web security and can advise you on the best route for your business.

We provide simple solutions to problems and don’t confuse our clients with technicalities.

Every team member shares a passion for providing the best possible security solutions that meet the commercial needs and challenges of the clients and organisations we work for.

No matter where they are based they bring the same strategic and pragmatic thinking to ensure that security, operations and commercial goals are aligned to bring you the best possible results.

 
 
 
 
 

Security Engineer II

Walmart

Oct 2014 – May 2016 Bangalore, India
  1. Responsible for the global network security for Walmart eCommerce.
  2. Part of Incident Response team. Worked on Palo Alto, ASA, FWSM firewalls.
  3. Responsible for assessment of automation tools, latest trends to enhance the current security testing practices,update and enhance the standards used in organisation.
  4. Followed Agile-Scrum methodologies for deployment and development activities.
  5. Built an in house automation Attack Monitoring & Proactive Analytics solution for Walmart using ELK stack.
  6. Acknowledged by CISO, VP for my contribution in improving organisation’s security posture by providing Critical Vulnerabilities in applications and also for internal training among engineering teams in InfoSec.
  7. Won best organizational level awards including AOM (Associate Of the Month), Spot Award in entire InfoSec wing
 
 
 
 
 

Network Security Consultant

Payatu

Oct 2013 – Oct 2014 Dharamshala, India
  1. Done Pen testing on complete Network as well as all Internal Web Applications
  2. Installed & Configured Active Directory, Domain controller services and applied Group Policy Management
  3. Installed & Configured Layer 2 & 3 switches and Routers
  4. Installed & Configured Open Source Monitoring Servers, Inventory and Ticketing Systems
  5. Installed & Configured FTP, BACKUP and WEB Servers
  6. Did hardening for Windows, LINUX servers & Networks
  7. Configured SIEM Server for Centralized logging and installed Security Onion for Network Packet Capture and analysis
  8. Trained staff for configuration and maintenance of servers and systems
  9. Researched on Real time Scenarios, Architectures and Tools
  10. Worked with various International clients and completed the project successfully
 
 
 
 
 

Internship

Saviour Info Sol Pvt.Ltd

May 2012 – Jun 2012 Hyderabad, India
Created a server with all security tools to monitor and analyze the network.
 
 
 
 
 

Information security researcher & Technical trainer - Part Time

SourceNXT

Jan 2012 – Sep 2013 Hyderabad, India
  1. Trained more than 3000 people in the field of Information security, Ethical Hacking and Cyber Security by various workshops and talks.
  2. Done research on latest online potential threats and security tools and frameworks.
  3. Prepared course content for Networking & Security Modules.
 
 
 
 
 

Corporate trainer - Part Time

Technosoft Solutions

Jan 2012 – Apr 2013 Visakhapatnam, India
  1. Trained INDIAN NAVY for 10 days Hands on Ethical Hacking & Information Security Boot Camp
  2. Worked with various clients and done corporate training on Network Security & Forensics
  3. Done Penetration Testing for Web Applications
  4. Done Hardening Networks and Servers for small organizations

Volunteering

 
 
 
 
 

Crew Member

Cloud Village - DEF CON

Jun 2019 – Present Las Vegas, USA
Part of DEF CON villages in Las Vegas. An open space to meet folks interested in offensive and defensive aspects of cloud security. I was leading in creating and running the CTF for the conference.
 
 
 
 
 

Speakers Bureau Member

CNCF

Nov 2018 – Present World Wide
The CNCF Speakers Bureau helps connect event organizers with speakers who have varied expertise in the cloud native ecosystem. Speakers consist of CNCF ambassadors, meetup organizers, and prominent community members who are willing to speak at events on the topics they are proficient in.
 
 
 
 
 

Moderator - DevSecOps track

All Day DevOps

Jan 2016 – Present Online
All Day DevOps is a FREE online community responsible for creating the world’s largest DevOps conference. - https://www.alldaydevops.com
 
 
 
 
 

Contributor

DevSecOps

Jan 2016 – Present Online
Security is everyone’s responsibility - http://www.devsecops.org
 
 
 
 
 

Chapter Lead

null - The Open Security Community

Mar 2014 – Oct 2014 Dharamshala, India
Kick started null Dharamshala Chapter monthly meetups and other types of meetings like null Humla and Puliya. Responsibilities include organizing monthly events, arranging venues, inviting speakers, etc.
 
 
 
 
 

Contributor

Code Vigilant

Jan 2014 – Aug 2015 Online

Code Vigilant project is created out of the need to have a more secure open source software. It is a known fact that a large number of users use opensource software but a very few of them contribute back in terms of identifying and making these opensource software a more secure piece of software.

This project is initiated with an aim of finding flaws in open source software and making sure that we reach one of the following conclusion.

  1. Get the vulnerability fixed and Patch issued.
  2. If author is not reachable then make sure the public information is available and spread the details that issues exist with opensource software and discourage its usage.
 
 
 
 
 

Crew Member

Nullcon

Oct 2013 – Oct 2014 India

Publications

Details of my security advisories.

Details of my security vulnerabilities acknowledgements.

Recent & Upcoming: Talks & Trainings

This talk is focused on why, what and how we can add security value into modern cloud native infrastructure. Organisation using micro …

Trend Micro and Benchmark bring you Container Hackfest, a 1 hour online event where certified offensive hackers attempt to break a …

Kubernetes Goat is “vulnerable by design” Kubernetes Cluster environment to practice and learn about Kubernetes Security.

In this …

In this session Madhu Akula will give his introduction to Kubernetes Goat, designed to be an intentionally vulnerable cluster …

In this session Madhu Akula will give his first public introduction to Kubernetes Goat, designed to be an intentionally vulnerable …

Projects

*

Kubernetes Goat

The Kubernetes Goat designed to be intentionally vulnerable cluster environment to learn and practice Kubernetes security.

Hacker Container

Container with all the list of useful tools/commands while hacking Kubernetes Clusters

docker-security-checker

Dockerfile Security Checker using OPA Rego policies with Conftest

tools.tldr.run

Curated list of security tools for Hackers & Builders! https://tools.tldr.run

Attacking and Auditing Docker Containers and Kubernetes Clusters

Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters

Breaking and Pwning Apps and Servers on AWS and Azure - Free Training Courseware and Labs

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

osint-viz-platform-reconvillage

Building visualisation platforms for OSINT data using open source solutions

Attacking & Auditing Docker Containers Using Open Source - DEF CON 26

This repository contains all the presentation, documentation and the virtual machine links for hands-on.

Hacked Emails

Command line utility for hacked-emails

Introduction to Containers

An Introduction to Containers using Docker and using it for Security Automation - null Bangalore Puliya

raneto-docker

Docker container for Markdown based Raneto Knowledgebase

Automated Infrastructure Security Monitoring & Defence

null Bangalore Public Bachaav 10 December 2016 Automated Infrastructure Security Monitoring & Defence

Defcon24 - Ninja Level Infrastructure Monitoring Workshop

This repository contains all the presentation, documentation and the configuration, sample logs, ansible playbook, customized dashboards and more for Defcon24 Workshop Contents : Ninja Level Infrastructure Monitoring.

Vulnerable Apps

Proof of concept applications which you can deploy using vagrant and ansible

Awesome DevSecOps

An authoritative list of awesome devsecops tools with the help from community experiments and contributions. http://devsecops.org

Code Vigilant

Code Vigilant project is created out of the need to have a more secure open source software.

Docker Data Science ToolBox

Data Science Command Line Toolbox in a docker container

docker-datasploit

Docker container for datasploit framework

Markdown Automation

Automating Documentation, Presentation, Knowledge base using Markdown (Zero to Hero)

Security Automation with Ansible2

This repository contains all the code, playbooks, details regarding the book on Security Automation with Ansible2.

Windows CLI gems

wincmdfu project is for windows one line commands that make life easier, shortcuts and command line fu. This is combination of all tweets from @wincmdfu

Contact