Aravind Janardhanan

Responsibilities: Customer delivery, Pre-sales, Practice development

Project Delivery Details

Client 1: European health and nutrition manufacturing company
4 Regions, 39 Countries, 128 Sites
Enabled security monitoring by deploying, configuring and fine-tuning Nozomi Guardian IDS sensors across 128 global locations
Integrated with SIEM (Splunk) and established end-to-end OT SOC Operations

Client 2: American multinational conglomerate holding company focused on transportation, e-commerce and business services
206 manufacturing locations in US, 50 plus sites in Europe,
1200 plus Armis collectors Led OT Threat Monitoring using Armis
Leveraged Data Analytics for building OT specific use cases Client

3: Steel manufacturer in Middle East Deployed firewalls, build industrial DMZ and IDS Solution (Nozomi Guardian)
Designed and implemented OT SOC, integrated with SOAR developing automated OT playbooks Client

Established trusted advisor relationships with key stakeholders, including C- Level executives, OT managers and IT Security team
Designed and established Security Operations Center (OT/IT), covering assessment, log integration, SIEM setup, use case creation, and training.
Hands on experienced in deployment and configurations of OT security solutions, including IDS (Nozomi, Claroty, Armis), firewalls (Palo Alto, Checkpoint), and endpoint security (ESET, Symantec, Trend Micro).
Developed High-Level and Low-Level Designs, knowledge bases, workflows and required technical documentations for incident response and remediation.
Designed OT Incident Response frameworks and led training for OT teams on incident remediation.
Ensured full visibility of OT assets for effective incident monitoring and stakeholder reporting
Conducted Risk Assessments and gap assessments in OT environment Conducted regular assessments and audits of OT security controls, identifying gaps and recommending remediation measures. Executed OT Vulnerability Management programs, coordinated with vendors for detection, triage, and remediation advice.
Proficient in OT protocols, technologies, and systems, including SCADA, PLCs, DCS, and security frameworks (ISA IEC 62443, NIST 800-53, NIST SP 800-82, ISO 27001, NERC CIP, CIS, Cyber kill chain MITRE, SOC 2)
Developed and implemented cybersecurity controls and solutions to mitigate risks and protect critical infrastructure.
Administered OT practice’s Delivery Excellence and Skill Assessment program across multiple OT projects to ensure high client satisfaction.

Pre-sales
Responded to RFPs/RFIs/RFQs, creating tailored proposals with precise pricing, boosting successful bids by 15%.
Delivered end-to-end security solutions via PPT to customers and internal stakeholders.
Led product demos and proof of concepts to enhance the sales pipeline.
Developed project plans, budgets, and resource allocations to meet project objectives and deliverables.

Lead and Manage Security Operations Center
Responsible for integration of standard and non-standard logs in SIEM
Performed threat management, threat modeling, identify threat vectors and develop use cases for security monitoring
Analyze events to understand Threat campaign technique and lateral movements in incidence response
Revise and develop processes to strengthen the current Security Operations framework, review policies and highlight the challenges in managing SLAs

Designed and Implemented OT/ICS Cyber Security architecture complying with Industry Standards across multiple global locations
Deployed OT security solutions (CyberX, Firewalls, Antivirus) and integrated to SIEM platform
On-boarded OT use-cases and fine tuning performed for reduction of false positives
Implemented Network segmentation, LAN segmentation, Risk Assessment, and Focused Monitoring across OT infrastructure
Regular MOS with Site IT team to evaluate identified security risks and make plans for improvement +\

Experience in conducting and driving Threat Hunting in IT/OT infrastructure
Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets
Maintain email infrastructure, providing stability by developing policies, procedures for operations
Implemented email security standards such as DKIM, SPF and DMARC +

Experience in design and implementation of endpoint security solutions which includes installation, configuration, policy creation, fine tuning, and maintenance
EDR and Antivirus Solutions +

Experience in managing and designing Cloud/On-perm Proxy solutions for enterprise network
Experience with PAC file functions, SSL Interception on web sessions and troubleshoot issues related to proxy environment +Experience in designing, implementing and maintaining firewall security and service availability throughout the system life cycle +Possess proficiency in Cyber Security frameworks like Cyber Kill chain, MITRE, NIST cyber security, CIS Controls, OWASP controls, Diamond Model

Hands on experience in Handling abuse issues, Hack, Spamming and Phishing investigations, manage DDOS, DOS detection and Hacking prevention +Trained new team members and promoted supportive and performance oriented

Maintain the security services and technologies involving the SIEM configuration & planning and incidence response.
Lead incidents, coordinating and directing multiple subject matter experts internal and external to the organization.
Perform complex incidence response technical analysis and develop technical conclusions based on analysis of evidence; review analysis and conclusions of other consultants.
Technical leadership guiding the development and evolution of our security monitoring platform as well as detection and response procedures.
Analyzing Events to understand threat campaign techniques and lateral movements in the incident response.
Develop comprehensive and accurate reports and presentations for both technical and executive audiences.

Serve as subject matter expert in incidence response and digital forensics.
Document findings, develop incidence response remediation recommendations and present orally and in written reports for clients.
Conduct host forensics, network forensics, log analysis and malware triage in support of incidence response investigations.

Monitoring, Correlating and managing Incident response to detect advanced security attacks.
Identified and analyzed business violations of security policy and standards.
Performing Vulnerability assessment using automated tools.
Integration of Splunk with different log sources and creating Dashboards File integrity monitoring using OSSEC.
Assisting in PCI DSS compliance.
Handling Malware outbreaks & Tracking Advanced Persistent Threats.
Creating Daily, Monthly reports and Adhoc reports.

Part of a Team responsible for addressing new security threats with client’s systems and promote security awareness to ensure system security and to improve server and network
efficiency
Document server security and emergency measures policies, procedures, and tests.
Review violations of server security procedures including the spamming, phishing and discuss procedures with violators to ensure violations are not repeated.
Handling the abuse complaints and perform security audits on client servers in regular intervals of time using ClamAV and Maldet and their quarantine
Develop defensive strategies and polices to fit each client’s needs.
Installation and configuring antiviruses like ClamAV, Maldet and their automation
Responsible for real time mitigation and resolution of security events like DDoS.

Advanced trouble shooting and technical support abilities with migrations, network connectivity and security and database applications.
Server hardening and optimization.
Server scanning for malwares, backdoor etc.
Responsible to manage DDOS, DOS detection and Hacking prevention
Handling abuse issues, Hack, Spamming and Phishing investigations.
Nagios monitoring, advanced Nagios management and configuration customization.
RAID and LVM: Creating and maintaining RAID and LVM.
Apache/MySQL optimization.
Monitor Load average, System load, uptime and suggest upgrade/fine tuning to the system/Packages for ensuring better performance and maximize uptime.

Responsible for Server Security Management.
Responsible for managing Mail servers like Exim.
Managing and Installing via Kick Start Installation and Remote PXE boot.
Security Concepts - Iptables, Config Secure Firewall (CSF), Rkhunter, Chkrootkit, Clamav.
DNS Servers - BIND Configurations and Management.
FTP Servers - Pure FTP and Pro-FTP
Configure Firewall using IPtables, CSF and APF.
Responsible for configuring and maintaining Apache Web servers.