About Me

Profesional Profile

I am Chaitanya Krishna, i have dedicated experience in information security for the technical realm and security management, which include consulting teams with special responsibilities to initiate, develop vulnerability assessment and penetration testing scenarios for different platforms.Conducted vulnerability assessments to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.

Recognized proficiency in guiding implementation of information security solutions for public and private sectors. Worked for various government organization.Deft in developing and delivering tailored training course in information security. An effective communicator with strong analytical, problem solving and interpersonal abilities and ability to grasp technical concepts quickly.

INFORMATION SECURITY CONSULTANT

>

    Experienced IT professional with over four years of experience in the design, development and management of security information systems for both private and public sector


    • Security Assessments
    • Penetration Testing
    • Training & Development
    • Network Security
    • Proof of Concepts
  • Significant experience and expertise in all areas of information security, including policy analysis, program design, site surveys, firewall analysis, risk assessment and penetration testing, and intrusion detection/prevention.
  • Demonstrated success in guiding implementation of leading-edge technology solutions while balancing security initiatives to risks, business operations and innovations
  • Developed course curriculum for beginners on specialist areas including Penetration Testing with Metasploit
  • Ability to develop and present reports with a good mix of space & time complexity. Excels in undertaking Binary Analysis and capable of presenting conceptual data to clients
  • Multilingual communicator with an innate ability to work with and train cross-functional and multi-disciplinary teams; communicates and understands the voice of global clients from diverse nationalities

CAREER REVIEW

Enterprise Risk Services Consultant > Deloitte Touche Tohmatsu India LLP, Delhi since Jul 2015

    Key Roles & Responsibilities: Work closely with members of the security team in managing corporate and large divisional systems development projects for
  • » Delhi e-Governance Society (DeGS), Department of Information Technology
  • » Jarkhand Police Department Crime and Criminal Tracking Network System (CCTNS)
  • » Centre for e-Governance (CeG) Government of Karnataka
  • » Department of Trade & Taxes Government of N.C.T. of Delhi
  • Offer mitigation techniques for the different types of existing vulnerabilities and exploits. Explain the magnitude of potential business and operational impacts of successful attacks
  • Led the execution of security initiatives by deploying, configuring and supporting security technologies, carrying out security assessments, identifying client’s security requirements, and ensuring that they are implemented.
  • Provide assurance by collecting proof that implemented security controls are operating as designed. Hold overall accountability of creating and developing security policies and procedures

Independent Information Security Consultant Oct 2012 to Jul 2015

    Key Roles & Responsibilities:
  • Relied upon to maintain the technical realm and security management, which included working collaboratively with teams with special responsibilities to initiate and develop vulnerability assessment and carry out penetration testing scenarios for different platform
  • Identified higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence. Acquired sound understanding of attacks seen over the Internet, root cause analysis and mitigation strategies
  • Technical Deliverables:
  • Conducted network vulnerability assessments to evaluate attack vectors and identified system vulnerabilities
  • Developed remediation plans and security procedures. Assisted in the rapid execution of information security initiatives by maintaining an appropriate level of prioritization, focus and persistence in an environment of significant change and growth
  • Assessed the security posture of applications and infrastructure using a variety of assessment tools and methodologies. Tested the ability of network defenders to successfully detect and respond to the attacks. Provided evidence to support increased investments in security personnel and technology

PRESENTATION, TALKS & COURSES

    Weaponizing Metasploit Railgun on Windows API

  • Following talk provides quick POC on usage of Railgun over Windows meterpreter session.
  • Presented this talk in Null Meet held at Tata Consulting Services Hyderabad in Dec 2012
  • http://www.slideshare.net/chaitanyaanantharapu/metasploit-railguns-presentation-tcs-hyderabad
  • Penetration Testing with Metasploit (Security Courses Developed)

  • Created a 70 video lecturers on Metasploit usage for the beginners in Information Security
  • Main objective of the video series was to help students become comfortable in extensive usage of metasploit in their regular assessments within various scenarios
  • Udemy : https://www.udemy.com/penetration-testing-with-metasploit/
  • Developing penetration testing lab setup which simulates small size enterprise virtual lab running with 45-50 machines with a different set of network configurations and hosted vulnerabilities. This is purely for learning different attacks which can be conducted in enterprise networks.
  • Main objective of this course is to develop and deploy their own dream lab rather than running 2 or 3 virtual machines simultaneously. Due for release in Dec ‘15

EDUCATION

2006

Secondary School Education, Kodad Public School, Kodad, Telangana

2006 - 2008

INTERMEDIATE FROM BOARD OF INTERMEDIATE EDUCATION, BOARD OF INTERMEDIATE EDUCATION

2008 - 2012

B.TECH (COMPUTER SCIENCE AND ENGINEERING), ANURAG ENGINEERING COLLEGE, JNTUH

Certifications

Certified Ethical Hacker CEHv 8 from EC-COUNCIL

IBM Certified Deployment Professional - Tivoli Directory Server V6.1

TECHNICAL SKILLS

SKILLS

  • OWASP top10 web application vulnerabilities.
  • Vulnerability Assessment and Penetration Testing of Web Applications and Networks
  • Worked over mostly all web application vulnerabilities
  • Experience performing application security testing and presenting mitigation recommendations to IT and Business
  • Demonstrating Web Application Vulnerabilities of OWASP top 10 such as Cross Site Scripting (XSS) and SQL Injection, Broken Link Authentication, Session Hijacking and Cross site request forgery
  • VA/NPT/APT Process and tools such as Acunetix/App Scan/Web Inspect/Nessus/Net Sparker
  • Penetration Testing − Network, Host, Web Applications
  • Black Box and White Box Penetration Testing (i.e. Internal/External PT)
  • Good knowledge on different penetration testing methodologies
  • Foot printing, Different types of Scanning, Network Reconnaissance
  • Browser, Local and remote exploits
  • Penetration frameworks like METASPLOIT for Compiling and Changing payloads of various Exploits
  • Sniffers like Tcpdump, Wireshark, Cain & Abel and can do analysis, extract data from CAP and PCAP
  • Familiar with different security tools used for Network Scanning, Web application vulnerability assessment, IDS and Wireless Security
  • Configuring and Managing Web Servers, Virtualization (VMware ESXi Server), Virtual Private Servers, VPN, Domains, Web Hosting and Linux/Windows Dedicated Servers

SERVICES

  • Application Penetration Testing
  • Source Code Audit
  • External / Internal Penetration Testing
  • Web Services Assessments
  • WLAN Penetration Testing
  • consultant for audit compliance actions

PROJECTS

    Ginger-Chai

  • Across a range of small scale assessments, clients request to provide list of static and dynamic pages within their web application. Ginger-Chai helps these clients in calculating the total number of static and dynamic pages within web application based on HTTP 200 response code. Results can be exported in .csv format
  • Source Code: https://github.com/chaitanyakrishna/Ginger-Chai

Contact

Get in touch

Please drop me mail or you can call me directly using below mentioned contact number


keep Connect me

Send a message