Prashanth Krish

  • Security Engineer
  • Santa Monica, California, United States
  • Information Technology and Services

Previous positions

  • Cyber/Application Security Engineer at Barrick Gold Corporation
  • Information Security Risk Analyst at Secureapp Technologies

Education

Wilmington University, Master’s degree, Information Security

Background

Summary

Security Engineer with a Master’s degree in Information Security and 4 years experience on Web Application Security, Vendor Risk Management, Risk Assessment and Penetration testing. Effective communicator with interpersonal skills to collaborate across teams, stakeholders to achieve core business objectives. AREAS OF EXPERTISE: Application Security Assessment & Audits Vulnerability Management Security assessments based on ISO 27000 frameworks, NIST, CCPA, GDPR, CSA, SOX, SOC 1 & SOC 2 reports Web app penetration testing iOS/Android app penetration testing Java/Python source code reviews Incident Handling and Response Vendor Risk Management Performing PCI-DSS compliance assessments Consulting application development teams on security issues, risks, and mitigation advice

Experience

  • Application Security Engineer

    Smartmatic

    March 2019 – Present(7 months)Santa Monica, California

    Smartmatic is a Venezuelan-owned multinational company that specializes in technology solutions aimed at governments. It is organized around producing electronic voting systems, smart cities solutions(including public safety and public transportation), and identity management systems for civil registration, as well as authentication for government applications. I am part of a committed and dedicated team to provide a safe and secure Voting System/Technology for LA County that is to launch for use in the 2020 general elections.

    Recommendations (1)
  • Cyber/Application Security Engineer

    Barrick Gold Corporation

    May 2018 – February 2019(9 months)Henderson, Nevada

    • Responsible for performing web application penetration testing to identify OWASP Top 10 security threats using Rapid 7 Insight VM and Burp suite • Performed static analysis on source code developed from common languages including Java, C, C++, Objective C, Python, SQL, Perl, JavaScript, Ruby, Bash and PowerShell to identify any vulnerability or malicious activity • Collaborated with Business Owners to mitigate confirmed vulnerabilities that requires high urgency to be fixed. Developed technical matrix, diagrams, and data flow mapping to identify process and threats • Revised the Risk Assessment Methodologies, Strategies, Policy and Processes to align with the current security best practices • Integration of ISO 27001, NIST Cyber Security Framework, Cloud Security Alliance – CAIQ Consensus Security Risk Assessment to assess new vendors • Partnered with vendors and third parties to assess their systems in order to understand their cyber security posture and analyze gaps in their systems • Conducted security awareness training for employees on spam emails and provide tactical response for phishing attempts with recommendations • Proactive participant in project intake review process for new vendors

    Recommendations (1)
  • Information Security Risk Analyst

    Secureapp Technologies

    January 2017 – May 2018(1 year 4 months)Edison, NJ

    • Performed a detail analysis of current SDLC practices related to application development life cycle, identify business process gaps that includes change management, configuration management, version control, BCP/DRP, access controls, and data classifications • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) through Software Development Lifecycle by performing code reviews to identify the most serious threats • Provided security support and evaluation to development teams to integrate information assurance/security throughout the System Life Cycle Development of major and minor applications • Running initial, online and onsite risk assessments on systems of the vendors and the third parties with the help of industry standards like HIPAA, PCI and frameworks like NIST and ISO

  • Cybersecurity Analyst

    Byte to Bit Technologies Pvt Ltd

    July 2014 – July 2015(1 year)Chennai Area, India

    • Develop secure code practices and provide hands-on training to developers and quality engineers • Perform security reviews and provide insights throughout all phases of software development • Work with IT Groups to define, develop, socialize and execute long-term application security roadmap • Threat model web applications and work with development team throughout the agile SDLC • Perform compliance scanning to analyze configurations and compare to established baselines, recommending remedial actions where necessary

Education

  • Wilmington University

    Master’s degree, Information Security

    2015 – 2017

  • Anna University

    Bachelor of Engineering (B.E.), Computer Science

    2010 – 2014

Languages

  • Tamil

    Native or bilingual proficiency

  • Telugu

    Native or bilingual proficiency

  • English

    Full professional proficiency

  • Hindi

    Limited working proficiency

Projects

  • Benefits Enrollment System for Humana Health Insurance Company

    October 2016 – December 2016

    Developed a simplified benefit enquiry system which is cost and time effective for both members and health providers by automating Humana’s existing manual process. This project automates benefit referrals and routes them for automatic scheduling, saving significant resources. Advantages: Helps provide the best service to members with less time consumption in an effective manner. This improves the efficiency of benefit specialists and eliminates any human errors in checking benefit eligibility.

    Team Members (1):
    • Prashanth Krish
  • Denial of Service Attacks in Wireless Networks-The Case of Jammers

    February 2016 – April 2016

    This project deals with providing a survey of detailed up-to-date discussion on the attacks in a wireless network over the last many years. Also describes some of the most harmful attacks that can be launched in a wireless network. Having established the threat, it reports the most important research on detecting and preventing such scenarios.

    Team Members (1):
    • Prashanth Krish

Skills & Expertise

  • Windows Server | Network Security/Administration | PPP | Frame-Relay | ISDN
  • Cisco packet Tracer, GNS3 Programming languages: C, C++, python
  • Microsoft Excel
  • Troubleshooting | TCP/IP Protocol | Server Hardware | Windows 7
  • Microsoft Office
  • Cisco Routers/Switches | Microsoft Office | Active Directory Services
  • AWS Console, AWS CLI, Amazon EC2, S3, RDS, VPC, SQS, Lambda, DynamoDB, OpsWorks
  • Management
  • Linux
  • OSPF, EIGRP, IGRP, RIP and RIPv2 | HSRP | DHCP | DNS | FTP | TFTP | CHAP | SNMP
  • Microsoft Word
  • Microsoft PowerPoint
  • SQL

Certifications

  • CCNA – Routing and Switching

    Cisco, License

    February 2017 – February 2020

  • Insight VM Certified Administrator

    Rapid7, License

    July 2018 – July 2020

  • Certified Ethical Hacker (CEH)

    EC-Council, License

Courses

Wilmington University

  • Web and Data Security
  • Data Communications and Networking
  • Planning for Information Security, Operating System
  • Operating System and Computer System Security