Sudhir Shirsath
Calgary, Canada
Profile
I’m a IT security consultant with over 10 years of experience in infrastructure, applications, endpoint, and cloud security domain. I have worked in multiple industries, including professional services, financial institutions, telecommunications providers, and startups. This diverse experience has equipped me with a comprehensive understanding of security challenges and best practices within different organizational settings.
Experience
March/2021 - present: Cybersecurity Specialist, MNP
My main responsibilities involve analyzing, investigating, and resolving security alerts that are generated by SIEM, EDR, and cloud apps. I am also responsible for implementing, maintaining, and providing support for security systems, including SIEM, IDS, SOAR, and EDR.
To streamline and enhance our security processes, I work on automating tasks using the SOAR platform or by writing custom scripts that interface with different communication platforms.
In the event of security incidents, I conduct thorough investigations to determine the scope and impact. Additionally, I perform incident root cause analysis (RCA) and participate in incident reviews to learn from the incident and strengthen our security posture.
I organize threat hunting exercises using tactics, techniques, and procedures (TTPs) from CTI (Cyber Threat Intelligence) sources to identify any unknown security incidents or areas where our security controls might need improvement. Based on these findings, I create and fine-tune detection rules to bolster our defenses and respond effectively to emerging threats.
Sept/2020 - March/2021: Security Analyst, Shaw Communications
I regularly performed vulnerability assessments for both infrastructure and web applications. This involved supporting vulnerability assessment solutions and ensuring seamless integration with data sources and reporting tools.
To improve efficiency, I automated the process of tracking and reporting vulnerabilities. Additionally, I wrote customized reports when necessary, which helped remediators prioritize and address the most critical vulnerabilities and policy deviations.
I also took on the task of automating asset tagging between the vulnerability management system and CMDB (Configuration Management Database). This automation was essential to accurately identify the ownership of more than 9000 servers. This significantly improved the efficiency and accuracy of server ownership identification, streamlining not only overall security but also IT operations.
March/2018 - March/2020: Security Consultant, Babbler Group
I designed and developed security architecture for cloud and hybrid-based systems, implementing firewalls, NGFWs, IDS/IPS, IPSec/SSL VPN, SIEM, and cloud-based technologies. As a consultant, I offered technical direction and insight on cyber-related projects for clients. Additionally, I played a role in educating, mentoring, and training colleagues as required and provided L2/L3 support to engineers when needed.
I contributed to enhancing network engineers’ productivity by creating an automated configuration generation and backup tool using Python for firewalls, routers, and switches, resulting in significant time savings for the team.
March/2017 - December/2017: Technical Lead, Tagtalk
I provided security consultation services to the product team and audited the web application code for security flaws and best practices. I performed vulnerability assessments for SAST, DAST, and SCA findings, leading the teams through the remediation process.
I played a key role in managing and securing infrastructure within Amazon Web Services (AWS). Specifically, I was responsible for two production environments and five other environments, ensuring their robust security and smooth operation.
August/2013 - August/2016: Assistant Manager - IT Security, Microline
I designed, implemented, and optimized multi-vendor network infrastructure solutions. I also took charge of implementing client IT projects, overseeing the entire process from scoping requirements to actual launch.
Sept/2011 - July/2013: Technical Specialist, Internetwork Solutions
I delivered instructor-led training on CCNA, CCNP, and CCIE modules, both in the classroom and online settings. I was responsible for conducting training sessions and providing students with the necessary knowledge and skills in these areas. I played an essential role in testing course materials and hands-on labs, giving valuable feedback to the curriculum development teams. This feedback helped ensure the training content remained up-to-date, relevant, and effective in meeting the learning objectives of the participants.
August/2010 - July/2011: Network Engineer, Tech Networks
I configured, installed, and managed routers, switches, firewalls, and other network devices. I was responsible for managing LAN, WAN, and wireless networks, for various clients. This involved overseeing the overall network infrastructure, optimizing performance, and implementing necessary security measures to meet the clients’ specific requirements.
Skills
Infrastructure
- Firewalls: Cisco, Fortinet, Juniper, Palo Alto
- IDS/IPS: Cisco, Fortinet, Suricata, Snort
- SIEMs: Splunk, Rapid7 InsightIDR, Microsoft Sentinel, ElasticSearch
- Web Proxy: Zscaler
Endpoints
- Scripting: PowerShell, Bash
- EDR: Carbon Black, Microsoft 365 Defender
- System Admin: Windows, Linux
- Virtualization: VMware ESXi, Vagrant
- Vulnerability Management: Rapid7 InsightVM, Qualys, Nessus
Applications
- Languages: Python, Golang
- Frameworks: OWASP Top 10, CWE Top 25
- Tools: Burp Suite, Postman, OWASP Zap
- Containerization: Docker
- Version Control: Git
- Query Languages: SQL, GraphQL
- Authentication and Authorization: OAuth, SAML
Cloud
- AWS Services: EC2, S3, Lambda, RDS, DynamoDB, Elastic Beanstalk, IAM, CloudTrail, CloudWatch
- Azure Services: Azure AD, Microsoft Graph API, App Services, Log Analytics
- Config Management: Ansible
- Infrastructure as Code: Terraform, Packer
Cybersecurity
- Frameworks: MITRE Att&ck, NIST, CIS Controls, ISO 27001
- Adversary Emulation: MITRE Caldera, Atomic Red Team
- Query Languages: SQL, GraphQL, KQL, LEQL
- Rule Writing: Sigma, Yara
Education
Savitribai Phule Pune University, Bachelor of Engineering, Department of Computer Science
Certifications
Cisco Certified Internetwork Expert, CCIE# 29840
GIAC Penetration Tester (GPEN), GIAC-GPEN
AWS Certified Solutions Architect, SAA-C02
Juniper Networks Certified Assiciate, JNCIA-Junos