Information Security Consultant &analyst: Anil Patil

ANIL PATIL
Contact: +91-9130706080, +91-9833533009

E-Mail: anilshivajipatil@yahoo.in and anilshivajipatil@gmail.com
LinkedIn.com:- https://www.linkedin.com/in/anilshivajipatil
INFORMATION SECURITY CONSULTANT &ANALYST

Certified Ethical Hacker and Certified Information Security Expert– CEH/CISE
Nearly10+ years’ of impressive success as an IT &Information Security professional in enabling leading organizations to achieve
strategic objectives and growth plans by establishing & championing a robust Vulnerability Management; Expertise in Internal
and External Vulnerability and Penetration Testing and deliver high impact audit reports; vulnerability assessment and
penetration testing experience of over 3.9+ years.
KEY SKILLS PROFILE SUMMARY
Vulnerability Assessment& Penetration  Strong exposure in providing consultancy on Information Security

Testing standards, regulations & best practices, vulnerability findings and
OWASP, PCI DSS, NIST 800-115, SANS policy non-compliance remediation
standards.  In total Consultant has handled around 30+ projects in web
Information Security Systems Design, application security, vulnerability assessments, network audits,
Development & Implementation penetration testing, information security, code review, source code
review and ethical hacking.
Manual Testing and Automation Testing  Conducting systematic web application security assessments and
penetration tests. The assessments involve manual testing and
analysis as well as the use of automated web application vulnerability
scanning/testing tools.
 Conducted External/Internal vulnerability assessment, penetration
testing.
 Application Security Assessment for awide range of business
applications: 20+ web applications in ITES/financial/Banking domain
against standards such as OWASP Top 10, PCI DSS, NIST 800-115,
SANS standards and OWASP ASVS.
 Proficient in understanding and executing application level
vulnerability attacks like - XSS (Cross Site Scripting), SQL injection,
CSRF (Cross Site Request Forgery), Response Splitting, Session
Hijacking, Variable Manipulation, Privilege escalation, Authorization
Bypass, Weak Cryptography, Authentication flaws, Design level
vulnerabilities etc.
 Contributes towards the preparation and authorizes the
implementation of necessary information security policies,
standards, procedures and guidelines which include Windows,
Linux, AIX, HP-UX, Oracle and MSSQL databases, IIS and Apache
Web servers, Cisco IOS, Cisco Pix Firewall.
Notable Accomplishments Across The Career

 Played a key role in providing consultancy for:
o Application Security Assessment for awide range of business applications: 20+ web applications in
ITES/financial/Banking domain against standards such as OWASP Top 10, PCI DSS, NIST 800-115, SANS standards and
OWASP ASVS.
o Performed Security Audit as per Standard PCI DSS & Penetration testing based on NIST 800-115, SANS, etc standards.
INFOSEC EXPERIENCE
Since Jun’12: Ethical Hacker, IT Security Consultant & Analyst
Role:
 Proficiency in Network Vulnerability Assessment & Penetration Testing Tools-QualysGuard Consultant8.9.6.0-1,
QualysGuard WAS, NeXpose, Nessus, Nmap, Metasploit Pro 4.11.1 & Open Source tools.
 Proficiency in Application Vulnerability Assessment & Penetration Testing Tools-Acunetix9.5, QualysGuard
Consultant8.9.6.0-1, QualysGuard WAS, IBM AppScan8.5, HP Web Inspect, Netsparkar, BurpSuit, Paros Proxy3.213,.,Tor
Proxy, Kali Linux, Metasploit Pro 4.11.1, SQL Map, & Open Source tools.
 White Box, Black Box and Grey Box Penetration Testing: devices, user portals, applications, and databases.
 Familiarity with common Application Security Tools, experience working with common tools is ideal-HP Fortify2.2.5, HP
WebInspect9.30, Netcat2.3, and Wireshark1.4.
 Familiarity with SOC process and procedure & SIEM tool (ArcSight, QRadar, and Sumo Logic).
 Web Services or API Vulnerability Assessment and Penetration Testing-REST, SOAP, SOA and other integrations.
WORK EXPERIENCE
Apr’10- to till date: QRC Consulting & Solutions Pvt Ltd. Vashi as Information Security Analyst– Project FloCash Ltd., UK.
(www.flocash.com)
Security Tools: Acunetix11.0, BurpSuite1.7.23, Nessus6.10.7, Metasploit Pro4.13.1, Nmap7.40, QualysGuard Consultant8.9.6.0-1
& VMWare12.
OS:Linux (CentOS).
VPN: CiscoVPN
Role & Responsibility:
• Performed scanning on Zero’s internal, semi-public and public networks to look for running devices, OS and host information.
• Performed scanning on networks using QualysGuard Consultant & Nessus Vulnerability Scanner and submitted an executive
the summary that outlined the details of any issues discovered.
• Performed scanning on networks using Metasploit Penetration Testing Tool and submitted an executive summary that
outlined the details of any issues discovered.
• Submit the Internal & External Vulnerabilities Assessment & Penetration Testing (VA/PT) & ASV report to the client.
• Performed Security Audit as per Standard PCI DSS & Penetration testing based on NIST 800-115, SANS, etc. standards.
• Performed Web Application Penetration testing using BurpSuite &QualysGuard Consultant security tool.
Apr’10- to till date: QRC Consulting & Solutions Pvt Ltd. Vashi as Information Security Analyst– Project Agiliron Inc. USA
(www.agiliron.com)
Security Tools: Nessus6.10.7, Metasploit Pro4.13.1, QualysGuard Consultant8.9.6.0-1.
OS: AWS Cloud Linux.
• Performed scanning on Zero’s internal, semi-public and public networks to look for AWS Cloud Security.
• Performed scanning on AWS Cloud networks using QualysGuard Consultant Cloud Security Vulnerability Scanner and
submitted an executive the summary that outlined the details of any issues discovered.
Apr’10- to till date: QRC Consulting & Solutions Pvt Ltd. Vashi as Information Security Analyst– Project FINO PayTech Ltd. Navi
Mumbai (www.finopaytech.com)
Security Tools: Nessus6.10.7, Metasploit Pro4.13.1, QualysGuard Consultant8.9.6.0-1.
OS: Windows and Linux.
• Performed scanning on Internal & External networks using QualysGuard Consultant & Nessus Vulnerability Scanner and
Apr’10- to till date: QRC Consulting & Solutions Pvt Ltd. Vashi as Information Security Analyst– Project Lester Infoservices Pvt
Ltd, Turbhe, Navi Mumbai. (www.lesterinc.com)
Security Tools: Nessus6.10.7, Metasploit Pro 4.11.1, QualysGuard Consultant8.9.6.0-1.
OS: Windows and Linux.
• Performed scanning on Internal & External networks using QualysGuard Consultant & Nessus Vulnerability Scanner and
• Performed Web Application Penetration testing using QualysGuard Consultant security tool.
Jun’15- Mar’17: Panacea Infosec Pvt Ltd as Information Security Consultant – Project Novarris Fashion Trading Pvt Ltd.,
Gurgaon.
Security Tools: Acunetix10.5, Burp Suite1.6.18, Nessus6.9.1, Metasploit Pro 4.11.1, Vistumbler10-6, QualysGuard WAS,
Microsoft Baseline Security Analyzer2.3, Retina Network Security Scanner.
OS: Windows 7, 8.1 and Linux.
• Performed scanning on networks using QualysGuard WAS &Nessus Vulnerability Scanner and submitted an executive the
• Performed Web Application Penetration testing using Acunetix10.5 security tool of www.jabong.com.
Other Projects:
Title: Project- Mafiree Ltd., Nagercoil
Security Tools: Nessus6.9.1, Metasploit Pro 4.11.1, QualysGuard WAS, Burp Suite1.6.18,
• Performed Security Audit as per Standard PCI DSS & Penetration testing based on NIST 800-115, SANS, etc standards.
Title: Project- MPS Ltd., Gurgaon.

Title: Project- Silkways Card & Printing Ltd., Dhaka-Bangladesh.

• Performed Security Audit as per Standard PCI DSS & Penetration testing based on NIST 800-115, SANS, etc standards.
Title: Project- Loylty Rewardz Mngt Pvt Ltd., Andheri (E)-Mumbai

Security Tools: Acunetix10.5, Burp Suite1.6.18, Nessus6.9.1, Vistumbler10-6, QualysGuard WAS, Microsoft Baseline Security
Analyzer2.3, Metasploit Pro 4.11.1, Retina Network Security Scanner.
Software: VMware11, Android Studio, Android SDK Manager, Android Simulator, APK Files.
• Performed scanning on Wireless device, Mobile devices and location information with Mac addresses using Vistumbler Tool
• Performed android Pen testing of Indian Overseas Bank Rewardz, State Bank Rewardz, United Commercial Bank Rewardz,
apps on Android Emulator.
• Performed Security Audit as per Standard PCI DSS &Penetration testing based on NIST 800-115, SANS, etc. standards
• Performed Web Application Penetration testing using Acunetix9.5 tool of Indian Overseas Bank Rewardz, State Bank
Rewardz and United Commercial Bank.
Title: Project- Atos India Pvt Ltd., Andheri (E)-Mumbai

Security Tools: Nessus6.5.2, Nmap6.47, Burp Suite1.6.18.
OS: Windows 7, 8.1 AIX and Linux.
Penetration Testing Tool: Metasploit Pro 4.6.0, Proxy Ultrasurf 15.02.
• Performed scanning on Zero’s internal, semi-public and public networks to look for running devices, operating systems and
host information.
• Performed scanning on networks using Nessus Vulnerability Scanner and submitted an executive summary that outlined the
details of any issues discovered.
• Performed segment scanning on a server with source IP using Nmap Tool.
• Performed scanning on Windows host through Metasploit Tool in Penetration Testing Tool.
• Submit the Vulnerabilities Assessment (VA) report to the client.
• Performed Security Audit as per Standard PCI DSS &Penetration testing based on NIST 800-115, SANS, etc. standards.
Title: Project- Silicus Technologies India Pvt Ltd., Pune

Security Tools: Nessus6.5.4.
OS: Windows 2008, 2012.
Penetration Testing Tool: Metasploit Pro 4.11.6, Proxy Ultrasurf 15.04.
host information.
• Performed scanning on Windows host through Metasploit Tool in Penetration Testing Tool.
• Submit the Vulnerabilities Assessment (VA) report to the client.
• Performed Security Audit as per Standard PCI DSS &Penetration testing based on NIST 800-115, SANS, etc standards.
Title: Project- ProKarma Softech Pvt Ltd., Hyderabad

Security Tools:Nessus6.7.0, Metasploit Pro 4.11.1.
OS: Windows 2008, 2012 & Ubuntu.
• Performed scanning on Zero’s internal, semi-public and public networks to look for running devices, operating systems,
network devices, firewall and host information.
• Submit the Internal VA & External Penetration Testing report to the client.
• Performed Security Audit as per Standard PCI DSS &Penetration testing based on NIST 800-115, SANS, etc standards.
Mar’14- Jun’15: Cybervault Securities Solution Pvt Ltd., as Information Security Consultant.
Title: Project-Xero, Wellington.
Security Tools: VMware7.1.4, Wireshark, Network Miner, Nmap5.1, Metasploit, Burp Suite, Nessus4.1, Armitage, Maltego,
Forensic Toolkit, AD Registry Viewer.
Hardware: a+ and n+.
OS: Windows 98, 2000, XP, Vista, 7 and Linux
• Performed manual web application security testing against one of Xero’s ancillary applications using Burp Suite and recovered
some unreported issues.
• Demonstrated what an attacker would do when gathering information about Xero from publically available resources.
host information.
Jul’12-Dec’12: Innobuzz Knowledge Solution Pvt Ltd., Pune as trainee Ethical Hacker.
Title: Project- Mega Cyber Lab, Pune
Software: Backtrack 5.2, VMware7.1.4, Win XP Sp2.
Security Tools: IBM AppScan8.5, Nmap4.1, Netcat2.3, Metasploit2.5.
Role& Responsibility:
 Performed Penetration Testing on the web like Hacker mind and submit Internal Penetration Testing Report.
 Detailed report on the hacking attack. Analysis of Host Scanning.
 Footprinting. Information Gathering. Security Testing, Vulnerability Testing.
 Scanning the port using Advanced Port Scanner.
 Vulnerability Assessment Report. Passive Information Gathering.
 Performed Security Audit As Per Standard OWASP.
 Performed Web Application Penetration Testing on www.megacyberlab.com
Mar’09- Apr’11: Avanti Software Solutions Pvt Ltd., Pune as Software Test Engineer
Projects Handled:
 STE of E-Governance Gram Panchayat, Nashik (Scenario – Implementation Done)
 STE of Sevak Bank Ltd., Nashik (Scenario – Implementation Done)
Sep’04- Nov’08: Netwin Systems & Software (I) Pvt Ltd., as Software Implementation Executive
Projects Handled:
 SIE of Key Processing Unit Interface Siemens Company Nashik (Scenario – Implementation Done)
 SIE of Sevak Bank Nashik Jilha Sarkari& Parishad Karmachari Bank Ltd., Nashik (Scenario – Implementation Done)
 SIE of Smart Bank Arthonnati Co-Operative Societies, Nashik (Scenario – Implementation Done)
PREVIOUS EXPERIENCE
Apr’17to till date: QRC Consulting & Solutions Pvt Ltd., Navi Mumbai as Information Security Analyst
Jun’15- Mar’17: Panacea Infosec Pvt. Ltd., New Delhi as Information Security Consultant.
Mar’14- Jun’15: Cybervault Securities Solution Pvt Ltd., Pune as Information Security Consultant.
Jul’12- Dec’12: Innobuzz Knowledge Solution Pvt Ltd., Pune as Trainee Ethical Hacker.
Mar’09- Apr’11: Avanti Software Solutions Pvt Ltd. Pune as Software Security Test Engineer.
Sept’04- Nov’08: Netwin Systems & Software (I) Pvt Ltd., Nashik as Software Implementation Executive.
ITACHIEVEMENT
 Best Performance Awarded for excellent performance During Apr-June 2007.
EDUCATION
 Bachelor of Computer Science (BCS) from Pune University in 2004
ITSKILLS
 CISE- Certified Information Security Expert.
 CEH- Certified Ethical Hacker.
 Appear RHCSA-Red Hat Certified System Administrator (Linux).
PAASPORTDETAILS
 Passport #:J6353958
 Passport Validity: March 14, 2021.
OTHER ACTIVITIES
 Passed MPSC PSI Preliminary Examination held on June 10, 2010.
 Awarded Scholarship as price money from MSEB, Amalner in 1997 and 1998.
 First in school Hindi-Sanskrit subject at SSC Nashik Board Exam in 1997.
 Passed MTS Examination of N.Wadia College, Pune in 1995 at VIII STD.
 Secondary School Scholarship Examination of N.Wadia College, Pune in 1994 at VII STD.
SECURITY COURSES
 DST-Diploma in Software Testing (2008 /Honors) at System Domain (P) Ltd. Nashik.
 ADST-Advance Diploma in Software Technology.Net (2009/72.00) Mauli Education Pvt Ltd. Amalner, Dist. Jalgaon.
 JAVA-Java Programming (2009/70.00) Mauli Education Pvt Ltd. Amalner Dist. Jalgaon.
 CISE-Certified Information Security Expert (June2012) from Innobuzz Knowledge Solutions Pvt. Ltd.,Br. Pune.
 CCNA-Cisco Certified Network Associate (2012/Grade A) in Networxx Infotech Pvt. Ltd. Pune.
 Certified Ethical Hacker (Aug2016/80) from EC-Council Global Certification in Cybervault Securities Solution Pvt. Ltd., Pune.
 Security Information And Event Management (Aug2016) course completed in Cybervault Securities Solution Pvt. Ltd., Pune.
 Web Application Penetration Testing (Feb2017) online course completed from www.Cybrary.it
 Penetration Testing and Ethical Hacking (Feb2017) online course completed from www.Cybrary.it
 Advanced Penetration Testing (Feb2017) online course completed from www.Cybrary.it
 Metasploit (Feb2017) online course completed from www.Cybrary.it
 CompTIA Security+ (March2017) online course completed from www.Cybrary.it
 PCI/DSS (March2017) online course completed from www.Cybrary.it
 Cryptography (March2017) online course completed from www.Cybrary.it
 Intro to Cyber Threat Intelligence (March2017) online course completed from www.Cybrary.it
 Web Security Fundamentals online course completed from www.varonis.com.
 Bug Bounty: Web Hacking (March 2017) online course completed from www.udemy.com
 The complete Ethical Hacking Course: Beginner to Advanced! (April 2017 ) online course completed from Udemy.com
 Ethical Hacking and Penetration Testing Advance Course* (April 2017) online course completed from Udemy.com
 Kali Linux, Ethical Hacking and Penetration Testing! (April 2017) online course completed from Udemy.com
 Definitive Ethical Hacking Course-Learn From Scratch (April 2017) online course completed from Udemy.com
 Learn Burp Suite, the Nr.1 Web Hacking Tool (April 2017) online course completed from Udemy.com
 Hacking Academy How to Monitor and Intercept Transmitted Data (June 2017) online course completed from Udemy.com
 CompTIA Linux+ (June 2017) online course completed from www.Cybrary.it
 AWS Certified Solutions Architect(Associate) (July 2017) online course completed from Udemy.com
 AWS Concept (July 2017) online course completed from Udemy.com
 CCNA Security (July 2017) online course completed from Udemy.com
 Introduction to Kali Linux Penetration Testing (July 2017) online course completed from www.educba.com
 Appearing for RHCSA-Linux in CMS IT Services Pvt Ltd., Navi Mumbai from June 2017.
WORKSHOP
 Ethical Hacking and Cyber Security organized by Mega Cyber Lab, Pune under Innobuzz Knowledge Solutions Pvt. Ltd., Delhi
held on October 21, 2012, Pune.
 Cyber Crime Investigation organized by G.H. Raisoni Law School, Nagpur & Intelligent Quotient Security System Pune held
On August 1, 2011, Jalgaon.
 CCIE Security Ver4 of the Networxx Infotech Pvt. Ltd. Pune on Feb 8, 2013, in Pune.
 Advanced Hacking with Kali-Metasploit organized by Cybervault Securities Solution Pvt. Ltd., held on April 18, 2015, in
Pune.
 Bug Bounty Hunter, BUGS’XPLORATION held on 10th and 11thOctober 2015 at Ahmedabad, Gujarat.
 Cyber Security, Bug Bounty Hunter April 17, 2016, in Cyber Security Study and Research Laboratory, Pune
 PCI DSS Simplified event on June 25, 2016, at New Delhi by Mr. Ajay Kaushik, Founder & CEO Panacea Infosec Pvt Ltd., New
Delhi (PCI QSA Company).
 CYBER TALK held on 2nd July, 2017 at Ahmedabad organized by SYNJ-Intel Services & Solutions Pvt Ltd.
PERSONAL DETAILS
Date of Birth: 06th April, 1981.
Languages Known: English, Hindi, and Marathi
Address: C/o Abhimanyu Patil, Flat No-304, B-Wing, Jay Malhar Apt., Vill-Dhavdi,
Dombivli (East), Tal-Kalyan, Dist-Thane, Pin Code-421201, India.
Important Note: If required will ready to relocate anywhere in India & Overseas as per company norms.
Please refer to the annexure for the project details

ANNEXURE
MAJOR PROJECTS HANDLED

Title: IT Application Implementation and IT Support
Highlights:
 Reviewing of test cases/scripts for a complete product.
 Banking workflows/Data Integrity Issues/Security and Access Issues.
 Recovering Testing/All the above need to be tested in the expected banking environment (Hardware, LAN, OP, Sys, Domain
configurations, databases).
 Reduced the vulnerabilities which in a way had significantly reduced the potential of threats exploiting the vulnerabilities
Title: Software Test Engineer

Highlights:
 Designing of Test Bed for execution.
 Involved in the functionality testing of the system.
 Preparing Test Cases for manual execution.
Title: IT Security Test Engineer

Highlights:
 Testing is done by owasp zap & Webscrab
 Session related Testing.
 Checking for URL tampering authentication.

Highlights:
 Bug Tracking for the designed test cases.
 Designing of Test Bed for Execution.

Highlights:
 Modifying present Test scripts using QTP, Silk Test, And WinRunner
 Preparing Test Cases/Test Plan, Automated Test Scripts for manual and automation testing through QTP.
 Maintaining the issues in QA status report and maintaining the bugs.
 Bug Tracking for the designed test cases.
 Designing of Test Bed for Execution.

Information Security Consultant &analyst: Anil Patil

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Information Security Consultant &analyst: Anil Patil

Uploaded by

Copyright:

Available Formats

ANIL PATIL

Contact: +91-9130706080, +91-9833533009

INFORMATION SECURITY CONSULTANT &ANALYST

KEY SKILLS PROFILE SUMMARY

Vulnerability Assessment& Penetration  Strong exposure in providing consultancy on Information Security

Notable Accomplishments Across The Career

Title: Project- MPS Ltd., Gurgaon.

Title: Project- Silkways Card & Printing Ltd., Dhaka-Bangladesh.

Title: Project- Loylty Rewardz Mngt Pvt Ltd., Andheri (E)-Mumbai

Title: Project- Atos India Pvt Ltd., Andheri (E)-Mumbai

Title: Project- Silicus Technologies India Pvt Ltd., Pune

Title: Project- ProKarma Softech Pvt Ltd., Hyderabad

Please refer to the annexure for the project details

MAJOR PROJECTS HANDLED

Title: Software Test Engineer

Title: IT Security Test Engineer

Title: Software Test Engineer

Title: Software Test Engineer

You might also like