RAHUL

Summary

Cyber Security Analyst || Cyber Security Corporate Trainer || Certified Ethical Hacker || Vulnerability
Assessment Penetration Tester || Security Researcher || Bug bounty hunter || Cyber/digital Forensics
Analyst || Network Expert || CTF PLAYER || Malware Analyst || Linux Administrator.

• Highly skilled and driven Professional Cyber Security Analyst with extensive experience in network
security, incident response, and vulnerability analysis. 12+ years of experience in cyber security.

• I work as a penetration tester, bug bounty hunter, and CTF participant. I've done web, network, and
Android application penetration testing before. I have extensive knowledge in network and cloud
security. I enjoy CTF events, particularly Hack the Box and TryHackMe. I'm particularly interested in Red
Teaming and Offensive Security, as well as Exploit Development and Malware Analysis.

• An organized professional with demonstrated teaching, advising, and counselling abilities. Capability to
work as part of a team and professionally address challenges and disagreements. Expertise in
establishing and implementing programs to assist new employees advance professionally. Strong
leadership and motivating abilities and an effective communicator.

• At search of a demanding career at a respectable firm where I can put my technological skills to use and
help strengthen the organization's security posture.

Work Experience

❖ Total Experience - 12+ Years

o Jan 2012 - Present - CYBER SECURITY ANALYST, India.

• For the past decade, I've been a professional in cyber security training.

• Conducted training sessions at over 100 different institutes and MNCs.

• Presented 30+ Cyber Security Awareness events for a range of K–12 institutions, tertiary
institutions, NGOs, and private-sector organizations. coached mentors' teaching methods while

Page 1 of 12
 working as a freelance instructor.

• Taught the Cyber Security Awareness workshop at the FCI Group in Mohali.

• Gave the Jalandhar CIS Community's Cyber Security Awareness Program.

• Served as a guest professor in many Punjabi colleges and universities.

• Aided PhD candidates with the creation of their theses.

• Trained more than 2,00000 students (offline and online).

• Successfully completed two months of corporate training on application security and bug bounty
at Nokia in 2023.
• Accomplished effectively the six-month Advanced Ethical Hacking Course Training in 2023. which
I have instructed both academics and students at institutions.
• In 2022, I gave a 10-day workshop on cyber security at Guru Nanak Dev Engineering College. At
the GNDEC in Ludhiana, the training practice session was excellent. I have addressed all pertinent
subjects in this presentation, including social engineering, mobile hacking, DOS/DDOS assaults,
and Wi-Fi penetration testing using all available tools.
• In the year 2022, the GNIMT, Model Town, Ldh held a workshop on advanced ethical hacking. I
have covered every assault in these hands-on training courses, as well as how to set up a red and
blue team to assist users and any company in identifying and fixing system vulnerabilities.

• In twenty-two, I gave a 7-day workshop at Guru Nanak Dev Engineering College on cyberthreats
and risk. I discussed every single element of analyzing zero-day threats in this practical
presentation so that organizations may safeguard their systems and data.
• With great success conducted workshops on cyber security and cyber forensics at the engineering
college of Global Institutes Amritsar in 2022. I addressed on topics like IOT and cloud hacking in
those sessions.
• Effectively completed two months of summer cyber security training in 2022. which I've instructed
academics and students from more than 56 institutions.

o Feb 2022 - June 2022 - CYBER SECURITY TRAINER & VAPT EXPERT, ANSHINFOTECH, India.

• Maintained and monitored firewalls, IDS/IPS, and VPNs as well as other network security tools.

• Helped create and put into place secure network designs.

• Performed routine vulnerability checks and made sure that vulnerabilities were promptly fixed.

• Contributed to the creation and delivery of training for staff on security awareness.

• To guarantee adherence to industry norms and laws, I took part in security audits and assessments.

• Setting up, debugging, and fixing issues with firewalls (such as Cisco ASA, Firepower, Palo Alto, and
FortiGate), remote Internet VPNs, and Cisco ISE.
Page 2 of 12
 • The installation of patches, hotfixes, and upgrades on the devices.

• Looking into and taking necessary action in response to threats found by IPS/IDS.

• Assist with the planning, installation, and configuration of sophisticated L2/L3 switch infrastructure.

• Network configuration to guarantee efficient and dependable operations and procedures.

• Manage networking installation, setup, upkeep, and troubleshooting.

• Create and implement tools for network automation and orchestration.

o July 2013 - June 2018 - CYBER SECURITY ANALYST, SMARTWAY SOLUTIONS PVT LTD, India.

• Performed network security analysis and monitoring to find and address any security events.

• Conducted penetration testing and vulnerability assessments to find security flaws and suggest fixing
them.

• Helped create and put into effect security policies and procedures.

• Worked with IT teams to coordinate patch management and optimal security setups.

• Created thorough incident reports and presented management with results.

• Took part in forensic investigations and malware analysis as part of security incident response
efforts.

• Organized and gave a variety of training sessions on VAPT, tryhackme, and vulnhub, among other
topics.

• Taught a variety of computer networks and cyber security courses for Exclaim. A+, AWS, AZURE,
CompTIA Security+, and Cybersecurity

• Looking into and taking necessary action in response to threats found by IPS/IDS.

• Weekly updating of IPS Signature.

• Recording network modifications and updating schematics as necessary.

• Investigating the underlying causes of network issues.

• Contributed to the upkeep of email security, firewalls, web protocols, and virtual private networks.

• Focused on endpoint security, network access controls, perimeter security, and web security
gateway monitoring.

• Worked on maintaining the configuration and security of cloud-based systems while deploying them.

Page 3 of 12
o July 2012 - Present - CTF Player

Hack The Box | TryHackMe | PentesterLab

Since I started playing, it has been around 12 years. I've been working on a variety of problems, including
those involving web, mobile, and network hacking, digital forensics, reverse engineering, cryptography,
OSINT, networking, Linux/Windows issues, and general skills.

• The current top 100 worldwide on HTB.

• Presently in the Top 90 globally on THM.

• Ten certificates obtained from PentesterLab

o January 2016 - Present - Freelancer CYBER SECURITY ANALYST & TRAINER, InstaDot Analytics.

• Motivated and trained teachers to provide exceptional learning environments.

• Assisted in course development and design.

• Reviewed class and student records to look for areas in need of improvement and implemented
plans of action, which student satisfaction and evaluations.

• Managed and assisted students develop life-long learning skills and good study habits.

• Participated in department meetings to provide input to colleagues about student achievement and
improvement.

• Maintained excellent attendance record, consistently arriving to work on time.

Page 4 of 12
 Hands On Vulnerabilities

• Local file inclusion (LFI) • SQL injection

• Remote file inclusion (RFI) • Cross Site Scripting (XSS)

• Server-side request forgery (SSRF) • CSRF (Cross-site request forgery)

• Cross-site request forgery (CSRF) • Clickjacking

• Request smuggling • XML external entity (XXE) injection

• Session Hijacking • HTTP request smuggling

• Buffer Overflow • Log4J

• Remote Code Execution • BAC (Broken Access control)

• Fuzzing Command injection • OS command injection

• Directory traversal • Insecure deserialization

• OAuth Broken authentication • Reverse Engineering

• HTTP Host header attacks • HTTP Host header attacks

• WebSocket’s • Web cache poisoning

• File upload vulnerabilities • Information disclosure

• Business logic vulnerabilities • Parameter Tampering

• Brute-force • IDOR

• Cross-origin resource sharing (CORS)

Hands On Tools

Web Application VAPT Network VAPT Wireless PT Forensic Password Bypass

Burp Suite Nmap Aircrack-ng Volatility Hydra

Splunk Nessus Airgeddon Autopsy Medusa

Page 5 of 12
Metasploit Wireshark Fluxion MobSF Johntheripper

Nikto Netcat Wifite ADB Rainbowcrack

SQL Map Dnsrecon Wifipumpkin3 Ghidra Cupp

Acunetix Recon-ng Kismet FTK Imager Crunch

Netspark Mass Scan Reaver Diskdrill

Uniscan Powersploit Maltego

Wp-Scan Ettercap OSINT

Dirbuster Xerosploit EaseUs

Go Buster Hping Bloodhound

Skills

o Technical Skills:

• Cyber Security Analyst • Network Expert

• Cyber Security Trainer • Security Researcher

• Cyber/digital forensics analysis • Ethical Hacking

• Vulnerability Assessment Penetration Testing • Malware analysis

• Bug bounty hunter • Red/Blue Teamer

• Risk Incident Handling Response • CTF PLAYER

• Network Monitoring (Wireshark) • Cryptography

• Database Administrator (SQL, MySQL, Oracle, Mongo-dB, Firebase dB) • Cloud Security

• Programming Skills (C, C++, Java, Python, Ruby, C# and Bash Scripting) • Linux Administrator

• WEB-DEVELOPMENT (HTML, CSS, JAVASCRIPT, JQUERY, PHP, ASP.NET) • Server Designing

• Graphics Designing & Editing (Adobe Photoshop & Coral draw) • Cloud Computing

• Microsoft Office (Word, Excel, PowerPoint) • SOC, SIEM with Tools

Page 6 of 12
• Threat Modelling • Threat Hunting

o Network Security:

• Firewall configuration and management

• Intrusion Detection and Prevention Systems (IDS/IPS)

• Virtual Private Network (VPN) setup and administration

• Secure network architecture design

• Network traffic analysis and packet inspection

o Incident Response:

• Investigating and responding to security incidents

• Malware analysis and removal

• Incident documentation and reporting

• Conducting forensic analysis

o Vulnerability Assessment:

• Conducting regular vulnerability assessments and penetration testing

• Identifying security weaknesses and recommending remediation measures

• Vulnerability scanning tools (e.g., Nessus, OpenVAS)

• Patch management and vulnerability mitigation

o Web Penetration Testing:

• Web application analysis and inspection

• OSINT and information gathering techniques

• Vulnerability assessment of web applications

• OWASP TOP 10 2013 / OWASP Testing guide

• Manual exploitation of XSS, SQLi, web services, HTML5, LFI/RFI

• Exploit development for web environments

Page 7 of 12
o Network Penetration Testing:

• Vulnerability Assessment of Networks

• Advanced Exploitation with Metasploit

• Performing Attacks in Pivoting

• Privilege escalation and Persistence

• Exploit Development

o Android Penetration Testing:

• Reverse engineering Android applications

• Exploit Android vulnerabilities

• Applied security principles

• Encryption and cryptography

o Cloud Computing & Security:

• Cloud Concepts, Architecture and Design

• Cloud Data Security

• Cloud Platform and Infrastructure Security

• Cloud Application Security

• Cloud Security Operations

• Legal, Risk and Compliance

o Windows/Linux OS:

• Provide Linux System Administration

• Linux System Security

• Managed Information security Compliance activities

• Linux server security administration

• Monitored the servers and Linux scripts regularly and performed troubleshooting

Page 8 of 12
 • Managed prominent level web applications and worked with windows

o DevSecOps:

• DevOps Implementations

• Continuous Integration & Delivery

• Security & SIEM

• Docker & Containers & Kubernetes

• Alibaba Cloud, AWS, Azure & Google Cloud

• Microservices

• Monitoring & Observability

o Security Tools:

• Security Information and Event Management (SIEM) platforms

• Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)

• Anti-malware and antivirus software

• Vulnerability scanning tools (e.g., Nmap, Nessus, Nigto)

• Network monitoring tools (e.g., Wireshark, Nagios)

o Compliance and Regulations:

• Knowledge of industry standards (e.g., ISO 27001, NIST)

• Familiarity with data privacy laws and regulations (e.g., GDPR, CCPA)

• Conducting security audits and assessments

o Communication and Collaboration:

• Strong verbal and written communication skills

• Ability to explain technical concepts to non-technical stakeholders

• Collaborating with cross-functional teams

• Presenting findings and recommendations to management

Page 9 of 12
o Soft Skills:

• Critical thinking skills • Coaching

• Time management skills • Mentoring

• Organizational skills • Leadership

• Establishing work objectives and strategies • Professional development

• Decision-making skills • Performance management

• Communication skills • Presentation software

• Public speaking • Business Interpersonal Skills

Major Projects

• In 2013, an event to find vulnerabilities and get access to vulnerable systems was completed
successfully. Numerous institutes take part in this event and get awards.

• Successfully held international "Cyberthon" hackathons for cyber security at CT University.

• Completed the development of the Traffic Signal Violation Detection System and presented it at
the 2017 Hackathon Competition.

• Successfully trained students in networking and CCNA at the Cisco Networking Academy.

• Create web apps for diverse companies that are E-commerce protected and have enough
security in place.

• Installed a 4G network infrastructure for MMU Mullana's Super Specialty Hospital, an eight-story
building with more than 1500 data points.

• The 2012 CTF Competition at OIVET was a success. This features participation from several
institutions and skill demonstrations by international cyber security experts.

• Used technical workshops to improve the study and learning performance of students. created
immersive "boot camp"-style settings.

• Creating and implementing High-interaction Honeypots to safeguard diverse businesses' systems

and networks against viruses and threats from malicious users.

Page 10 of 12
• Expertly established up the news channel data center/server room, a partner company of MMU
University. It has 72 TB of fiber channel SAN storage for servers running Windows and Mac. For
redundancy and WASP 3D playout servers and clients, a dual leased line configuration is used.

Certifications

• Certified in Cybersecurity from ISC2.

• API Penetration Testing from APISEC UNIVERSITY.

• API Security Fundamentals from APISEC UNIVERSITY.

• ISO/IEC 27001 Information Security Associate from Skill Front.

• Foundations of Business and Entrepreneurship from Skill Front.

• Duolingo English Test from Duolingo.

• Crash Course on Python from Google.

• Technical Support Fundamentals from Google.

• Foundations of Project Management from Google.

• Foundations: Data, Data, everywhere from Google.

• Foundations of User Experience (UX) Design from Google.

• Foundations of Digital Marketing and E-commerce from Google.

• Netflix Clone from Google.

• SQL Injection Attacks from EC-Council.

• Cyber Shiksha for Beginners from Quick Heal Academy.

• Practical Ethical Hacking from TCM Security.

• Certified Ethical Hacking Masterclass: Beginner to Advance from Udemy.

• Digital Forensics for Pen testers from Udemy.

• Cybersecurity Essentials from Cisco Networking Academy.

• Introduction to Cybersecurity from Cisco Networking Academy.

• CCNA: Switching, Routing, and Wireless Essentials from Cisco Networking Academy.

• CCNAv7: Introduction to Networks from Cisco Networking Academy.

Page 11 of 12
• NDG Linux from Cisco Networking Academy.

• PCAP: Programming Essentials Python from Cisco Networking Academy.

• Certified Entrepreneurship Instructor from Cisco Networking Academy.

• AWS Academy Graduate - AWS Academy Cloud Foundations from Amazon Web Services (AWS).

• Mobile App Security from Cybrary.

• Welcome to Cybrary from Cybrary.

• C++ Training Essentials from IIT Bombay.

• C Training from IIT Bombay.

• Penetration Testing with KALI and More: All You Need to Know from Udemy.

• The Complete Python 3 Course: Beginner to Advanced! from Udemy.

• The Complete 2021 PHP Full Stack Web Developer Bootcamp from Udemy.

• Full Stack: Angular and Spring Boot from Udemy.

• Certification in the LibreOffice Suite Calc Training from IIT Bombay.

• Certification in the Introduction to Computers Training from IIT Bombay.

• Certified Secure Computer User (CSCU) v2 (Complete Series) from EC-Council.

Page 12 of 12