Durgesh Gaurav



Durgesh Gaurav

Cyber Security Professional

Leverage system and network security for protection against threats and vulnerabilities.

Passionate and dedicated towards cyber security solutions with artificial intelligence (AI)

for advance protection against general/custom/AI based threats.

"Dedicated to create and maintain a safe cyberspace for organizations and individuals.”

San Francisco, CA 94105 (M) 314.328.0302

in/durgeshgaurav (H) 314.260.1577

durgesh@

RECENT RESEARCH: "Reverse engineering and vulnerability analysis using AI/machine learning to automate system and network security for advanced cyber protection".

Description: The research focuses on the reverse engineering of the malware and attack techniques for identification and neutralization to maintain a safe cyber environment by creating a better protection technique using AI against advance threats and vulnerabilities.

PERSONAL RESEARCH PROJECT: Virtual Security Analyst (Personal Project, Dec-2017): A self-defending network and system application which can make self-decisions to execute protection against suspicious activities or intrusions using machine learning/artificial intelligence.

Publication-Book

Gaurav, D. (2017). Learn how to defend against cyber-crimes, in just one day. Retrieved from

Technical Proficiency

Artificial Intelligence | Machine Learning | Natural language processing | Data Loss Prevention | Data De-Identification | Data Classification| End Point Protection | Threat Modeling | Advanced Threat Protection | Cyber Kill Chain | APT | Metasploit | Malware Analysis | Penetration Testing | Network Security | System Security | Digital Forensics | Cryptography | Vulnerability Scanning | Ethical Hacking | Risk Assessment | Incident Response

|Computer Proficiency: |Windows, Linux-RHEL and Kali |

|Artificial Intelligence: |Machine learning, Natural language processing, TensorFlow / Azure |

|Languages & Technologies: |CSS, Hibernate, HTML, Java Core (JSE) / Advance (JEE), JavaScript, JDBC, jQuery, JSON, JSP, MySQL, Python, Servlet and |

| |WebLogic Sever |

|Cyber Security: |Cyber Kill Chain |Threat Modeling & Protection | Penetration Testing-Metasploit framework, Burp Suite, etc. | |

| |IDS/IPS-SNORT | SIEM-Splunk, IBM QRadar | Vulnerability Scanner-Nessus / HPE Fortify & WebInspect / OpenVas |Port |

| |Scanner-Nmap |Endpoint Security- Symantec (SEP) 14| Symantec Advance Threat Protection (ADT) 2x |Data Loss |

| |Prevention-Symantec (DLP) 14| Console-McAfee ePO 5.x |Data De-Identification |Data Classification-Boldon James | Risk |

| |Management Framework-NIST SP 800-30 rev-1 & SP 800-37 rev-1| Incident Response-NIST SP 800-61 rev2 | Security |

| |Framework-NIST SP 800-53 rev-4 | Honeypot-HoneyDrive | VPN protocols| Web Proxy-Bluecoat, Squid| Patch Manager-Solarwinds |

| || Packet capturing and analysis-Wireshark, WinHex, TCPdump| Netflow- Colasoft Capsa Network Analyzer | Next Generation |

| |Firewall (NGFW)- Palo Alto| Web Application Firewall (WAF)-Fortinet FortiWeb | OWASP Top-10 and other attack vectors| OSI |

| |Model| Protocols-TCP/IP, UDP, LDAP, SNMP, NetBIOS, Telnet, SSH, SSL, TLS, etc.| Static malware analysis-OfficeMal |

| |Scanner, BinText, CFF Explorer, PEview, PEStudio, Dependency walker |Malware behavior/Dynamic malware analysis- InetSim, |

| |and FakeDNS and other required technologies. |

|Digital Forensic: |FTK imager, EnCase, OSForensics, The Sleuth Kit (TST), and IrfanView |

| | |

| | |

Durgesh Gaurav durgesh@ Page Two

|Development Cycle: |Agile and Waterfall |

|Miscellaneous: |Virtual computing-VMware, Hyper-V, Active Directory. |

Professional Experience

PG&E- Pacific Gas and Electric (Contractor) July 2018-Present

San Francisco, CA

Cyber Security Analyst

• Ensuring customer and employee data security against threats with data de-identification.

• Conducting data loss prevention with and implementing appropriate measures.

• Prioritize and data loss scan on repositories based on pre-defined criteria and policies.

• Analyzing potential privacy violations to identify false positives and policy violations with immediate remediation.

• Conducting SIEM scans and generating dashboard/reports.

• Identifying vulnerabilities through scans and penetration tests to report the issues.

• Scanning and Identifying Indicators of Compromise (IOC’s).

• Conducting OSINT and TECHINT reconnaissance.

• Performing threat intelligence and implementing Cyber Kill Chain defense against APT.

• Employing cyber modeling techniques to identify malicious threats and activities.

• Analyzing network traffic for malicious or abnormal activity for attack vectors.

• Identify adversary's Tactics, Techniques, and Procedures (TTPs) for technical mitigation strategies for preventing, controlling, and isolating incidents.

• Performing malware analysis using different malware analysis methodologies.

• Performing digital forensics to identify suspicious malicious content.

• Conducting intrusion detection and prevention. Performing log analysis and identifying malicious activities.

• Creating risk matrix as per defined criteria.

Apace Technology, Ghaziabad, UP, India 2011 – 2015

A software consultancy.

Software Engineer

• Assisted in gathering requirements, developing and testing software.

• Projects Undertaken:

o Created a desktop inventory control and management system application using Java SE and MySQL, for controlling inventory and monitoring resources.

o Developed and delivered a small number of micro-sites using JSP, Hibernate and MySQL for business support.

Education

Master of Science (MS), Cyber Security, Webster University, St. Louis, MO. 2016 – 2017

□ Research Topic:

▪ AI based reverse engineering malware and vulnerability analysis for advance security and cyber protection.

□ Course Projects:

▪ Analyzed application’s broken file format and corrected errors, regenerating evidence using digital forensics for assigned criminal case.

▪ Inspected assigned corporate breaches, identified possible root cause, and provided solutions based on investigation, resulting improvised digital security and mitigating against further violations.

□ Training:

▪ Microsoft Certified Professional Program for Artificial Intelligence (in progress).

▪ Machine learning, deep learning, neural networks, natural language processing, and big data from .

▪ Ethical hacking, Threat intelligence, Metasploit, Advance penetration Testing, CISSP, and Security+ courses/certificates from Cybrary.it & .

Durgesh Gaurav durgesh@ Page Three

□ Groups / Conferences: STL Cyber Meetup, Mastercard STL Cybercon, Gateway2Innovation for updated techniques and technologies.

□ Volunteer Work: Secretary, Webster finance and investment club.

Bachelor of Engineering (BE), Electronics and Instrumentation Engineering. 2007 – 2011

Galgotias College of Engineering and Technology, Greater Noida, UP, India.

□ Course Projects:

▪ Developed device called ‘Talking Hand’ to be used as a speaking medium by people suffering from Aphasia (speaking disability), involving a microcontroller and voice processor for major operations.

▪ Designed robot which could be controlled and operated by an insect, based on “Biomimetics” and intended for disaster recovery operations to save human lives.

▪ Created electro-mechanical arm, allowing to detect and pick up metals for multiple use.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download