Gopala Krishna Arla

Experience

• 

  Be A Cyber Warrior

  Jul 2018 - Jun 2019

  Book Author

  As technology evolved from Telephone to Smart watches & IOT connected home appliances. These enablement not only just made communication, interaction with technology simpler and better experience , but it also paved path to vulnerable systems and organized cyber crimes. BE A CYBER WARRIOR book was published to bring awareness regarding the cyber hygiene to all the netizens, which provides more insights about do's and don't in digital surface and simple tricks to safeguard online presence. #beacyberwarrior #cybersafety #cybercrimesfreeindia #cyberawareness Show less

• 

  Castellum Labs

  Feb 2020 - Mar 2024

  Performed Security assessments for client’s internal and external applications, using OWASP, CWE, methodologies and standards for Web/ API’s / and Mobile applications (Android & iOS) and code review. Conducted threat modelling and risk assessments to identify potential security weaknesses and recommended appropriate mitigationPlayed instrumental role in drafting SOP documents about security assessments and building templates for project execution and tracking. Which helped our clients to easily track status of the project. Hands-on exerpeience with AWS Cloud (VPC, subnets, Routetable, Ec2, S3, ELD, ASG)Experienced with CI/CD methodologies/tools and practical implementation of DevOps processes using (Gitlab, Jenkins, Ansible, Docker)Currently Coordinating on DevSecOps integration of security tools into Devops stack (Talisman, Git-leaks, OWASP Dependency check, SonarQube,Trivy, OWASP ZAP) Show less In this role led Threat intel business unit and managed a team of 6 members.Handled projects related to Enterprise Threat intel and Darkweb. Coordinated on organizing In-House threat intel stack with OPENCTI & MISP, ELK technologies. Collected Realtime IOCS from different threat feeds and classified IOCS.Well versed with identifying phishing infrastructure C&C servers and checking for blacklisted infra.Sound knowledge of Cyber kill chain & MITRE Attack frameworks.Expertise in asset discovery, asset classification and attack surface management for Web, Cloud Infra. Had done lot of brain storming sessions internally with threat intel team on various threat intel & Darkweb findings. Established various SOP’s on the analysis of various threat intel findings and allotted severity and risk ratings based on the information exposed/misconfiguration identified. Involved in Analysis of report including process dashboard, Monthly client review decks. Show less Expertise in Web, Mobile, API (Android & IOS), thick client application security.Coordinating the with the respective development team to remediate the identified potential vulnerabilities and helping them in fixing the vulnerabilities. Identifying and documenting web application threats using threat modelling for various Applications/Products/Solutions. Moderate understanding of System design, architecture design for Web applications and provide industry security practices with architects. Contributed to Security test case library enhancements, framed different business logic security testing scenarios which helped to cover the all business logic scenarios across the applications.Pitched in with Engineering & Development teams on appFORT security orchestration product (Castellum’s SASS Appsec security platform) development activities and co-ordinated on automation of several security test case scenarios for auto execution. Conducted corporate security awareness programs. Ensure secure development practices are followed. Research and analyse emerging security threats and ensure Vulnerability Assessment process is modified to mitigate business risk.Acquainted with quick learning of various technologies and methodologies of cyber security. Being a quick and efficient learner, I can get trained on new technologies. Show less

  • Senior Security Engineer

    Apr 2023 - Mar 2024

  • Team Lead

    May 2022 - Apr 2023

  • Security Engineer

    May 2021 - Apr 2022

  • Associate Security Engineer

    Aug 2020 - Apr 2021

  • Intern

    Feb 2020 - Jul 2020
• 

  Exela Technologies

  Apr 2024 - now

  Senior Security Specialist