Sohan Daliyet

Experience

• 

  Goldman Sachs

  Aug 2021 - Oct 2021

  Certified Forage and Grassland Professional (CFGP)

  As a governance analyst it is part of your duties to assess the level of protection offered by implemented controls and minimize the probability of a successful breach. To be successful at your job you often need to know the techniques used by hackers to circumvent implemented controls and propose uplifts to increase the overall level of security in an organization. Gaining valid credentials gives the attackers access to the organization’s IT system, thus circumventing most of perimeter controls in place.1. Review the links provided in the additional resources below to gain a background understanding of password cracking2. Try to crack the passwords provided in the 'password dump' file below using available tools3. Assess the 5 questions in the task instructions below in relation to the passwords provided (type of hashing algorithm, level of protection, possible controls that could be implemented, password policy, changes in policy)4. Draft an email/memo briefly explaining your findings in relation to controls used by the organization and your proposed uplifts. عرض أقل

• 

  Bluecloudsoftech

  Jan 2022 - now

  Cybersecurity Operations

  Research and recommend security enhancementsDevelop and execute security test plans and proceduresIdentify and evaluate security vulnerabilities in web applications, networks, and systemsDocument and report security findingsEnsure compliance with security standards and best practices

• 

  ANZ

  Mar 2023 - May 2023

  Cyber Security Management Virtual Experience Program

  1. Social Engineering InvestigationI have been assigned emails to investigate. Some of these emails may contain content which can be classed as malicious, due to a number of reasons. They may contain malicious attachments, suspicious links, or Phishing attempts to gather private account information from the user.I am expected to report my findings on each email, so that we can either block or release these emails to the users.Practical skills gained from working on this task:Digital/Open Source Investigations | Social Engineering concepts | Security report writing2. Digital InvestigationTo analyse a Packet Capture file using an open source tool to identify and investigate any potential threats.Systems have been flagged up on our security systems due to suspicious internet traffic, and we need to investigate the network traffic in order to establish what the user accessed and downloaded.My task is to examine their network activity and gather what information I can on what images they viewed and what files they accessed. Practical skills gained from working on this task:Analyse network traffic | Identify file types | Open source investigation عرض أقل

• 

  Mastercard

  Mar 2023 - May 2023

  Cybersecurity Virtual Experience Program

  I have received the opportunity to build skills and learn what it’s like to work as a Security Analyst at Mastercard. Specifically, to help design a phishing email simulation for the Security Awareness team. I learnt that cyber threats come in many different forms and that you don’t need a technical background to help keep a company and its employees safe from threats.1. Design a phishing email simulationCraft a phishing email simulation to be used to raise awareness of one of the most common threats organizations today face.Practical skills you will gain from working on this task:Cybersecurity | Technical Security Awareness | Problem Solving | Design Thinking | Communication2. Interpret phishing simulation resultsInterpret the performance of the phishing email simulation to deliver phishing prevention training to the affected teams.Security Awareness Training | Data Analysis | Data Presentation | Communication | Strategy | Design Thinking عرض أقل

• 

  ParadigmIT Cybersecurity

  Aug 2023 - Nov 2023

  Cyber Security Analyst

  Leveraged Elastic Stack (Elasticsearch, Logstash, Kibana) for centralized logging, monitoring and analytics across endpoints,networks and applications to detect anomalies and threats.Utilized Whazu for network traffic analysis, anomaly detection and visualization to uncover malicious activity, compromisedassets and lateral movement.Conducted red team adversarial simulations using MITRE Caldera framework to evaluate security posture and identify gaps.Modeled realistic adversary techniques to test detection and response capabilities. عرض أقل