RAGHAVENDER DUDDILLA

Sr ITGRC Security Consultant

raghu020882@gmail.com
971-777-4249
An IT GRC Consultant, ISO27001 LA with extensive experience in
IT Governance, Risk, Compliance and Assurance engagements who
excels in planning, implementing, reporting, directing and
enhancing IT governance, risk, compliance, audit and security
programs and implementing process efficiency improvements.
PROFESSIONAL SUMMARY
10 + years of experience in Security & IT GRC Practice Lead ,Project
management, Resource management, Effort estimates, requirement
gathering (RFP) and Security Development life cycle.

Experience in Agiliance ITGRC tools multitenant and single

tenant of Sas applications and also RSA Archer, Symantec ESM
Security standards and work flow execution, ISO 27001 LA

Expertise in Static Application Security and Dynamic Application

assessment of web, Network, Mobile, SSRS, Relational Database
and client-server applications, Threat modeling and Resource
management.

GRC Practice Lead responsible for Managing and Structuring the

Centre of Excellence (COE)

Good implementation understanding of IDM products like Site

Minder, Citrix IDM and access control, ESX, Virtualization, Cloud
and also SSO implementation.

Exposure to IT Security Compliance frameworks such as PCI,

HIPAA, FISMA, NIST and Industrial Control Systems Risk
assessments.

Hands experience in Big data Hadoop, Map Reduced

Architecture, Hadoop 2.0, Name Node High Availability, HDFS
Federation, YARN, Map Reduce v2

Experience generate report based on remediation data and other

conformance assessment data

Performing high level analysis of the conformance assessment

observations data and ability to identify problems and arrive at
practical solutions

Good understanding of network protocols like TCP/IP ,UDP,HTTP/S

,ICMP and involved in Network infrastructure Risk assessment of
NAC, Switches , Routers ,IDS ,IPS ,Firewalls and it logs analysis.
Working closely with Incident Response Teams to analyze and
resolve security incidents.

Good interpersonal skills, cross training the teams and effective

team member with self-motivating skills.

Tools and Skill Set

Security Testing Tools IBM Appscan, HP Fortify, HP Web inspect
Languages: -C, Java (Basics)
Web Technologies: -HTML, Web services, XML, Bigdata Hadoop.
Virtualization Tools and servers: - ESX servers 2.x, 3.x, VMware,
VC, VIC.
Bug tracking tools:-Bugzilla, QA Trac
IT GRC Tools : Agiliance risk vision, ESM ,RSA Archer

Security certifications
CEH: Certified Ethical Hacker
CHFI: Computer Hacking Forensic Investigator
ECSA: Eccouncil certified security analyst
IBM Rational AppScan Standard Edit
Certified ISO 27001:2005,27002 Lead Auditor.
Got Trained from ISCA on system Auditing (CISA).
System
Research Paper and Achievements and awards
Implemented and actively participated in exploring new services
offering like mobile security, cloud, Big data Security.
Effect of Mobile Microwaves- Inter National Level - Isamap2K4I.I.T ,Kharagpur
Wirelesslan&its security process- State Level ,TechnoxtremeYavatmal
Mobile Communications- National Level - Computest-SpandanNagpur

 Neurological Abnormalities Associated with Mobile MicrowavesNational Level - Esoterica-2004-Punjab University

Major publishing provider
2014 July 2015

Assess all risk and evaluate all impact for technology changes in
processes and maintain knowledge of all security systems and
deploy all required infrastructure.
Recommend Best Practices for securing the Application.
Communicating and coordinating day-to-day project activities within
the project team and assure that priorities are developed and
known.
Provide assistance to IT staff and provide all security specifications
for all vendor products and evaluate all requests for security
architecture.
Gather data from different sources to be entered to the remediation tool

Manage all repeated threats to all systems and perform vulnerability

tests.
Evaluate all system and recommend all application patches and
suggest appropriate security products and perform regular audit on
systems and ensure compliance to all standards and policies.
Generate report based on remediation data and other conformance
assessment data.

Major credit card account

2013 May 2014

May

Jan

Application Security Audit and Assessment with well known open

source and commercial tools
Involved in Risk and Compliance Assessment and using Audit tools
like Archer
Defining and monitoring ITGRC policies and procedures to get
complained to the Bank standards.
Communicating and coordinating day-to-day project activities within
the project team and assure that priorities are developed and
known.
Provide assistance to IT staff and provide all security specifications
for all vendor products and evaluate all requests for security
architecture.
Assess all risk and evaluate all impact for technology changes in
processes and maintain knowledge of all security systems and
deploy all required infrastructure.
Manage all repeated threats to all systems and perform vulnerability
tests.

Evaluate all system and recommend all application patches and

suggest appropriate security products and perform regular audit on
systems and ensure compliance to all standards and policies.
Implementation of threat model as QA process and helping the
testing team to understand the security process in agile model
Involved in understanding the business requirements and
applications flow and also support in RFP and POCs.
Managed projects including accountability for project plan, scope,
cost, work schedule and contractual deliverables.
Managing the relationship with the client, stakeholders, IT&S
support organizations, and 3rd party suppliers.
Performed Web Application Security assessment in accordance with
OWASP standards and SANS guidelines, using manual techniques
and Analysis tools.
Recommend Best Practices for securing the Application.
Provide assistance to IT staff and provide all security specifications
for all vendor products and evaluate all requests for security
architecture.
Manage all repeated threats to all systems and perform network
vulnerability assessment.
Evaluate all system and recommend all application patches and
suggest appropriate security products and perform regular audit on
systems and ensure compliance to all standards and policies.
Manage all communication with all internal and external auditors
and implement all security services.

Client: Major Banking Group

2012 Jan 2013

Aug

Involved in understanding the business requirements and

applications flow and also support in RFP and POCs.
Managed projects including accountability for project plan, scope,
cost, work schedule and contractual deliverables.
Managing the relationship with the client, stakeholders, IT&S
support organizations, and 3rd party suppliers.
Involved in Policy and Procedure Review and Development and Align according to
Business Strategy Model
Incident Handling and Response for Security Issues and Alert Recommend Best

Practices for securing the Application.

Defining and monitoring ITGRC policies and procedures to get

complained to the Bank standards.
Communicating and coordinating day-to-day project activities within
the project team and assure that priorities are developed and
known.
Provide assistance to IT staff and provide all security specifications
for all vendor products and evaluate all requests for security
architecture.
Assess all risk and evaluate all impact for technology changes in
processes and maintain knowledge of all security systems and
deploy all required infrastructure.
Manage all repeated threats to all systems and perform vulnerability
tests.
Evaluate all system and recommend all application patches and
suggest appropriate security products and perform regular audit on
systems and ensure compliance to all standards and policies.
Manage all communication with all internal and external auditors
and implement all security services.

Client : Health Care Provider

Feb 2012 Jul 2012

Involved all the projects at all stages to help in the security related
issues and solutions.
Involved in the network security and also web application security
scanning and Analysis in the R&D IT department in the client side.
Involved in understanding the business requirements and
applications flow and also support in RFP and POCs.
Involved in preparation of Security Project Plan and cost and man
power Estimations.
Performed Web Application Security /Penetration Testing in
accordance with OWASP standards and WADS guidelines, using
manual techniques and open source tools.
Recommend Best Practices for securing the Applications and also
servers to be compline with client security base line.

Client: Internal Projects

July 2011 Jan 2012
Took leadership in new mobile service offerings by doing RND.
Involved in the training business and management team on the
Mobile services and its scope Analysis.

Involved in analysis of different mobile OS architectures and also

mobiles simulators.
Involved in the Security activities planning, Assessment tools
Mobile OS like Android, phone, Deliverables Assessment phase and
also involved in Execution of Proof-of-concept, Creating Engineering
Strategy and Approach.
Involved in analyzing the application according to the mobile
security standards. Mentoring the team and co coordinating with
the team.
Involved in preparation of Security Test Plan
Participated in Management Reviews and Teleconferences.

Client : Major Insurance firm

OCT 2010 Jun 2011
Involved in understanding the business requirements and
applications flow and also support in RFP and POCs.
Recommend Best Practices for securing the Application.
Participated in Management Reviews and developers demos to
understand the high level Architecture.
Maintain efficient security architecture and prepare drafts of all
security procedures and protocols to ensure effective
administration.
Analyze all system security audit reports and manage all system
emergencies and counter all security hazards.
Prepare reports for all monthly metrics and perform audits on
reports and manage all security questionnaires for all vendors
and provide education for all security programs.
Monitor all security processes and recommend all risk mitigation
processes
Perform regular vulnerability scans on security systems and
coordinate with development team to ensure achievement of all
business objectives and recommend appropriate hardware and
software for all security products.
Client : Health care company
May 2010-Sep 2010

Performed Web Application Security / Penetration Testing in

accordance with OWASP standards and SANS guidelines, using
manual techniques and open source tools.
Generating different levels of reports as per the requirements
and Regression Testing.
Recommend Best Practices for securing the Application to the
development team.

Participated in Management Reviews and Teleconferences.

Involved in understanding the business requirements and
applications flow and involved POCs.
Involved Preparation of Security Test Plan and Estimations.

Client : Major Virtualization Product Provider

Feb 2010-Apr 2010
Analysis on the migrated VMs and also memory Harding.
Running the Nessus scan on the target ESX server.
Understanding the business requirements and applications flow.
Performed Web Application Security / Penetration Testing in
accordance with OWASP standards and guidelines, using manual
techniques and open source tools.
Security Analysis on the migrated VMs and also memory Harding.
Helping the development in understanding the security report
and security recommendations.
Client : Major GRC Product Provider
May 2008-Jan2010
Project Title: - Agiliance IT-GRC
Involved in the product enhancements and ITGRC work flows.
Involved in the creating the ITGRC policies for various standards
like NIST,PCI,CSI bench marks for different OS like
Linux,windows,AIX,Solaris.
Understanding the business requirements and applications flow.
Preparation of Security Test Plan and Estimation. Performed Web
Application Security / Penetration Analysis in accordance with
OWASP standards and SANS guidelines, using manual techniques
and open source tools.
Client : Major IDM Product Provider
Dec 2006-Apr 2008
Involved in understanding the business requirements and
applications flow.
Involved in the Imprevata SSO and also Google APIS integration
with product.
Performed Web Application Security / Penetration Testing in
accordance with OWASP standards and guidelines, using manual
techniques and open source tools.Product security testing, Web
Application security Analysis and Netwrok Security Analysis .
Security Analysis on the migrated VMs and also memory Harding.
Running the Nessus scan on the target IMAG to understand the
security vulnerabilities and standards.

IMAG-AD Virtualization that provides a virtualization layer for

active directory to enable the segregation of duties for
administrators and provide self service portal with workflow for
end users.
Worked on the self-service password reset and audit trail for
various enterprise applications and IT infrastructure devices, as
well as PCI compliance mandate periodic password resets for
users and administrators with access to data;
Involved in the Analysis of the IMAG that enables organizations to
implement an identity management solution; and IMAGRCA, a
rapid connector platform that provides agent less and non-API
based connectivity to AD, non-AD, Web enabled, client/server,
and custom/legacy applications, as well as network devices.
Installation and creating the test environment for own network
work flows to replication the client environment for deploying the
product.
Involved in with sales team in client presentation and POC.

Client : Major Banking Group

Apr 2005 Nov 2006
Product security testing, Web Application security Analysis and
Network Security testing.
Played a key role in training and presentation on the new
security tools.
Creating the security test scenarios and best practices.
Understanding the business requirements and applications flow.
Performed Web Application Security / Penetration Testing in
accordance with OWASP standards and guidelines, using manual
techniques and open source tools