Skip to content

Introduction

Ashok is an experienced Application Security Engineer with experience in penetration testing, application security, and secure cloud architecture. He has a strong background in building and leading proactive security programs for a variety of applications and cloud environments. His expertise lies in DAST, threat modeling, and red team simulation, with a focus on integrating security into the CI/CD pipeline and adhering to industry-standard frameworks like OWASP and NIST. He is a candidate for the Certified Ethical Hacker(CEH) from EC-Council, preparing for Offensive Security Certified Professional(OSCP) from Offensive Security certification, demonstrating his practical, hands-on skills in ethical hacking.

Skill Set and Certifications

  • Ashok possesses a comprehensive set of skills across multiple domains of cybersecurity.

Technical Skills

  • Security Operations: IAM, Threat Hunting, Incident Response, SIEM (Splunk), EDR, DLP, SAST, Vulnerability Management.

  • Penetration Testing: Web/API/Mobile VAPT, Internal/External VAPT, Active Directory Exploitation, and identifying vulnerabilities like SSRF, IDOR, XSS, and SQLi.

  • DevSecOps Tools: Proficient with GitHub Actions, Jenkins, SonarQube, Snyk, OWASP ZAP, and various security tools like TruffleHog and Crowdstrike.

  • Cloud & Network Security: Extensive experience with AWS services (IAM, S3, KMS, WAF), as well as network security tools like VPNs, Firewalls, and IDS/IPS. He also works with Infrastructure as Code tools like Terraform and containerization with Docker and Kubernetes.

  • Programming/Scripting: Strong command of Python, Bash, PowerShell, and JavaScript, among others, for automation and security tasks.

Certifications

  • Certified Ethical Hacker (CEH): A testament to his foundational knowledge in ethical hacking.
  • OSCP: Currently in progress, this certification validates his practical skills in penetration testing.
  • Medal of Excellence: Awarded for being a top performer in secure platform design, reflecting his practical achievements.

Career Summary

  • Ashok’s career trajectory highlights his progressive experience from software development to specialized security roles. He has consistently applied secure coding practices aligned with industry benchmarks like OWASP and NIST. His experience includes:

  • Security Engineering: Developing M&A security onboarding pipelines, executing DAST scans, conducting threat modeling, and building CI/CD-integrated security controls.

  • Research & Analysis: As a Research Assistant, he conducted threat modeling on IoT networks and participated in VAPT for healthcare cloud applications, contributing to compliance and vulnerability remediation.
  • Penetration Testing: He has performed over 80 internal/external VAPT engagements on various platforms, achieving high fix rates and delivering actionable remediation to development teams.
  • Software Development: In a prior role, he led the development of secure applications, focusing on data protection, applying secure coding from the planning phase, and aligning architecture with security standards.