Meet Devashish Singh who introduced 'Turn Inward Security framework'
Get to know me
Welcome to my Portfolio. Please take a moment to browse my work, skills, and professional experience. I am strongly committed to bring a transformation into the way Information Security functions in organizations and sectors. Noticing that the way business infrastructure have evolved to new possibilities, security solutions and postures failed to accelerate at the same pace. This brings me to bring up a new concept in the Information security domain where you'll have the maximum capabilities and in-charge of your own solution.
I finally announce this online presence to share everything about me. This could be called a 'personal archive' that will take you through my entire journey of Experiences, Learnings, Portfolio, Profession, and a lot more alike. have had the opportunity to build a career by doing what I love. From a young age, I’ve been a relaxed and focused personality. When I had a vision for my professional future, I decided to make it happen. With experience in the academic setting and professional, I am building up a platform that will end up being a boon to people looking for a similar career and life.
I’m thrilled to say that I’ve learned from so many trained professionals in my field, but I know that I still have so much to learn from others in the industry. I’m a hard worker, a team player, and excited to see what projects could benefit from my unique skill set. I’d love to chat with you about how we might work together in the future.
Manager, Information Security Advisor. Capital A(formerly known as AirAsia Group) Company
April 2022 - Till date
Yet to be updated
Assistant Manager, AirAsia Group Information Security Operations
August 2020 - March 2022
Develop, Design and Operate SIEM solution to tackle the real-time threats on a cloud based architecture(GCP)
Automate and Configure Threat Detection jobs by developing Signatures, Anomaly rules and Behavioral Patterns.
Implement DevSecOps strategies to feed Information Security Intelligence within CI/CD ecosystem.
Draft Business Guidelines, Procedures and Processes for overall Security posture.
Web Application Security assessment
Cloud based security solutions planning and deployment
Security Incident Forensics
Security Specialist, Maybank Berhad
January 2018 - April 2020
1. Delivered successful data center migration as subject matter expert of Security solutions for Maybank(A leading bank in Malaysia).
2. Built and designed the best scalable, available, and reliable architecture for security technologies and security solutions such as Intrusion prevention system(IDS), Intrusion detection system(IPS), Privilege Access Management(PAS), Identity access management(IAM), Data loss prevention(DLP), Endpoint protection, Compliance check software, and data privacy tools, File integrity monitoring, Deep Security, Endpoint Detection and Response(EDR), Email Security Analysis and Web Security Analysis.
3. Managed CyberArk as subject matter expert - Deployed and implemented CyberArk components Password vault Web access(PVWA), CyberArk password Manager(CPM), Password vault and privileged session manager(PSM).
4. Configured and integrated custom connectors and plugins to support CyberArk CPM password change, password reconcile session capabilities. Example ODBC and McAfee.
5. Engaged in day to day CyberArk related operations including but not limited to privilege ID policy management, LDAP integration for authentication, User access control, safe management and disaster recovery(DR) situations, logging, incident management, ID unlocks, grouping, discovery, upgrade etc. Configured logging and alerts to work with Splunk, Nagios and Email. Delivered Privilege session management(PSM) solution by - conducting POC on multiple data sources, installation and allocation, integration with Vault, customizing connectors SSH and Windows, User access testing(UAT), command control test on SSH.
6. Handled Akamai Web application firewall as Subject Matter expert - Resolved Content delivery network(CDN) related matters on Banking(net-banking/e-banking). Delivered On-boarding of web domains as requested by bank.
7. Managed Akamai modules such as Kona Site defender, fast DNS, mPulse, web application protector, Security console.
8. Handled day to day operations including but not limited to Certificate pinning, purge cache, hostname on-boarding, resolve site related errors, create custom WAF rules(OWASP), bot attack prevention, blacklist, and whitelist IP during web testing, DNS propagation, site check, troubleshooting connection, resolving user complaints, modifying site parameters.
9. Managed Forcepoint DLP - implementation, testing, upgrade, integration with data classification tools such as Bolden James classifier and Varonis Data Advantage, creating and writing custom rule and regular expressions for data loss detection and prevention, monitoring, uptime assurance and incident management. 10. Managed McAfee Intrusion detection system - Implementation, security detection signature development, custom policies to detect suspicious activities, day to day operations such as health checks, incident management, integrations, connections with network TAP and Firewall.
11. Managed Splunk operations - Search Queries, agent deployments, system integration.
12. Managed Tripwire File Integrity Monitoring and compliance check module - configure CIS benchmark-based custom compliance check rules, run scheduled quarter scans.
13. Represented bank in various audit and regulatory body such as EY external audit, PCIDSS audit, and Bank Negara RMIT compliance audit.
14. Led teams of 6 in developing and implementing security systems, resulting in 30% fewer threats over 1 year.
Security Engineer, AT&T Communications
January 2016 - December 2017
Being a lifelong seeker is a trait that is really important to me, and I know that education is not just for the schoolyard. Some lessons were learned in the traditional way, while others I have received from professional mentors, industry professionals and in some cases, friends and family. I’d love the opportunity to talk to you about how my academic background could benefit you, so get in touch.
Bachelors of Technology, NIMS
June 2008 - December 2012
Electronic engineering is an engineering discipline which utilizes nonlinear and active electrical components (such as semiconductor devices, especially transistors and diodes) to design electronic circuits, devices, integrated circuits and their systems. The discipline typically also designs passive electrical components, usually based on printed circuit boards.
Electronic devices and circuits
Signals and systems
Senior School Certificate Examination, Bhai Parmanand Vidya Mandir
April 2007 - May 2008
The AISSCE (All India Senior School Certificate Examination), also called Board Exams in common language, is the final examination conducted every year for high school students by the Central Board of Secondary Education on behalf of the Government of India.
Physical and Health Education
High School, Pratibha Vikas Vidhyalaya
April 2005 - May 2006
All India Secondary School Examination, commonly known as board exams, is a centralized public examination that students in schools affiliated with the Central Board of Secondary Education in India take after class 10
English Language and Literature
Science and Technology
Hindi Course A
Tricks of the Trade
"The most beautiful moments in life are moments when you are expressing your joy, not when you are seeking it"