Cybersecurity Leader

Turning exposure into measurable security advantage.

I build and lead offensive security, AppSec, cloud security, CTEM, EASM, red team, and AI security programs that move organizations from scattered findings to risk-led execution.

Start a Conversation LinkedIn GitHub
15+ years across offensive security, AppSec, cloud, and architecture
500+ security assessments delivered across enterprise environments
95% Critical and High remediation within SLA through program execution
Hyderabad Speaker and mentor AI security and MCP security focus
Red to Green Improved Security Scorecard rating within 12 months through structured remediation leadership.
14 Clients Managing key accounts contributing 80% of organizational revenue at NopalCyber.
1000+ Critical vulnerabilities reported across assessments and enterprise programs.
7000+ High and Medium vulnerabilities identified, prioritized, and driven to action.

A practical security operating model.

My approach joins attacker thinking with governance, engineering alignment, and measurable remediation outcomes.

From vulnerability lists to executive risk movement.

Security programs become powerful when findings are connected to exposure, exploitability, ownership, remediation velocity, and business impact. That is the difference between scanning and actually reducing risk.

01

Map the real attack surface

Discover internet exposure, cloud assets, identity paths, application entry points, and third-party risk signals.

02

Validate what is exploitable

Use AppSec, cloud, red team, and threat intelligence methods to separate noise from material risk.

03

Drive remediation as a program

Centralize ownership, SLAs, executive reporting, and engineering collaboration until exposure drops.

Security capability areas.

Hands-on technical depth, leadership range, and a strong bias toward outcomes that matter to the business.

AppSec

Application, API, Mobile & Secure Code Review

DAST, SAST, threat modeling, API testing, mobile assessments, secure coding, and developer enablement.

Cloud

Cloud Security & CSPM

AWS, Azure, GCP, Microsoft Entra, CIS benchmarks, cloud misconfiguration analysis, and attack-path thinking.

Offense

Red Teaming & Adversary Simulation

Internal penetration testing, BAS, Active Directory security, Azure red teaming, and exploit validation.

Exposure

CTEM, EASM & Vulnerability Management

Attack surface discovery, centralized findings dashboards, SLA-driven remediation, and threat intelligence operations.

Platform

Container, DevSecOps & Automation

Docker, Kubernetes security, SBOM, dependency risk, GitHub Actions, automation, and developer-focused controls.

AI Security

AI Penetration Testing & MCP Security

AI-assisted testing, MCP security, autonomous validation workflows, and safe agentic security architecture.

Professional journey.

Fifteen years across consulting, product security, offensive security leadership, and enterprise program building.

2025 - Present NopalCyber, Hyderabad

Principal Engineer

  • Managing 14 key clients contributing 80% of organizational revenue, with focus on growth, trust, and retention.
  • Leading a 10-member team across red teaming, VAPT, cloud security, DAST, SAST, CIS hardening, and BAS.
2022 - 2025 Blue Yonder, Hyderabad

Lead, Offensive Security

  • Established EASM, threat intelligence, vulnerability management, internal penetration testing, and red team programs.
  • Improved Security Scorecard rating from Red to Green in 12 months and drove 95% Critical and High remediation within SLA.
2016 - 2022 ADP, Hyderabad

Security Consultant, Product Security

  • Led an AppSec team delivering 400+ web, mobile, API, and secure code review engagements.
  • Built automation and delivered 30+ technical sessions on application, API, and cloud security.
2011 - 2016 ZenQ, Hyderabad

Senior Security Engineer

  • Performed web, mobile, API, and threat modeling assessments with executive reporting and remediation guidance.
  • Delivered secure coding workshops that helped reduce recurring vulnerabilities across development teams.

Toolbox and credentials.

Offensive tooling, cloud assessment platforms, DevSecOps controls, standards, and enterprise reporting.

Technical Stack

Burp SuiteNucleiKali LinuxMetasploitCobalt StrikeBloodHoundEvilginxMobSFCheckmarxFortifySonarQubeCodeQLProwlerScoutSuitePacuTrivyGrypeTruffleHogNessusQualysCrowdStrike Exposure Management

Certifications

  • Certified Azure Red Teaming Professional, 2025
  • Certified Red Teaming Professional, 2025
  • Certified AI Security Professional, 2026
  • Certified AWS Cloud Professional, 2021
  • OSCP+ and CRTO in progress

Speaking and community.

Security leadership also means making knowledge easier to understand, adopt, and act on.

Presentations

  • External Attack Surface Management at Null Hyderabad, ServiceNow, 2025
  • NGINX Security at Null Hyderabad, EPAM Systems, 2021
  • JWT Security at Null Hyderabad, Salesforce, 2018
  • Docker Security and GitHub Security at ADP Conference, 2021

Recognition

  • Heroic Award, Global CISO Recognition, ADP 2021
  • Multiple Best Employee Awards across 2013, 2017, 2019, 2020, 2023, and 2024
  • Best Presenter Award, TheTestTribe Application Security training
  • Toastmasters Area-level runner-up and active community speaker

Let us build safer systems.

Available for cybersecurity leadership conversations, AppSec and cloud security strategy, CTEM and EASM program design, red teaming, AI security, and mentoring.

Email Call Connect