Manideep K

Home
About Me
Professional Experience
Education
In News
Talks & Publications
Projects
Honors & Awards
Certifications
LinkedIn Feed
Affiliations
Testimonials
Quotes
Blog

Hi!
Welcome to
my Professional life

About Me

1. Authored a book - 'A Complete Practical Guide to Ethical Hacking & Information Security' at an age of 21 which made me 4th youngest Author in India to write a book on Hacking.

2. Featured in India's largest circulated English and Telugu Newspapers including Deccan Chronicle, The Hindu, Hans India, Vaartha, AndhraJyoti, Saakshi, Andhrabhoomi , Visaalandra etc. Also Interviewed by HMTV news channel.

3. Speaker at more than 50 seminars and workshops on 'Cyber Crime Eradication' and 'Ethical Hacking & Cyber Forensics' including at IIT Guwahati, ISTE (Indian Society for Technical Education), CSI (Computer Society of India ), Tata Consultancy Services.

4. Reported critical vulnerabilities on more than 100 websites and applications including Yahoo Messenger, Jease CMS, Universities providing Masters in Information and Cyber Security including USC, NEU, SUNY Brook, Stanford etc. Have 2 dozen CVE-IDs under my name.

5. Trained more than 15,000 people in Information Security domain including corporate security teams, cyber cops and students.

6. Received appreciations from TCS Global Head-IT Security for extraordinary performance in enhancing organization's security posture and also worked with TCS Chief Information Officer (C.I.O) and Chief Security Officer (C.S.O) during various initiatives and investigations.

7. Consulted by Visakhapatnam Cyber police for assistance in solving critical cyber cases.

8. Cracked Sodexo MNC meal passes barcode algorithm and disclosed the same at NULL Security conference.

9. Received "J.N Tata Scholar" Award from J.N TATA Endowment.

10. Won Third Prize at Microsoft's "Build the Shield" competition among 50 teams appearing from top-ranked universities in USA.

11. Worked as a part-time faculty for C and C++ during sophomore days and trained more than 1000 people in designing games, anti-virus and virus codes etc. Also, worked as a part-time faculty for Ethical Hacking courses during junior and senior years.

12. Despite all, I was always one among the top 1% students throughout my academics.

Professional Experience

Security Engineer 2 at (Amazon) Jul 2018 – Present

Location: Greater Seattle Area
Employment Duration: 9 mos

Part of Amazon Application Security team

I currently work on designing and building "secure-by-default" controls into internal web frameworks to mitigate top web vulnerabilities. I also worked a lot on architecture reviews, threat modeling, code reviews, and security/penetration testing for complex Amazon applications related to payments, identity, sellers etc. and made sure they are free of security vulnerabilities.

I spend 20% of my time in writing security guidance, training & clarifying questions of developers on mitigating security issues and in supporting federated security teams (we are core application security team and some organizations have their own security team).

I fixed lot of gaps in OWASP CSRF prevention cheat sheet and am now one of the primary author and editor of it (more changes to it are due soon).

Security Engineer 1 at (Amazon) Jul 2017 – Jun 2018

Location: Greater Seattle Area
Employment Duration: 1 yr

Part of Amazon Application Security team

Cloud Security Researcher Part-Time Intern (Adobe) Feb 2017 – May 2017

Location: Greater Pittsburgh Area(Worked remotely while attending CMU)
Employment Duration: 4 mos

1. Researched on security posture of containers (with concentration on Docker) and prepared a consolidated report including details about various vulnerabilities in containerized pipelines and how they can be fixed

2. Provided guidance on mitigating security issues in Adobe's container implementation projects

3. Co-authored CIS Docker 1.12 benchmark

4. Provided guidance on mitigating issues in Kubernetes

Graduate Teaching Assistant - Browser Security (Carnegie Mellon University) Jan 2017

Employment Duration: 1 mo

Graduate Teaching Assistant for Browser Security (14-828)

Instructor: Prof. Limin Jia

CyLab Research Assistant (CyLab) Sep 2016 – Dec 2016

Location: Pittsburgh
Employment Duration: 4 mos

Security analysis (code reviews, testing etc.) of NPM (node.js package manager) packages and designing a model to mitigate vulnerabilities in these packages

Cloud Security Researcher Intern (Adobe) May 2016 – Aug 2016

Location: San Jose(Worked remotely while attending CMU)
Employment Duration: 4 mos

2. Provided guidance on mitigating security issues in Adobe's container implementation projects

3. Co-authored CIS Docker 1.12 benchmark

Team Lead - Core Security / Data Analytics (TATA Consultancy Services) Jun 2012 – Aug 2015

Location: Hyderabad
Employment Duration: 3 yrs 3 mos

Core Security/Data Analytics team is a part of Security Initiatives Group, one of the core security groups in TCS. I led this team for 1.5 years during which I successfully handled multiple projects. In some of the projects, I had team members who are 3-4 times experienced than me.

1. Worked on application security (architecture reviews, threat modelling, code reviews and security testing), system security, wireless security, DNS Security, incident response, forensics and physical security

2. Worked with C.I.O (Chief Information Officer), C.S.O (Chief Security Officer), Global Head - IT Security in various security initiatives and investigations

3. Selected as working group member in British Petroleum cyber security exercise. I am the youngest one in the exercise, other members include C.S.O's of IBM, Wipro, HP, Infosys and TCS

4. Wrote multiple automation scripts to make my tasks in various security assessments easy

5. Publishing security guidance

6. Received knowledge pro and best performer awards

7. Provided security orientation to more than 1500 new hires

Part-Time Professional Freelancer Jan 2010 – Oct 2013

Duration: 3 yrs 10 mos

Worked as a freelancer for multiple security training companies

Education

Carnegie Mellon University

Degree Name: Master’s Degree
Field Of Study: Information Security
Grade: GPA: 3.76
Dates attended or expected graduation: 2015 – 2017
Received "Outstanding Student Service Award" under research assistant category

Gandhi Institute of Technology & Management (GITAM) University, Visakhapatnam

Degree Name: B.Tech
Field Of Study: Information Technology
Grade: 9.07
Dates attended or expected graduation: 2008 – 2012

In News

Talks & Publications

Author at OWASP CSRF Prevention Cheat sheet

Publication date: Oct 2018
Publication description: OWASP
Publication description: Author and Primary Editor for OWASP CSRF Prevention Cheat sheet
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series
Author at OWASP CSRF Prevention Cheat sheet

Publication title: How secure is your Docker Container pipeline?
Publication date: Feb 22, 2017
Publication description: Talk at Container World conference on docker container pipeline security

How secure is your Docker Container pipeline?
Publication title: Docker Images Security
Publication date: Feb 13, 2017
Publication description: Talk at BSides conference (San Francisco chapter) on Docker Images Security

Docker Images Security
Publication title: Is Docker Secure?
Publication date: Nov 18, 2016
Publication description: Container / Docker security in 30 minutes at Grehack'16 conference in France.

Is Docker Secure?
Publication title: Breaking and Fixing your 'Docker'ized environments
Publication date: Oct 14, 2016
Publication description: My talk at OWASP AppsecUSA 2016 conference (2016.appsecusa.org/)

Video: https://www.youtube.com/watch?v=wVIFdxgRCMM
Slidedeck: http://www.slideshare.net/manideepkofficial/breaking-and-fixingyourdockerizedenvironmentsowaspappsecusa2016

Breaking and Fixing your 'Docker'ized environments
Publication title: Cracking Barcodes
Publication date: Dec 15, 2014

Spoke about cracking barcodes in Security Conference - Hyderabad Chapter.
Cracking Barcodes
Publication title: Basics of Data Erasure - Information Security
Publication date: Nov 16, 2014
Publication description: http://www.slideshare.net/manideepkofficial/basics-of-secure-data-erasure-information-security

Basics of Data Erasure - Information Security
Publication title: A Complete Practical Guide to Ethical Hacking and Information Security
Publication date: Mar 5, 2012 publication descriptionScitech Publishers

Publication description: Book (Currently out of stock - 2nd version WIP).
Publication title: BOF on Yahoo Messenger
Publication date: Feb 6, 2012 publication descriptionSecurityFocus

Publication description: Brief video was published on this link. In-detailed technical analysis report link will be updated here soon

BOF on Yahoo Messenger
Publication title: CIS Docker benchmark 1.12 & 1.13
Publication description: Center for Internet Security (CIS)

Publication description: Co - author : https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=docker12.100 Contributor: https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=docker13.100

Publication title: CVE-IDs (Low critical) for reporting vulnerabilities in CMS's, WP Plugins etc.
Publication description: CVE-2014-8780, CVE-2014-9394 , CVE-2014-9396 , CVE-2014-9400 , CVE-2014-9392, CVE-2014-9336, CVE-2014-9337, CVE-2014-9338, CVE-2014-9339, CVE-2014-9391, CVE-2014-9368

CVE-2014-9398, CVE-2014-9401, CVE-2014-9341, CVE-2014-9340, CVE-2014-9334, CVE-2014-9335, CVE-2014-9393, CVE-2014-9395, CVE-2014-9399,CVE-2014-9397

Projects

Note: I have mentioned XYZ MNC wherever I have an NDA signed with the company. You can reach me on mail for further details and after taking necessary approvals from concerned organization, I will be more than happy to share required information.

Secure Data Erasure

Successfully restored confidential data from hard disks after formatting and understood the requirement of secure data erasure in XYZ MNC. Apart from security testing market tools in this arena, I have helped the organization in deploying best in class product in this domain. As a part of this project, I understood advanced forensic techniques and was successfully able to recover the data erased by tools such as Eraser.

Wireless Security Technical Audit

Done PT for entire wireless networks across XYZ MNC and provided a vulnerability report. Suggested crucial recommendations for protecting against wireless attacks detected during PT and helped the organization till the closure of vulnerabilities identified.

Steghi : Steganography tool in Java

Designed a tool for implementing image based Steganography.

Enhanced Computer Control with C++

Written a project code using which we can perform multiple computer operations such as turning keyboard on or off, disabling/enabling mouse/touchpad, shutting down/restarting the machine, launching and exiting any application, changing time and date, copying data across files, creating and deleting folders, files etc.

Enhancing Endpoint Security

Pen-tested endpoints of a XYZ MNC and provided a report which includes multiple ways to bypass their endpoint security. Apart from providing the report, I also suggested necessity for crucial tool like EMET (protecting from memory bypass attacks etc) and helped them in deploying it and creating proper policies.

Physical Access Control System Technical Audit

Audited physical access control system across XYZ MNC and provided a report with complete set of loopholes present in their infrastructure. Apart from providing the report, I have lead the project till closure of each loophole.

Information Rights Management (IRM)

Pen-tested multiple tools available in market in IRM domain and deployed best in class product with DR setup across XYZ organization.

SIEM

Done crucial CERT team analysis in XYZ MNC for the logs escalated by L1 and L2 teams to find any malicious activities. Apart from incident analysis, I also have made significant changes to security posture of organization by making new policies which were learnt from log analysis.

Data Destroyer Virus written in C

Written a code in C which is capable of destroying file/folder contents, making them unreadable.

Telecom : Broadband Application

Designed a broad band application in C++ which is capable of performing all basic operations of a Broadband application.

Machine Hacking with C++

Written a project code in C using which we can log key strokes of a computer, do any registry changes for blocking application access, block internet access by making changes in hosts file etc.

Simple Implementation of SMTP, FTP and TELNET using Java

Honors & Awards

Featured in Media
Honor date: Jan 2019
Honor description: Featured in India's largest circulated English and Telugu Newspapers including Deccan Chronicle, The Hindu, Hans India, Vaartha, AndhraJyoti, Saakshi, Andhrabhoomi , Visaalandra etc. Also Interviewed by HMTV news channel.
http://www.manideepk.com/#media

Outstanding Student Service Award - Research Category
Honor date: May 2017
Honor issuer: Carnegie Mellon University - INI Department
Honor description: I was awarded with "Outstanding Student Service Award" for my research.
http://www.ini.cmu.edu/alumni/informed/awards.html (Yet to be updated with 2017 recipients)

RSAC Scholar
Honor date: Feb 2017
Honor description: Selected as an RSAC Scholar to represent Carnegie Mellon University at R.S.A conference
https://www.rsaconference.com/about/rsac-security-scholar

ISSA Scholarship (E. Eugene Schultz, Jr., Memorial Scholarship)
Honor date: Oct 2016
Honor issuer: ISSA (Information Systems Security Association)
Honor description: http://issa-foundation.org/active_scholarship

Third Prize at Microsoft's "Build the Shield" Hacking Competition
Honor date: Mar 2016
Honor issuer: Microsoft
Honor description- http://www.ini.cmu.edu/news/2016/04/BuildtheShield.html
- https://www.cylab.cmu.edu/news_events/news/2016/cylab-students-sweep-microsoft-build-the-shield-competition.html

Youngest member in British Petroleum cyber security exercise
Honor date: Aug 2015
Honor description: Youngest member in British Petroleum cyber security exercise. Other members in the exercise include C.S.Os of IBM, Wipro, HP, Infosys and TCS.

"J.N Tata Scholar" Award
Honor issuer: JN Tata Endowment
Honor description: Proud to be one among the 4,800 J.N Tata Scholars across the world.

"Knowledge Pro" Award
Honor issuer: Tata Consultancy Services Pvt Ltd.

Carnegie Mellon Merit Scholarship
Honor issuer: Carnegie Mellon University

ISC2 Scholarship (Twice)
Honor issuer: ISC2
Honor description: Received ISC2 Graduate Scholarship twice. First scholarship was applied to my first semester at CMU and second scholarship was applied to third semester at CMU.
https://www.isc2cares.org/Scholarships/

J. N Tata Gift and Loan Scholarships
Honor issuer: J.N Tata Endowment

One of the youngest author
Honor description: One of the youngest authors in INDIA to publish a book at an age of 21

Certifications

Certified Hacking Forensic Investigator (CHFI)

ITIL v3 - Foundation

Cisco Certified Network Associate (CCNA)

ISO 27001:2013 ISMS Lead Auditor

Certified Security Analyst (ECSA v8)

Juniper Networks Certified Professional Security (JNCIP-SEC)

Juniper Networks Certified Specialist Security (JNCIS - SEC)

Juniper Networks Certified Associate (JNCIA)

Certified Ethical Hacker (CEH)

Certified Information Security Expert (CISE)

LinkedIn Feed

Affiliations

Open Web Application Security Project (OWASP)
Ex-professional member

Association for Computing Machinery(ACM)
Ex-professional member

Asian Professional Security Association (APSA)
Ex-professional member

Computer Society of India (CSI)
Ex-student member

Null - The Open Security Community
Ex-member

Indian Society for Technical Education (ISTE)
Ex-student member

Testimonials

" Manideep worked on my team over the summer researching “bleeding edge” container security topics and making recommendations to the rest of Adobe on container security standards. It is extremely rare to find an intern I can trust with such an important topic and who can tell me what research needs to be done (rather than visa versa). Manideep is extremely bright, very hard working and needs little direction. Last but not least, Manideep is an excellent presenter and is fun to work with "

Liz McQuarrie

Director of Security Operations, Cloud Ops at Adobe

lmcquarr@adobe.com

" I have known Manideep for past 5 years and his security skills are really excellent. Apart from technical skills, his command and power on resource & human management is an excellent add-on which made him a module lead for one core security team @TCS with just 2.5 years of experience. I worked with him in few projects in the past and would always wish again to work ahead with him in future. "

Abhinav Singh (Infosec Author - 3 books)

Cyber Security Engineer, JP Morgan

abhinav.singh@jpmchase.com, abhinavbom@gmail.com

" I know Manideep for quite sometime now and he is a fantastic guy to work with. I was with him in TCS for 2 years. The amount of concentration levels he has towards things is extremely high which makes him unique from people I have seen at work. He has always been an excellent programmer which gives him a edge over other security engineers in the market. One should read his book to understand more about his skill set. If you a looking for a good security person, then he is the right one "

Abhijeth D Security Analyst, Adobe

Hall of fame in Google, Yahoo, Microsoft, Twitter etc

dugginap@adobe.com, abhijeth0423@gmail.com

" I have worked with Manideep for about a year and what comes to me instantly after communicating with him is his knowledge and experience when it comes to information security management "

Alan Pauh

Managing Director - Blancco SE Asia

alan.puah@blancco.com

" Manideep is very concept oriented and has good knowledge in programming and security. He is an perfect guy for someone who is looking for a person who is proactive, technically strong and innovative. Not to forget - his presentation skills are excellent "

Madhu Akula Network Security Analyst, WalmartLabs

Hall of fame in Facebook, Google, Yahoo, Microsoft etc

madhu.akula@hotmail.com

" I have known Manideep for more than 5 years now and attended a few of his workshops on C programming and Ethical hacking. His interest and knowledge in the subject is amazing. He has great skills & knowledge in IT and Risk Management domain which are very important to handle security operations. His workshops and books on Ethical Hacking are one of the easiest and best to understand even for a novice. "

- Akhilesh Gadde

ex- Ericsson R&D, current Stony Brook university student

akhi3762@gmail.com, akhilesh.gadde@stonybrook.edu

" I Know Manideep since 6 years, he is a combination of skills, dedication and determination. His work on security is of great admiration to anyone. Apart from doing research , he also transferred knowledge by conducting seminars and lectures. He also worked with the state police in helping them decode a few cyber crimes.when all his fellow students were busy reading books, he wrote a book on ethical hacking which was acclaimed to be one of the best sellers in the niche. He had personally helped me multiple times in solving many of mine and my friends queries related to security and also helped me in security testing of few personal build applications "

Hi!

Welcome to my Professional life