Summary
Overview
Work History
Education
Skills
Websites
Training
Accomplishments
Certification
Timeline
Generic

MAHADEV PRASAD NANDA

Cybersecurity Leader

Summary

Cybersecurity Leader with 17+ years of experience in incident response, threat detection, application, and edge security across cloud-native environments & on-prem. Expertise in WAF, bot mitigation, DDoS defense, fraud detection, DFIR, and threat intelligence. Proven ability to optimize SOC processes, lead cross-functional teams, and enhance security posture and resilience. Strong communicator adept at conveying complex threats to technical and executive audiences. Passionate about building scalable, AI/ML-driven security systems while fostering collaboration and mentorship.

Overview

17
17
years of professional experience
4
4
years of post-secondary education
6
6
Certifications

Work History

Information Security Manager

PayPal PTE. Ltd.
02.2018 - Current

Incident Response Leadership

  • Directed complex cyber incident investigations across enterprise environments, ensuring rapid containment, eradication, and recovery while minimizing business disruption and reputational risk.
  • Led root cause analysis (RCA) and comprehensive post-incident reporting, driving continuous improvement in security posture and operational resilience.
  • Managed end-to-end incident response processes, including forensic investigations, security log analysis, and coordination with internal and external stakeholders for timely mitigation.

Threat Detection & Hunting

  • Designed and optimized SIEM use cases and MITRE ATT&CK-based detection frameworks, significantly enhancing threat visibility and reducing mean time to detect (MTTD).
  • Led proactive threat hunting initiatives using behavioral analytics and threat intelligence to identify and neutralize advanced persistent threats (APTs) and emerging attack vectors.
  • Developed and fine-tuned detection rules, automated alerts, and SOAR playbooks to streamline alert triage, reduce false positives, and accelerate incident response.

Security Operation & Tooling

  • Managed and optimized a diverse security stack including EDR, XDR, IDS/IPS, SOAR, WAF, DDoS protection, IAM, and firewall solutions, improving real-time threat detection and operational efficiency.
  • Automated incident response workflows via SOAR platforms, reducing mean time to respond (MTTR) by up to 30% and enabling rapid containment of high-severity threats.
  • Led detection engineering efforts, enhancing correlation rules and alerting mechanisms within Splunk and other SIEM platforms to improve accuracy and coverage.

Cloud Security & Incident Response

  • Directed security incident response for cloud environments (AWS, Azure, GCP), strengthening API security controls and implementing scalable DDoS mitigation strategies to protect cloud-native applications.
  • Architected edge security solutions and rate limiting controls to defend against Layer 7 attacks and bot traffic, ensuring robust cloud infrastructure resilience.

Threat Intelligence & Risk Assessment

  • Established and maintained comprehensive threat intelligence programs by monitoring gloabal threat feeds, OSINT, and dark web activity to identify emerging risks and adversary tactics.
  • Mapped adversary tactics, techniques, and procedures (TTPs) using MITRE ATT&CK, integrating intelligence into detection and response strategies to proactively defend against sophisticated threats.
  • Developed cyber threat models and risk assessments to inform strategic defense initiatives and align security operations with organizational risk appetite.

Leadership, Team Management & Collaboration

  • Mentored and led a high-performing, globally distributed cybersecurity team of 20+ analysts and responders, fostering continuous professional development and operational excellence.
  • Developed and delivered targeted training programs on malware analysis, adversary emulation, and AI/ML-based anomaly detection to enhance team capabilities.
  • Collaborated cross-functionally with IT, legal, compliance, and business units to align cybersecurity initiatives with regulatory requirements and business objectives.
  • Served as a trusted advisor to C-suite and board members, providing clear, actionable threat briefings and risk posture updates supported by executive dashboards and metrics.

Process Development & Communication

  • Designed and implemented operational workflows for incident tracking, escalation, and remediation, improving response efficiency and consistency across the fusion center.
  • Authored detailed technical and executive reports on cyber incidents, vulnerabilities, and remediation strategies, enabling data-driven decision-making at all organizational levels.
  • Led cross-functional crisis simulations and regulatory audit preparations, ensuring compliance with industry standards such as NIST, ISO 27001, and CIS Controls.

Lead Security Consultant

NCS Pte. Ltd.
07.2016 - 02.2018
  • Delivered cybersecurity consulting and incident response for clients across banking, transport, retail, trading, and enterprise sectors.
  • Led containment, eradication, and recovery efforts for major security incidents; performed host and network forensics (DFIR) to assess root cause and impact.
  • Conducted threat assessments, malware analysis (including ransomware and phishing), and static reverse engineering in lab environments.
  • Supported L1/L2 teams with triage and escalation using SIEM tools (Arcsight); investigated IDS events and vendor intelligence reports.
  • Detected and responded to fraudulent activity, phishing attempts, and credential validation attacks; coordinated with AV/email vendors for remediation.
  • Authored detailed reports, enhanced detection use cases, and collaborated on SOC process improvements and playbook development.
  • Performed vulnerability assessments, risk audits, and pre/post product evaluations for endpoint and network security controls.
  • Delivered cyber threat intelligence services and tailored security advisories; applied kill chain modeling to threat hunting efforts.
  • Reviewed technical environments and proposed optimized detection strategies; contributed to SOP design and ASOC triage enhancement.

SME - Global Cyber Security Operations

Wipro Limited (CITI Bank)
01.2011 - 07.2016
  • Served as the Single Point of Contact (SPOC) for vendor coordination and client engagement in global security projects.
  • Managed perimeter security infrastructure including CheckPoint, Palo Alto, Juniper, Cisco firewalls, Bluecoat proxies, and VPN solutions.
  • Led configuration, change management, and troubleshooting for firewall rules, NAT, ACLs, and VPN access.
  • Conducted advanced log analysis and threat correlation using tools such as Arcsight Logger, Arbor PeakFlow, SourceFire, Proofpoint, and McAfee across Unix and Windows environments.
  • Oversaw global SOC operations, monitoring IDS/IPS, firewall, proxy, and VPN logs; detected anomalies and investigated potential threats.
  • Directed incident response and risk management efforts, including DDoS, phishing, malware, and policy violations.
  • Performed system vulnerability assessments, implemented countermeasures, and ensured timely resolution of security breaches.
  • Reviewed audit logs, tracked incidents, and recommended SIRT actions across heterogeneous platforms (Wintel, UNIX, SQL, Oracle).
  • Ensured compliance through MAS audits and ongoing collaboration with internal and external stakeholders.

Security Analyst

ITC Infotech India Limited
12.2009 - 01.2011
  • Directed monitoring and analysis of security events across SIEM (QRadar, Arcsight), IDS/IPS, firewalls, and VPNs to identify threats and vulnerabilities.
  • Led investigations and coordinated response efforts for critical incidents including malware, phishing, DDoS, data breaches, and unauthorized access.
  • Drove escalation processes and cross-functional collaboration with IT, DevOps, and risk teams to ensure effective remediation and prevention.
  • Architected and optimized SIEM use cases, correlation rules, and dashboards to enhance real-time threat detection and situational awareness.
  • Ensured seamless integration of SIEM with broader security infrastructure for comprehensive visibility and response coverage.
  • Oversaw firewall policy management, ACL enforcement, and network segmentation to uphold least privilege and reduce attack surfaces.
  • Delivered executive-level incident reporting, trend analysis, and operational metrics to inform strategic decisions.
  • Maintained audit-ready documentation and ensured SOC compliance with internal policies, regulatory frameworks, and industry standards.

SOC Security Analyst

Paladion Networks
04.2008 - 12.2009
  • Led real-time monitoring and analysis of security events using SIEM platforms (Arcsight, Splunk, QRadar) to detect and respond to emerging threats.
  • Investigated malware infections, DDoS attacks, and unauthorized access incidents, ensuring timely containment and mitigation.
  • Conducted log analysis across Windows/Unix servers, firewalls, IDS/IPS, and VPNs to uncover suspicious behavior and vulnerabilities.
  • Developed and maintained SIEM dashboards and generated executive-level security advisories and incident reports.
  • Administered and optimized firewall and IDS/IPS configurations; conducted vulnerability assessments and penetration testing on critical systems.
  • Collaborated with cross-functional teams to enforce ACLs, implement network segmentation, and strengthen perimeter defenses.
  • Managed phishing investigations and coordinated takedown efforts with external partners.
  • Delivered threat hunting and advanced malware analysis to detect stealthy attack patterns and reduce dwell time.
  • Mentored junior SOC analysts and enhanced detection workflows through SIEM rule tuning and correlation logic.

Education

B.TECH - Electrical Engineering

Biju Patnaik University Of Technology
01.2003 - 01.2007

Skills

undefined

Training

  • HITB GSEC - Network Data Exfiltration Techniques
  • Bluecoat ProxySG Administrator - TR-BCCPA
  • Palo Alto Networks: Firewall Installation and Management

Accomplishments

  • Served as Industry Expert & Judge at WorldSkills Singapore, designing CTF challenges for university students.
  • Regular participant in cybersecurity education and awareness initiatives across schools and public forums.
  • CTF competition winner on multiple occasions; active in the offensive and defensive security community.
  • Led initiatives that reduced DDoS attack leakage by 90% and revamped mitigation strategies protecting over 70% of PayPal’s infrastructure.

Certification

CISM - Certified Information Security Manager

Timeline

CISM - Certified Information Security Manager

01-2025

Information Security Manager

PayPal PTE. Ltd.
02.2018 - Current

Lead Security Consultant

NCS Pte. Ltd.
07.2016 - 02.2018

SME - Global Cyber Security Operations

Wipro Limited (CITI Bank)
01.2011 - 07.2016

Security Analyst

ITC Infotech India Limited
12.2009 - 01.2011

SOC Security Analyst

Paladion Networks
04.2008 - 12.2009

B.TECH - Electrical Engineering

Biju Patnaik University Of Technology
01.2003 - 01.2007
MAHADEV PRASAD NANDACybersecurity Leader