Sidharth Bora

Experienced cyber security assessment expert with a comprehensive understanding of 360-degree assessment. Demonstrated success in leading, owning, and overseeing testing and implementation of changes to mitigate risk. Ethical hacker, CISSP & AWS Certified Security professional with over 20 years of multi-functional experience in IT, specializing in infrastructure, cloud, security design, architecture, and support for Secured, Centralized, Decentralized, Distributed, Scalable, Fault Tolerant, and highly available systems. Expertise in ensuring data confidentiality, integrity, and availability both on-premise and on the cloud (AWS), following best practices from frameworks such as NIST CSF and AWS Well-Architected Framework.

• CISSP
• AWS Certified Security Specialty
• AWS Certified Solutions Architect- Associate
• Certified Blockchain Architect
• PSM I(Professional Scrum Master)
• ITIL Business Continuity
• RedHat Certified Engineer
• Certified Big Data Professional
• IBM WebSphere MQ certified
• LinkedIn Linux Badge (Top 30% of 1.5M people)

Senior management roles (Director, Senior VP, Head) of Cyber Security, Cloud Security, Infra Projects. Be a part of relentless Design, Architecture, Implementation & Support for the next gen game changing Digital Disruptive technology in Cloud, Infra and Security to defend the Organization Assets.

Security : AWS Cloud Security, DevSecOps pipeline Architect & Design, Blockchain Security, Kali Linux, Pentest

Frameworks : MITRE ATT&CK, CIS, NIST, MAS, AWS Well Architected Framework, ISO27001, STRIDE, PASTA

Cloud : AWS, Azure

Middleware : Kafka, WMQ

Database : Postgres, Redis

Infra/Platform : RedHat OS, HP-Unix, Solaris, AIX, Windows, IBM Data Watson Kubernetes, RedHat OpenShift

Project Management : Change Management, Risk Management, Vendor Management

Cyber Security Assessment expert with experience and knowledge of 360-degree assessment & leading, owning and overseeing the changes Tested and implemented to mitigate the risk. Ethical Hacker, CISSP certified professional and AWS Certified Security Specialty Professional with more than 18+ Years of multi-functional experience in IT domain, having forte in Infra, Cloud, Security Design, Architecture, Support for a Secured, Centralized, Decentralized, Distributed, Scalable, Fault Tolerant, and highly available systems. Proven expertise in ensuring the confidentiality, Integrity and availability of data on premise and on Cloud (AWS) with best practices from various Frameworks like NIST CSF, AWS Well Architected Framework.

Visa Status: PR

Linkedin Profile: https://www.linkedin.com/in/sidharth-bora/

Published work on :Blockchain Security: https://medium.com/@sidharth.bora/blockchain-security-devsecops-smart-contract-84ebdccb7d4

Lawn Tennis

Badminton

Project Name: Cyber Security Due Diligence check for reputed Australian Bank slated to merge with another bank

Role: Cyber Security Lead Company: Cognizant Singapore Date: April 2024 – Till Date

Description:

•NIST CSF 2.0 Assessment and scoring for the to be merged bank to identify the gaps, red flags.

•Threat modeling assessment of critical Apps using the industry frameworks to highlight and mitigate risk.

•Skimming through the docs and reports to understand the risk appetite, policy, procedures, guidelines

•Data Governance best practices ideation to be implemented after merger.

Project Name: Ransomware Assessment

Role: Cyber Security Consultant Lead Company: Cognizant Singapore Date: Jan 2023 – Jan 2024

Description:

•Identify the crown jewel assets of the Bank, highest risk data assets, review policies & recommending controls to protect the assets.

•Assess the effectiveness of the security controls and checks, efficacy of detection, blocking and remediation measures.

•Assess endpoint security using MITRE&CK in controlled environment to simulate the actual behavior.

•Successfully identified gaps, Reporting to the management in business acumen language along with Cyber Resiliency Road map.

•Supporting Sales, Pitch, RFP’s for various top notch clients with stellar presentation and business, IT understandable concepts.

•Co-Author of the Cognizant’s Cyber Security Framework combined with NIST CSF validation with GIPDR2 functions for the critical assets.

Project Name: API Cloud Security (major Bank in Southeast Asia)

Role: Enterprise Security Architect Company: Cognizant Singapore Date: April 2023 – April 2024

Description:

•Green Field Migration Project. Associated with AWS Cloud Security Road Map for the Application migration with Company Standards.

•Contribute to Security Policy, Standards, processes revamp with respect to the Local Compliance and Regulation.

•Oversee the implementation of the API Security Policies implementation for due diligence, maintenance and upgrade.

•Review data compliance, Cloud Infra compliance w.r.t various frameworks/tools designed for the Cyber Security (like OWASP, NIST CSF)

Project Name: Blockchain Infra & Security

Role: Blockchain Security Architect Company: OCBC Singapore Date: Sep 2021 - Jan 2023

Description:

•Implemented Blockchain Platform As a Service on on RedHat OpenShift 4.6 (Hyperledger Besu nodes (Ethereum), IPFS, Middleware).

•Involved in scoping, Budgeting, planning, costing (1 million SGD appx) and end to end implementation.

•Blockchain vulnerabilities management w.r.t Clients, Consensus, Mining pool, Network, Smart Contract. Zero-day exploits (swcregistry).

•Design  SAST/SCA Integration for Blockchain Smart Contract code scan in the pipeline for Application Security (DevSecOps).

•Developing standards and architectural security governance for Blockchain platform usages.

•Single point of contact to train, coordinate, deliver the Blockchain training through external vendor for 400 participants from OCBC & BOS.

•Third party Risk management for vendors coordination for an external joining the Blockchain team.

•Incident response matrix and plan implementation for production incidents, security issues and outages.

•Part of panel for discussion with regulatory bodies like MAS Singapore, Custodians, other Banks for new Blockchain projects.

Project Name: AWS Cloud Security

Role: Senior Enterprise Cloud Engineer Company: OCBC Singapore Date: Jan 2019 - Sep 2022

Description:

•AWS Cloud stacks test for security (including AWS Guard Duty, AWS Config Inspector, S3, RDS, IAM, Cloud Watch, CloudTrail).

•Continuously update and maintain an IT security technical reference architecture for current state gaps and future state.

•Continuously update risk assessment process with templates and conduct system design reviews with new tools from AWS.

Project Name: Edge Computing POC

Role: Transformation Architect Company: OCBC Singapore Date: Jan 2022 - Sep 2022

Description:

•Worked with vendors to implement a POC to protect the Banks Customers from phishing attempts.

Both for Mobile and Desktop version based on mobile location, generation of OTP etc.

Project Name: Enterprise Kafka Cluster setup

Role: Lead Architect & Implementor Company: OCBC Singapore Date: Jan 2019 – Jan 2022

Description:

•Implemented Enterprise Grade Kafka for SIT/UAT/PROD/DR supporting critical payment systems like PROMPT PAY.

•Standards, Guidelines, Performance, Governance for the set up. Self-service portal automation for Topics creation and Security.

•Performance to analyze replication to DR, break point of Cluster.

Project Name: SPLUNK & Geneos Admin & Dashboard Specialist

Role: Technical Lead Company: Credit Suisse Singapore Date: Jan 2016 – July 2018

Description:

•Use of SIEM tool SPLUNK to identify security related events & displaying them on the dashboard for 24x7 monitoring by L1 team.

•Support for the implementation of ISO27001 plus tailoring of standards and policies according to Organization followed standards.

•Run the INC management call for Production incidents, Security incidents related to Middleware Infrastructure.