Hello and Welcome to My Portfolio

My Name is Jagadeesh People call me Jags,
Multi-Cloud Security Consultant

A seasoned cloud security consultant with a proven track record in fortifying digital cloud landscapes, ensuring data integrity; based in America.

Security is not just someone else's problem; it is everyone's responsibility

Clients I worked so far in Different roles...
As a Security Consultant working with different cloud service providers as per Client's requirement. My role keeping changing, but one thing is in common always I see is to Protect & secure client's assets as a Primary Objective

Know More About Me…

Jags is a Security Consultant in the Cloud and SecOps space. He has a strong background in software engineering, he has been securing cloud infrastructures, network security, workload protection / data security, compliance frameworks, securing Orchestrations, serverless technologies, native security controls for the past 10+ years.
In recent times, Jags has been focused on Multi-Cloud, AppSec pipeline and Zero Security with respect to Geo based compliance Frameworks.

I specialize in safeguarding data through comprehensive strategies tailored for Containers, Kubernetes Orchestration, and the integration of 3rd Party Native tools.

Now, I’m spending more time on my research for new security trends related to Multi-Cloud Security and Zero-Trust Principles with respect to Governance and Compliance standards.

Sometimes People say I’m bit moody and not much talkative but I’m a good listener to understand customer issues & think problem from root level and try to mitigate with my actions.

Work Experience: HCL Technologies – Nov 2010 – Apr 2023; India.

Adisols : May 2023 to Present, California. 

Education: Information Technology Engineering.

Certified Cloud Security Consultant (AWS, Azure, GCP, Kubernetes)

Project Highlights - See my works

My Ways of Working
Know your cloud security posture

Rapidly identify gaps and establish a risk-aligned architecture and roadmap for baseline cloud security that optimizes current technology investments.

Automate native security

Automate deployment of security guardrails with pre-built accelerators for cloud native services including AWS, Microsoft Azure and Google Cloud.

Be proactive with compliance

Optimize detection and streamline cloud security operations. Mitigate risk with cloud service providers (CSPs) to align with regulatory requirements.

Security monitoring and response

Monitor public cloud cost effectively and at scale using security tools and use cases to address evolving threats and complex regulatory requirements.

Services I Have Implemented & I can Handle
  • Created IAM roles for EC2 instances and ECS tasks with the least privilege needed for their respective roles.
  • Implemented IAM policies to enforce MFA for users and restrict access to specific S3 buckets & review and audit IAM policies.
  • Setting up a VPC with public and private subnets.
  • Implemented security groups and configure network ACLs and security groups to control traffic between different tiers and enforce the principle of least privilege.
  • Created WAF rules to block common web application attacks such as SQL injection or cross-site scripting (XSS).
  • Enabled GuardDuty to review findings related to potentially compromised instances, unauthorized access, or unusual API activity.
  • Enabled AWS Shield to automatically detect and mitigate DDoS attacks against your web applications.
  • Deployed an RDS instance for the backend database.
  • Enabled encryption at rest using AWS Key Management Service (KMS) for an additional layer of data protection.
  • Encrypted an Amazon S3 bucket using a KMS key to protect sensitive data stored in the bucket.
  • Enabled AWS CloudTrail to log API calls and store logs in an S3 bucket.
  • Review CloudTrail logs to track who did what and when in your AWS environment and had set up alerts for specific API activities.
  • Enabled CloudWatch Alarms to alert on specific security-related events, such as changes to security groups or IAM policies.
  1. Transformational Identity and Access Management (IAM):

    • Spearheaded the overhaul of identity and access management, introducing a centralized platform that seamlessly integrates Azure AD, Azure RBAC, Conditional Access, and PIM. This transformation enhanced security and streamlined user access to sensitive resources, ensuring a robust and scalable IAM framework.
  2. Innovative Networking and Access Control Architecture:

    • Architected and implemented an innovative networking infrastructure, leveraging VNets, NSGs, Azure Firewall, and Bastion to establish secure and isolated network environments. This design not only fortified the company's digital perimeter but also provided secure remote access and centralized network protection against advanced threats.
  3. Proactive Threat Detection and Response Strategy:

    • Pioneered a proactive approach to threat detection and response by implementing advanced solutions like Azure Security Centre, Defender for Cloud, and Sentinel. This strategic shift enabled the company to detect and mitigate threats swiftly, leveraging cutting-edge analytics and automation for a resilient cybersecurity posture.
  4. Comprehensive Data Security and Compliance Management:

    • Revamped data security practices by introducing Azure Key Vault, Storage Service Encryption, SQL TDE, and DLP. This comprehensive data security strategy not only protected sensitive information but also ensured compliance with industry regulations. The implementation of Azure Security Centre Compliance Manager further automated assessments and reports, simplifying compliance management.
  5. Optimized Security Operations and Resource Utilization:

    • Implemented a holistic security operations strategy by incorporating tools like Security Cost Management, Activity Log, Security Centre Alerts, and Azure Policy. This initiative not only optimized security costs associated with Azure resources but also enhanced visibility into events, allowing for proactive monitoring, auditing, and policy enforcement across the entire Azure environment. This resulted in improved resource utilization and cost-effectiveness.
  • Defined DLP policies to classify and protect sensitive financial data.
  • Configured IAM policies to enforce the principle of least privilege and Implemented access controls on Cloud Storage buckets, Big Query datasets, and other relevant data storage services.
  • Collaborated with development teams to integrate DLP into trading applications and data processing pipelines.
  • Configured monitoring to detect any unauthorized access or data exposure related to financial models, certificate validity and set up alerts for expirations
  • Enhanced data security for cloud workloads using digital certificate management in assessing and defining certificate needs for securing cloud workloads.
  • Selected appropriate SSL/TLS certificates for encrypting data in transit.
  • Implemented Google Cloud's Certificate Authority Service for centralized certificate management for 509 certificates.
  • Automated certificate issuance and renewal processes for continuous encryption.
  • Integrated certificate management seamlessly with cloud applications for secure communication.
  • Ensuring data security for cloud-based operations through encryption and access controls.
  • Implemented encryption for data at rest using Google Cloud KMS & data in transit using TLS and HTTPS.
  • Implemented IAP for fine-grained policy-based access controls.
  • Conducted regular security audits to ensure compliance with security best practices.
  • Documented encryption and access control procedures, and provide training sessions.
  • Develop an incident response plan for addressing data security incidents promptly, defined procedures for responding to unauthorized access or data breaches & handling certificates related Incidents.
  • Integrated static code analysis tools (SonarQube, Fortify, Snyk) into the DevOps pipeline to detect vulnerabilities early in the development process.
  • Scanned container images for vulnerabilities before deployment using tools like Anchore, Clair
  • Implement runtime security measures like container firewalls and intrusion detection systems (IDS) to protect running containers.
  • Maintained containers with the minimum necessary permissions to limit potential attack surfaces.
  • Secured container registries with authentication, authorization, and encryption to protect image storage.
  • Implemented Pod Security Policies (PSPs) to restrict container capabilities and resource usage, reducing attack vectors.
  • Implemented network segmentation within Kubernetes clusters using Network Policies to control traffic flow and isolate workloads.
  • Used admission controllers (e.g., Pod Security Admission, ImagePolicyWebhook) to enforce security policies before pods are created.
  • Conducted regularly scan Kubernetes clusters for vulnerabilities in components and configurations using tools like Kube-hunter or kube-bench.
  • Enable audit logging to track events and actions within the Kubernetes cluster for security analysis and incident response.
  • Protected continuous integration and continuous delivery (CI/CD) pipelines with robust authentication, authorization, and encryption.
  • Securely store and manage build artifacts using secure repositories or artifact managers.
  • Scanned IaC templates for misconfigurations and vulnerabilities using tools like Checkov or tfsec.
  • Implemented HIPAA (Health Insurance Portability and Accountability Act) U.S. regulation for protecting sensitive patient health information (PHI).
  • Followed PCI DSS (Payment Card Industry Data Security Standard) Global security standard for organizations that handle credit card data.
  • GDPR (General Data Protection Regulation): European Union regulation governing the protection of personal data.
  • FISMA (Federal Information Security Management Act): U.S. regulation for securing government information systems.
  • ISO/IEC 27017: International standard for cloud security, providing guidelines for information security controls applicable to cloud services.
  • ISO/IEC 27018: International standard for protecting personal data in the cloud.
  • Thoroughly understand the specific requirements of the standards applicable to your organization and industry.
  • Conducted a comprehensive risk assessment to identify potential threats and vulnerabilities in your cloud environment.
  • Implemented appropriate security controls to mitigate risks and meet compliance requirements.
  • Maintained thorough documentation of security policies, procedures, and controls Project specific.
  • Conducted regular audits and assessments to verify compliance and identify areas for improvement.
  • Continuously monitor your cloud environment for threats and vulnerabilities, and adjust security measures as needed.
  • If using third-party cloud providers, carefully evaluate their security practices and ensure they meet compliance requirements.
My Blogs & Community works
Read My writings
Active
Follow My Articles
Active
Security Specialist
Certified
Active Participant
Active

Let's Talk

Please email/call me, or send me message.
Name: Jagadeesh Kumar (Jags)

Contact Num: - +1 - 678 - 937-6355

Email: [email protected] / [email protected]

Teams: [email protected]/+1678-937-6355

Location: California