Akshay Suryawanshi

Challenge

High volume of L1 security alerts (200+ daily) leading to analyst fatigue, delayed response times, and inconsistent triage quality.

Solution

Designed and implemented an automated workflow integrating CrowdStrike EDR alerts with AI (ChatGPT) for context enrichment, VirusTotal for IOC analysis, and Power Automate for orchestration with Jira ticketing. Continuously evolving the workflow — better enrichment, tighter alert correlation, reduced false-positive rates.

Recent Improvements

• Tightened alert correlation rules to suppress duplicate / low-signal alerts
• Improved IOC enrichment pipeline — GTI + VirusTotal lookups happen before analyst touch
• Better integration between EDR, SIEM (Hunters), and Jira ticketing
• Routing improvements so high-severity alerts skip auto-triage and page humans directly

Key Accomplishments

• ~50% reduction in manual investigation time
• Improved Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)
• Standardized alert handling with consistent documentation
• Automated IOC enrichment and threat context gathering
• Better analyst focus on high-severity and novel threats

Challenge

Rapid adoption of AI tools across the organization without clear guidance on acceptable use, data handling, and security risks, creating potential compliance and data exposure risks.

Solution

Independently authored a comprehensive AI Usage and Governance Policy covering approved tools, data classification requirements, prohibited use cases, and security controls for AI adoption.

Key Accomplishments

• Defined acceptable use guidelines for AI tools across the business unit
• Established data classification rules for AI input/output handling
• Created risk assessment criteria for evaluating new AI tools and services
• Aligned policy with existing data protection and privacy requirements (GDPR, CCPA)
• Developed employee awareness materials on responsible AI usage
• Implemented review and approval workflow for new AI tool requests

Challenge

Inconsistent incident handling with unclear roles, ad-hoc escalation procedures, and no formal documentation for compliance audits.

Solution

Created a comprehensive NIST-aligned Incident Response Plan covering all phases: Preparation, Detection & Analysis, Containment, Eradication, Recovery, and Post-Incident Activity.

Key Deliverables

• Defined RACI matrix for IR team roles and responsibilities
• Created severity-based escalation workflows (P1-P4)
• Developed communication templates for stakeholders
• Established incident classification and categorization criteria
• Implemented post-incident review and lessons learned process
• Created IR playbooks for common attack scenarios

Challenge

Multi-cloud environments (AWS, Azure, OCI) with inconsistent security configurations, container workload exposure, IaC drift, and gaps in API authentication.

Solution

Conducted thorough security architecture reviews focusing on IAM, network segmentation, compute hardening, container security (EKS/ECS), IaC template review (Terraform, CloudFormation), API security (OAuth/OIDC, API gateways), storage encryption, and monitoring capabilities.

Key Accomplishments

• Reviewed IAM policies and implemented least-privilege access; enforced Zero Trust controls via Conditional Access
• Assessed network security groups, VPC design, segmentation, and micro-segmentation patterns
• Reviewed container security configurations across EKS and ECS workloads — image scanning, runtime policies, network policies
• Reviewed Terraform and CloudFormation templates for security misconfigurations as part of architecture reviews
• Validated API authentication flows (OAuth/OIDC) and API gateway configurations
• Identified and remediated public exposure risks
• Validated encryption at rest and in transit configurations
• Addressed logging and monitoring gaps
• Reduced overall cloud attack surface by ~40%

Challenge

Large vulnerability backlog with no clear prioritization, leading to critical vulnerabilities remaining unpatched and audit findings.

Solution

Designed and implemented a comprehensive vulnerability management program with risk-based prioritization using CVSS, asset criticality, and exploitability factors.

Key Accomplishments

• Leveraged Orca Security for continuous cloud vulnerability scanning (previously paired with Tenable for on-prem infrastructure)
• Created risk-based prioritization matrix (CVSS + Criticality + Exploitability)
• Established SLA-driven remediation timelines (Critical: 7 days, High: 30 days)
• Built executive dashboards for vulnerability KPIs
• Reduced critical vulnerability backlog by 60% in 6 months
• Coordinated with IT teams for timely patching

Challenge

High phishing click rates (~40%) and lack of security awareness training, leading to increased risk of credential compromise and social engineering attacks.

Solution

Launched an organization-wide security awareness program with annual mandatory training via internal LMS and monthly phishing simulation campaigns.

Key Accomplishments

• Reduced phishing click rates from 40% to 14% (65% improvement)
• Achieved 95%+ completion rate for annual security training
• Conducted monthly phishing simulations with targeted remedial training
• Created custom phishing templates based on real-world threats
• Built executive dashboards tracking training metrics and user risk scores
• Established security champions program across departments

Scope

Enterprise pentest team (Cimpress) performs the initial testing. I own scoping, asset identification, cross-functional remediation, and — critically — hands-on retesting and validation of every remediated finding using BurpSuite and other security testing tools. A "fix" doesn't ship until I've confirmed it.

Key Accomplishments

• Coordinated annual penetration testing engagements with enterprise security team
• Facilitated scoping and asset identification for pentest campaigns
• Drove cross-functional remediation efforts for identified vulnerabilities
• Achieved 100% remediation of critical findings within SLA (7 days)
• Personally retested findings using BurpSuite — manipulating requests, inspecting responses, validating that fixes are actually effective rather than relying solely on developer assertions
• Created remediation tracking dashboards for executive visibility

Challenge

Reactive security posture with limited visibility into emerging threats and attack campaigns targeting the industry.

Solution

Operationalized enterprise threat intelligence platforms for the business unit, enabling dark web monitoring, credential leak detection, and IOC enrichment to support proactive security operations.

Key Accomplishments

• Currently standardized on Google Threat Intelligence (GTI) — enforced as the Cimpress Group TI platform and continuing forward
• Previously operationalized Flare.io and Cyble across 2024–2025 (~1 year each) before consolidation onto GTI
• Established dark web monitoring for credential leaks, brand mentions, and data exposure
• Automated IOC enrichment workflows integrated with security operations
• Coordinated actionable intelligence findings with enterprise SOC and business stakeholders
• Created threat intelligence briefings for leadership and stakeholders
• Contributed to ~40% improvement in threat detection time through intelligence-driven operations

Challenge

Legacy firewall rules accumulated over years with overly permissive policies, redundant rules, and lack of documentation creating security gaps.

Solution

Performed comprehensive firewall security assessments including rule review, traffic analysis, policy optimization, and implementation of security best practices.

Key Accomplishments

• Reviewed and analyzed 1000+ firewall rules across multiple firewalls
• Identified and removed redundant, shadowed, and unused rules
• Eliminated overly permissive "any-any" rules and tightened access controls
• Implemented network segmentation and zone-based security policies
• Created standardized rule naming conventions and documentation
• Reduced firewall rule count by 35% while improving security posture
• Established periodic firewall rule review and cleanup process

Challenge

Sprawling password-based authentication across enterprise apps created a large credential attack surface, inconsistent MFA coverage, and limited ability to enforce least-privilege access at the identity layer.

Approach

Led the security workstream for SSO integration via Microsoft Entra ID. Coordinated with the infrastructure team on implementation while owning security requirements, Conditional Access policy design, and validation. Applied Zero Trust principles — identity as the new perimeter.

Key Accomplishments

• Defined SSO security requirements and authentication flow standards
• Designed and implemented Conditional Access policies across the organization
• Enforced MFA, device compliance, and risk-based access controls
• Reduced password-based attack surface across enterprise applications
• Aligned the rollout with Zero Trust principles — least-privilege, identity-based access
• Validated authentication flows and edge cases before broad rollout

Challenge

Lack of consistent data retention policies across global operations, creating compliance risks and inefficient storage management.

Solution

Led cross-functional project to develop and implement global data retention policies aligned with GDPR, CCPA, and business requirements.

Key Accomplishments

• Developed comprehensive data retention policy covering all data types
• Coordinated with Legal, Compliance, IT, and Business stakeholders
• Implemented automated retention policies in M365 and SharePoint
• Created data classification framework (Public, Internal, Confidential, Restricted)
• Established data disposal procedures with audit trails
• Achieved compliance with GDPR "right to be forgotten" requirements
• Reduced storage costs by 30% through policy enforcement

Challenge

Security controls and processes not aligned with industry frameworks, making audit preparation time-consuming and inefficient.

Solution

Mapped existing security controls to ISO 27001, NIST CSF, and CIS Controls, closing gaps and establishing continuous compliance monitoring.

Key Accomplishments

• Conducted gap analysis against ISO 27001 Annex A controls
• Aligned security program with NIST CSF framework (Identify, Protect, Detect, Respond, Recover)
• Implemented CIS Critical Security Controls prioritization
• Maintained risk register with risk treatment plans and acceptance workflows
• Established evidence collection process for audit readiness
• Passed external security audits with zero critical findings
• Reduced audit preparation time by 60%

Challenge

Lack of visibility into security posture for leadership, making it difficult to demonstrate value and secure budget approval.

Solution

Developed executive-level security dashboards with actionable KPIs and trend analysis for data-driven decision making.

Key Metrics Delivered

• SOC metrics: MTTD, MTTR, alert volumes, false positive rates
• Vulnerability metrics: Open vulnerabilities by severity, SLA compliance, remediation trends
• Incident metrics: Incident counts by type, severity, and containment time
• Training metrics: Completion rates, phishing click rates, security champion engagement
• Risk metrics: Top risks, risk treatment status, residual risk levels
• Enabled data-driven security investment decisions
• Improved C-level visibility into security posture

Challenge

Inconsistent security expectations across new solution designs, leading to repeated architectural review findings and rework.

Solution

Authored a comprehensive Architecture Best Security Practices document that standardizes security expectations for all new solutions and architectures, serving as the security baseline during design reviews.

Key Accomplishments

• Defined security baseline requirements for cloud (AWS, Azure, OCI) and on-premises architectures
• Established mandatory security controls for IAM, encryption, network segmentation, logging, and API security
• Integrated threat modeling expectations into the architecture review process
• Created reusable security review checklists for solution architects and engineers
• Reduced architecture review rework by standardizing security expectations upfront
• Document adopted as the security reference for all new project designs

Challenge

Aging on-premises infrastructure with high maintenance costs, limited scalability, and complex disaster recovery requirements.

Solution

Designed and executed a phased migration strategy using AWS Application Migration Service (MGN) for lift-and-shift migration, followed by modernization initiatives.

Key Accomplishments

• Migrated 500+ Windows/Linux servers to AWS EC2
• Deployed AWS Workspaces for secure remote workforce access
• Implemented automated backup and disaster recovery using AWS Backup
• Configured S3, FSx, and RDS for storage and database needs
• Established AWS Systems Manager for patch management
• Zero downtime during migration with careful cutover planning

Challenge

Post-migration AWS costs at $60K/month with overprovisioned resources, underutilized instances, and no cost governance.

Solution

Conducted comprehensive cost analysis and implemented optimization strategies including rightsizing, reserved instances, spot instances, and automated resource management.

Key Accomplishments

• Reduced monthly AWS costs from $60K to $40K (33% savings = $20K/month)
• Implemented instance rightsizing based on CloudWatch metrics
• Purchased reserved instances for steady-state workloads
• Automated stop/start schedules for non-production environments
• Established AWS Cost Explorer dashboards and budget alerts
• Created cost allocation tags for departmental chargeback

Scope

Extensive experience managing Windows Server ecosystem across all major versions from legacy Windows 2000 through modern Windows Server 2022, supporting enterprise infrastructure for 10,000+ users.

Key Accomplishments

• Deployed and maintained Windows Server 2000, 2003, 2008, 2012, 2016, 2019, 2022
• Configured Group Policy Objects (GPO) for enterprise security, compliance, and user/computer policies
• Managed DNS and DHCP services for enterprise network infrastructure
• Administered Microsoft Intune for cloud-based endpoint management and mobile device management
• Managed Azure AD/Entra ID for modern identity and authentication
• Deployed and maintained SCCM/ConfigMgr for software deployment, OS imaging, and compliance
• Configured WSUS for on-premises patch management
• Implemented AWS Systems Manager (Patch Manager) for hybrid cloud patching
• Managed DFS (Distributed File System) for file replication and namespace
• Implemented server hardening and security baseline configurations

Scope

Comprehensive management of enterprise virtualization infrastructure with focus on high availability, disaster recovery, and resource optimization.

Key Accomplishments

• Managed VMware ESXi/vSphere clusters (6.x, 7.x) with 200+ VMs
• Administered Nutanix hyper-converged infrastructure (AHV)
• Configured vMotion, DRS, and HA for workload balancing and failover
• Implemented Veeam Backup & Replication for VM protection
• Set up disaster recovery site with VM replication
• Performed complex migrations: P2P, P2V, V2V, V2C (Physical-to-Physical, Physical-to-Virtual, Virtual-to-Virtual, Virtual-to-Cloud)
• Optimized resource allocation and VM rightsizing
• Managed storage provisioning (SAN, NFS, vSAN)
• Implemented virtual networking with distributed switches

Challenge

Complex identity management across on-premises AD and cloud services with growing security and compliance requirements.

Solution

Architected and maintained hybrid identity infrastructure with Azure AD Connect, implementing security hardening and conditional access policies.

Key Accomplishments

• Managed multi-domain AD forest for 3,000+ users
• Implemented Azure AD Connect for hybrid identity sync
• Configured Group Policy Objects (GPOs) for security hardening
• Set up LDAPS and secure authentication protocols
• Deployed LAPS for local admin password management
• Integrated with SIEM for AD security monitoring

Scope

End-to-end administration of Microsoft 365 services supporting organization-wide communication and collaboration needs.

Key Accomplishments

• Administered Exchange Online mailboxes, distribution lists, and mail flow rules
• Configured email security with anti-spam, anti-phishing, and safe links policies
• Managed SharePoint Online sites and permissions
• Deployed Microsoft Teams for enterprise collaboration
• Implemented DLP policies for sensitive data protection
• Configured retention policies and eDiscovery for compliance