Akshay Suryawanshi

Challenge

High volume of L1 security alerts (200+ daily) leading to analyst fatigue, delayed response times, and inconsistent triage quality.

Solution

Designed and implemented an automated workflow integrating CrowdStrike EDR alerts with AI (ChatGPT) for context enrichment, VirusTotal for IOC analysis, and Power Automate for orchestration with Jira ticketing.

Key Accomplishments

• ~50% reduction in manual investigation time
• Improved Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)
• Standardized alert handling with consistent documentation
• Automated IOC enrichment and threat context gathering
• Better analyst focus on high-severity and novel threats

Challenge

Lack of in-house forensic capabilities requiring expensive external consultants for incident investigations, with delayed response times.

Solution

Designed and established a dedicated DFIR lab with isolated network, forensic workstations, evidence handling procedures, and malware analysis sandbox.

Key Accomplishments

• Set up isolated forensic network with write-blockers and imaging stations
• Deployed malware analysis sandbox (REMnux, FlareVM)
• Established evidence chain-of-custody procedures
• Implemented memory forensics capabilities (Volatility)
• Created forensic investigation playbooks and checklists
• Reduced external forensic consultation costs by 70%

Challenge

Inconsistent incident handling with unclear roles, ad-hoc escalation procedures, and no formal documentation for compliance audits.

Solution

Created a comprehensive NIST-aligned Incident Response Plan covering all phases: Preparation, Detection & Analysis, Containment, Eradication, Recovery, and Post-Incident Activity.

Key Deliverables

• Defined RACI matrix for IR team roles and responsibilities
• Created severity-based escalation workflows (P1-P4)
• Developed communication templates for stakeholders
• Established incident classification and categorization criteria
• Implemented post-incident review and lessons learned process
• Created IR playbooks for common attack scenarios

Challenge

Multi-cloud environments (AWS, Azure, OCI) with inconsistent security configurations, potential exposure risks, and gaps in monitoring.

Solution

Conducted thorough security architecture reviews focusing on IAM, network segmentation, compute hardening, storage encryption, API security, and monitoring capabilities.

Key Accomplishments

• Reviewed IAM policies and implemented least privilege access
• Assessed network security groups, VPC design, and segmentation
• Identified and remediated public exposure risks
• Validated encryption at rest and in transit configurations
• Addressed logging and monitoring gaps
• Reduced overall cloud attack surface by 40%

Challenge

Large vulnerability backlog with no clear prioritization, leading to critical vulnerabilities remaining unpatched and audit findings.

Solution

Designed and implemented a comprehensive vulnerability management program with risk-based prioritization using CVSS, asset criticality, and exploitability factors.

Key Accomplishments

• Implemented Tenable and Orca Security for continuous vulnerability scanning
• Created risk-based prioritization matrix (CVSS + Criticality + Exploitability)
• Established SLA-driven remediation timelines (Critical: 7 days, High: 30 days)
• Built executive dashboards for vulnerability KPIs
• Reduced critical vulnerability backlog by 60% in 6 months
• Coordinated with IT teams for timely patching

Challenge

High phishing click rates (~40%) and lack of security awareness training, leading to increased risk of credential compromise and social engineering attacks.

Solution

Launched an enterprise-wide security awareness program with annual mandatory training via internal LMS and monthly phishing simulation campaigns.

Key Accomplishments

• Reduced phishing click rates from 40% to 14% (65% improvement)
• Achieved 95%+ completion rate for annual security training
• Conducted monthly phishing simulations with targeted remedial training
• Created custom phishing templates based on real-world threats
• Built executive dashboards tracking training metrics and user risk scores
• Established security champions program across departments

Scope

Managed external penetration testing engagements covering web applications, infrastructure, cloud environments, and social engineering assessments.

Key Accomplishments

• Coordinated annual penetration testing with external security firms
• Conducted threat modeling sessions for critical applications
• Led cross-functional remediation efforts for identified vulnerabilities
• Achieved 100% remediation of critical findings within SLA (7 days)
• Implemented lessons learned process for continuous improvement
• Created remediation tracking dashboards for executive visibility

Challenge

Reactive security posture with limited visibility into emerging threats and attack campaigns targeting the industry.

Solution

Implemented and managed multiple threat intelligence platforms for comprehensive dark web monitoring, credential leak detection, IOC enrichment, and proactive threat hunting.

Key Accomplishments

• Managed and integrated multiple threat intelligence platforms (Flare.io, Cyble, Google Threat Intelligence, and others)
• Established dark web monitoring for credential leaks, brand mentions, and data exposure
• Automated IOC enrichment and threat actor attribution
• Conducted proactive threat hunting based on intelligence reports
• Created threat intelligence briefings for leadership and stakeholders
• Reduced threat detection time by 40% through intelligence-driven hunting

Challenge

Legacy firewall rules accumulated over years with overly permissive policies, redundant rules, and lack of documentation creating security gaps.

Solution

Performed comprehensive firewall security assessments including rule review, traffic analysis, policy optimization, and implementation of security best practices.

Key Accomplishments

• Reviewed and analyzed 1000+ firewall rules across multiple firewalls
• Identified and removed redundant, shadowed, and unused rules
• Eliminated overly permissive "any-any" rules and tightened access controls
• Implemented network segmentation and zone-based security policies
• Created standardized rule naming conventions and documentation
• Reduced firewall rule count by 35% while improving security posture
• Established periodic firewall rule review and cleanup process

Leadership Scope

Assumed Acting Team Lead role overseeing security operations, incident response, vulnerability management, and threat intelligence functions.

Key Responsibilities & Achievements

• Lead and mentor security operations team across SOC, IR, and DFIR functions
• Coordinate cross-functional incident response and security initiatives
• Build executive dashboards and security metrics (MTTD, MTTR, SLA compliance)
• Manage vendor relationships for security tools and services
• Drive continuous improvement initiatives for security processes
• Present security posture updates to senior leadership and stakeholders
• Developed team capacity planning and skill development roadmaps

Challenge

Lack of consistent data retention policies across global operations, creating compliance risks and inefficient storage management.

Solution

Led cross-functional project to develop and implement global data retention policies aligned with GDPR, CCPA, and business requirements.

Key Accomplishments

• Developed comprehensive data retention policy covering all data types
• Coordinated with Legal, Compliance, IT, and Business stakeholders
• Implemented automated retention policies in M365 and SharePoint
• Created data classification framework (Public, Internal, Confidential, Restricted)
• Established data disposal procedures with audit trails
• Achieved compliance with GDPR "right to be forgotten" requirements
• Reduced storage costs by 30% through policy enforcement

Challenge

Security controls and processes not aligned with industry frameworks, making audit preparation time-consuming and inefficient.

Solution

Mapped existing security controls to ISO 27001, NIST CSF, and CIS Controls, closing gaps and establishing continuous compliance monitoring.

Key Accomplishments

• Conducted gap analysis against ISO 27001 Annex A controls
• Aligned security program with NIST CSF framework (Identify, Protect, Detect, Respond, Recover)
• Implemented CIS Critical Security Controls prioritization
• Maintained risk register with risk treatment plans and acceptance workflows
• Established evidence collection process for audit readiness
• Passed external security audits with zero critical findings
• Reduced audit preparation time by 60%

Challenge

Lack of visibility into security posture for leadership, making it difficult to demonstrate value and secure budget approval.

Solution

Developed executive-level security dashboards with actionable KPIs and trend analysis for data-driven decision making.

Key Metrics Delivered

• SOC metrics: MTTD, MTTR, alert volumes, false positive rates
• Vulnerability metrics: Open vulnerabilities by severity, SLA compliance, remediation trends
• Incident metrics: Incident counts by type, severity, and containment time
• Training metrics: Completion rates, phishing click rates, security champion engagement
• Risk metrics: Top risks, risk treatment status, residual risk levels
• Enabled data-driven security investment decisions
• Improved C-level visibility into security posture

Challenge

Aging on-premises infrastructure with high maintenance costs, limited scalability, and complex disaster recovery requirements.

Solution

Designed and executed a phased migration strategy using AWS Application Migration Service (MGN) for lift-and-shift migration, followed by modernization initiatives.

Key Accomplishments

• Migrated 500+ Windows/Linux servers to AWS EC2
• Deployed AWS Workspaces for secure remote workforce access
• Implemented automated backup and disaster recovery using AWS Backup
• Configured S3, FSx, and RDS for storage and database needs
• Established AWS Systems Manager for patch management
• Zero downtime during migration with careful cutover planning

Challenge

Post-migration AWS costs at $60K/month with overprovisioned resources, underutilized instances, and no cost governance.

Solution

Conducted comprehensive cost analysis and implemented optimization strategies including rightsizing, reserved instances, spot instances, and automated resource management.

Key Accomplishments

• Reduced monthly AWS costs from $60K to $40K (33% savings = $20K/month)
• Implemented instance rightsizing based on CloudWatch metrics
• Purchased reserved instances for steady-state workloads
• Automated stop/start schedules for non-production environments
• Established AWS Cost Explorer dashboards and budget alerts
• Created cost allocation tags for departmental chargeback

Scope

Extensive experience managing Windows Server ecosystem across all major versions from legacy Windows 2000 through modern Windows Server 2022, supporting enterprise infrastructure for 10,000+ users.

Key Accomplishments

• Deployed and maintained Windows Server 2000, 2003, 2008, 2012, 2016, 2019, 2022
• Configured Group Policy Objects (GPO) for enterprise security, compliance, and user/computer policies
• Managed DNS and DHCP services for enterprise network infrastructure
• Administered Microsoft Intune for cloud-based endpoint management and mobile device management
• Managed Azure AD/Entra ID for modern identity and authentication
• Deployed and maintained SCCM/ConfigMgr for software deployment, OS imaging, and compliance
• Configured WSUS for on-premises patch management
• Implemented AWS Systems Manager (Patch Manager) for hybrid cloud patching
• Managed DFS (Distributed File System) for file replication and namespace
• Implemented server hardening and security baseline configurations

Scope

Comprehensive management of enterprise virtualization infrastructure with focus on high availability, disaster recovery, and resource optimization.

Key Accomplishments

• Managed VMware ESXi/vSphere clusters (6.x, 7.x) with 200+ VMs
• Administered Nutanix hyper-converged infrastructure (AHV)
• Configured vMotion, DRS, and HA for workload balancing and failover
• Implemented Veeam Backup & Replication for VM protection
• Set up disaster recovery site with VM replication
• Performed complex migrations: P2P, P2V, V2V, V2C (Physical-to-Physical, Physical-to-Virtual, Virtual-to-Virtual, Virtual-to-Cloud)
• Optimized resource allocation and VM rightsizing
• Managed storage provisioning (SAN, NFS, vSAN)
• Implemented virtual networking with distributed switches

Challenge

Complex identity management across on-premises AD and cloud services with growing security and compliance requirements.

Solution

Architected and maintained hybrid identity infrastructure with Azure AD Connect, implementing security hardening and conditional access policies.

Key Accomplishments

• Managed multi-domain AD forest for 3,000+ users
• Implemented Azure AD Connect for hybrid identity sync
• Configured Group Policy Objects (GPOs) for security hardening
• Set up LDAPS and secure authentication protocols
• Deployed LAPS for local admin password management
• Integrated with SIEM for AD security monitoring

Scope

End-to-end administration of Microsoft 365 services supporting organization-wide communication and collaboration needs.

Key Accomplishments

• Administered Exchange Online mailboxes, distribution lists, and mail flow rules
• Configured email security with anti-spam, anti-phishing, and safe links policies
• Managed SharePoint Online sites and permissions
• Deployed Microsoft Teams for enterprise collaboration
• Implemented DLP policies for sensitive data protection
• Configured retention policies and eDiscovery for compliance