Jaison Serrao

🌟 Passionate about safeguarding Companies and Critical Infrastructure worldwide from Cyber Threats through innovative and cutting-edge techniques! 🛡️

✈️ Travelled across various countries for on-site projects in sectors including Banking, Finance, ICT, Government, FMCG, Automobile, Defense, Payment Gateway, Healthcare, Smart Cities, Cryptocurrency, and more! 🌍

🔒 Subject Matter Expert in Vulnerability Assessment & Penetration Testing (VAPT) methodologies for Web Apps, API security, Network/Infrastructure, Phishing, IoT in-vehicle, SOC Maturity, Red Teaming, Cloud Security Reviews, Mobile & Secure Source Code Review following OWASP Top 10, SOC CMM, SANS Top 25 & MITRE ATT&CK Framework. 🕵️‍♂️

🔒 Conducted Information Security Audits based on ISMS - ISO 27001, Governance, Risk and Compliance (GRC), Internal Audits, Information Risk Assessment, Application/Vendor Risk Assessments, Aadhar Audits (ASA & AUA). 📊

💼 Skillfully managed customer communication, project timelines, QA reviews, regular updates, internal resource management, and hiring. 💪

🔑 Assisting senior leadership in client pursuits by developing key client proposals which are potential wins.🎯

🔒 Executed thorough Vulnerability Assessments and Penetration Testing (VAPT) of applications, ensuring adherence to industry security standards. Implemented robust security practices into CI/CD pipelines. 🚀

🤝 Collaborated with Application owners to deliver comprehensive audit results and actionable recommendations for vulnerability remediation. 📈

Deloitte Middle East (Dubai) :- Jun 2022- Current

Participated in Business Development activities like making of Technical and Commercial Proposals, Client presentations, Financial Analysis, Billing, Conflict Checks etc.
Managing customer communication, project timelines, scoping calls, review of deliverables (QA), regular updates etc. along with internal resource management and hiring. 
Working with Application owners to deliver audit results & recommendations around fixing the reported vulnerabilities.
- Performing Cyber Security Assessment of the following :-
• Web Applications
• Network/Infrastructure Assessment 
• Phishing Assessment
• SOC Maturity Assessment
• IoT Assessment
• Red Teaming 
• Android Applications
• iOS Applications
• Thick Client Applications
• API & Web Service Security Assessment
• Secure Code Review

PwC India :- Mar 2021 - Jun 2022

Managing customer communication, project timelines, regular updates etc. along with internal resource management and hiring. 
Working with Application owners to deliver audit results & recommendations around fixing the reported vulnerabilities.
- Performing Cyber Security Assessment of the following :-
• Web Applications
• Android Applications
• iOS Applications
• Thick Client Applications
• API & Web Service Security Assessment
• Secure Code Review
• Network/Infrastructure Assessment

BDO India :- Aug 2020 - Feb 2021

Managing customer communication, project timelines, regular updates etc. along with internal resource management and hiring. 
Working with Application owners to deliver audit results & recommendations around fixing the reported vulnerabilities.

- Performing Information Security Audits of :-
• ISMS - ISO 27001 internal audits
• Information Risk Assessment
• Application / Vendor Risk Assessments
• Aadhar Audits based on ASA & AUA

- Performing Vulnerability Assessment and Penetration Testing of :-
• Web Applications
• Android Applications
• iOS Applications
• Thick Client Applications
• API & Web Service Security Assessment
• Secure Code Review
• Network/Infrastructure Assessment

Arunima Consulting :- Sep 2019 - Aug 2020

- Performing Vulnerability Assessment and Penetration Testing of :-
• Web Applications
• Android Applications
• iOS Applications
• Thick Client Applications
• API & Web Service Security Assessment
• Secure Code Review
• Network/ Infrastructure Assessment

Indian Cyber Institute:- May 2019 - Aug 2019

- Performing Vulnerability Assessment and Penetration Testing of :-
• Web Applications
• Network/Infrastructure Assessment
 

Certifications:-

1) Offensive Security Certificated Professional (OSCP)
2) Certified Ethical Hacker (CEH)
3) Certified Network Security Specialist (CNSS)

Education:-

1) MBA from Liverpool Business School
2) Post Graduation in Management from IMT Ghaziabad 
3) Bachelors in Science & IT from Mumbai University 
4) Diploma in IT from Government Polytechnic Mumbai