Swapnil Khandekar

Summary

    Swapnil Khandekar currently serves as a Senior Trainer and Cybersecurity Analyst at Institute of Information Security and Network intelligence private limited. His work mainly focuses on Security Web Application Training, SOC, Cloud Security, Vulnerability Assessment and Penetration Testing. His technical abilities span a very wide range of technologies across Network Security, Active Directory, API Security, Web application, Mobile application, Digital Forensics, Server Security. His specialization are Cloud Security, Red Team, SOC and Digital Forensics, Web application. He has conducted various training programs in the cyber security domain successfully with hands on practical’s for Many customers of Institute of Information Security and Network Intelligence Private Limited.

Educational Qualification

  • B.E. in Electrical Engineering

Certifications

  • AWS Certified Solution Architect (Associate)
  • Certified Information Security Consultant (CISC)
  • Certified Ethical Hacker (CEH)
  • Aviatrix Certified Engineer
  • Autopsy
  • SOC Core Skill (John Strand)
  • Certified Professional Forensics Analyst (CPFA)
  • Multi Cloud Red Team(NULLCON)

Detailed Experience & Expertise

  • Network Security
    • In-depth knowledge of TCP/IP fundamentals
    • Intrusion detection, analysis, signature writing, and computer forensics
    • Worked on security for a wide range of operating systems, databases, web servers, mail servers, directory services and applications
    • Wireless Security & Exploitation
    • Good knowledge of TCP/IP fundamentals
    • Well versed with Metasploit Framework
    • Network Vulnerability Discovery and Exploitation
    • Database Security
    • Active Directory Exploitation
    • OS Security
    • Cryptography
    • Active Directory Security
  • Application Security
    • Web Application Security Assessment
    • Well versed with OWASP – Top Ten
    • Top 25 Software Error by SANS
    • Business-Logic based Application Testing
    • WAF bypassing techniques
  • Mobile Application Security
    • Well versed with OWASP Mobile Top Ten
    • Well versed with Mobile Pen-testing and Forensics Concept’s
    • Experience includes Penetration Testing Android and iOS platforms-based applications
  • Cloud Security
    • Well Versed with Cloud computing concept
    • AWS Architecture design review
    • OWASP top 10
    • CSA guidance v4
    • Cloud Pen-testing
    • Cloud Security Policy
  • Cloud Security
    • Well Versed SIEM Concept
    • Q-radar SIEM tool
    • Splunk
    • Rule creation, Reporting, Use Case creation
    • Admin task on SIEM
    • MITRE ATT&CK
  • Digital Forensics
    • Network Forensics
    • Disk Forensics
    • Live Forensics
    • Log analysis, memory analysis
    • Malware analysis
    • Email Forensics
    • Mobile Forensics
  • Red Team
    • Red Team Structure and roles, responsibilities
    • MITRE ATT&CK
    • OSINT SOCMINT
    • Persistence, Privilege escalation
    • Lateral movement, AD exploitation
    • Covering Tracks
  • API Security
    • API and its type
    • Different attacks
    • Mitigation and Best Practices

Technical Skills

    Swapnil has experience with the following technologies

  • Network Security
  • Wireless Security
  • Web Application Security
  • Cloud Security
  • Red Team
  • Cloud Red Team
  • SOC
  • Digital Forensics
  • Mobile Security
  • API Security Testing
  • HTML, Shell Scripting, Python

Interpersonal Skills

  • Have good communication skills by being a public speaker and Trainer
  • Experience in dealing with senior and middle management, system administrators, auditors, business partners, clients, customers, employees, etc
  • Ability to deliver training sessions in an interactive manner

Trainings/Seminars conducted

    He has experience with the following technologies as a trainer:

  • Trainings on Network Security
  • Trainings on Mobile Security
  • Training on Web Application Security
  • Trainings on Digital Forensics
  • Trainings on Active Directory Security Testing
  • Trainings on API Security
  • Regular In-House batches to aspiring students

    Corporate Trainings

  • Corporate training on Security Awareness
  • Corporate training on Web application Security
  • Corporate training on Network Security
  • Corporate training on Security Operation Center (L1, L2 analysist)
  • Corporate training on Cloud Security
  • Corporate training on Red Team
  • Corporate training on CMS Security