Vijendra Kalburgi

Roles & responsibilities:

Working in an interim capacity, as a Trusted Security Architecture Advisor, reporting to the CISO, with an objective to shape up Security Architecture roadmap and align

with regulatory and industry standard frameworks, for a product start-up in Abu Dhabi.

Key Outcomes:

• Zero Trust Access Management Strategy & Design for Hybrid Cloud usecases providing North-South and East-West access protection covering:
• Private access to Azure Cloud platform and product apps.
• Secure access to private services and repositories.
• Secure cloud services - AKS nodes and containers.

Cloud Security Architecture:

• Workload and Application protection - CNAPP - CASB(Cloud App Security), CSPM and policy governance.
• Endpoint protection & Security Information & Event Management - Azure Sentinel.
• Defining end-end Security Architecture blueprint that aligns to Azure Landing Zone concept for platform and application access usecases. The roadmap covers: Network and Infrastructure, Application, Data Security and Identity Access Management domains for the Organization.
• Define a repeatable, structured Security Architecture Templates/Ref Architectures stemming from a Control framework for evaluating IaaS and PaaS services within Azure Cloud that aims to highlight Gaps and articulate Threats and Risks of deploying PaaS
• Services offered by Azure, in-particular where sensitive data is involved.
• Provide Design Governance and Assurance on using M365 Services - Compliance Manager, Information Protection (Purview), Threat
• Detection and Response and IAM suite of services and Azure Services (mostly PaaS) and Third-party services ( Cisco Umbrella ),

Roles & responsibilities:

Digital Platform Program: Payments and Cards security

Led the Bank’s Payments and Cards Programs from a Security Architecture perspective, covering requirements gathering, embedding secure by design into complex business and technological solution building blocks, which includes VISA Card journeys - PCI DSS controls, and SEPA Instant Payments.

Key Outcomes:

• Designed security controls for the complex solution that covers, Network Security, Application Security: Container Security on Redhat Openshift, API Security, platform security and Core Infra Security.
• Designed multi-channel api access from mobile app covering PSD2 usecases for SCA - Oauth2 & OIDC based Authoriation patterns
• Develop Threat model for the complex application access usecases using interactive STRIDE threat assessment.

The DORA Compliance project

Key Outcomes:

• Discovery, Identification, documentation and presentation of white paper that addresses key gaps within the Security Domains Network Security, Platform/Infrastructure Security, IAM & Applications Security covering DORA compliance articles.
• White paper covering: Zero Trust Strategy that looks at all the pillars: Identity, Network, Devices, Data, and Application workloads required for aligning the DORA articles: Network Segmentation - Micro segmentation for on-premises and cloud service access, IAM covering access management for internal and external facing sensitive apps, privileged access solution, asset security integration, endpoint security - windows and Mac devices, mobile app security.
• Create PoV projects for network segmentation for North-South and East-West access, with principles such as Security through obfuscation for hiding critical bank asset via Single Packet Authorization technique for protecting North-South digital access. Key Outcomes: Define Problem Statements and scope usecases, create Business case and design for architecture review perform POC and implement technology that implements the overall design.

Cyber Program - Cloud Security Readiness & Response.

Cloud Security Architecture - aligning with SABSA framework (Contextual, Conceptual, Logical, Physical and Operational) and NIST SP 800.53 controls,

Key Outcomes:

• Security Architecture, for various usecases within the bank’s Secure-by-design forum, which includes, the bank’s Public and Private Cloud Architectures covering – MS Azure IaaS, PaaS services, with bare metal Kubernetes on Redhat Openshift Cluster; Zero Trust architecture, that looks at implementing requirements such as Dark network East-West traffic access protection using Identity based segmentation,
• Least privilege at all times, supporting both East-West and North-South traffic flows ( Tools in Use: North-South AppGate SDP And ZScaler Zero Trust Exchange, and East-West – Elisity Identity Graph).
• Develop Cloud Design Governance and Risk Management – Defining Cloud native IaaS & PaaS Security Controls definitions and Implementation of the controls through the Bank’s DevOps frameworks. Ensure that the Security Controls are aligned to the Security Architecture Framework implemented as part of the CISO’s governance framework.
• Create enterprise-wide Secure Patterns, that looks at various use cases, including, Data Security, network segmentation ( SP 800-215) and isolation; IAM – SP-800 63, application-level controls such as implementing API security with OWASP, ASVS, Mobile App, MASVS, PKI, Secrets Management, Network routing and monitoring and security requirements.
• Led efforts to achieve relevant certifications such as ISO 27001, demonstrating the organization''s commitment to maintaining a secure environment.
• Played a key role in the successful completion of multiple mergers and acquisitions by integrating disparate IT infrastructures securely and efficiently.

Cloud Security remediation project

Key Outcomes:

• Leading, Architecting, designing and engineering end-end Azure Security for a greenfield Azure cloud implementation. Tasks include, Creating Cloud Security principles, due-diligence and feasibility study (Current Architecture, Target State), Requirements management for Cloud Security domains (Azure Implementation), Creating High-Level designs and running through Architecture boards and Design Governance, Representing Information Security for such boards.
• Reduced ShadowIT with discovery of criticalapps and data usage using CASB Integration Architecture that looks at integrating services and applications for threat detection, Information protection and Discovering shadow-IT. Conditional Access App Control for securing access to Cloud Apps, aligning controls implemented with existing Cloud App Security and Conditional Access App Control policies (Session and Access Policies)
• Designing and implementing Device-based and Identity based compliance using Conditional Access Policies; Implement granular controls (via session policies within MCAS) for accessing sanctioned applications.
• Assess and produced a HLD for the use of Sentinel and the potential roadmap to migrate from existing on-premise SIEM. This includes understanding the log sources: Azure Defender for Identity (previously Azure ATP), Azure AD, Cisco Umbrella, Defender for Endpoint, UEBA aligned with these sources.
• Definition and reviewing Intune Conditional Access Policies for both Workstations (Windows 10) and Mobile Devices (Android and IOS). Intune Security Baseline policies for Win10 Security baseline and Defender for Endpoint baselines.
• Designing Azure Policy structure and designing, developing and automating Azure policies into the DevOps processes.
• Implementing DevSecOps governance framework covering: tooling, processes, coding practices, Security QA criteria definition, end-end reporting and vulnerability management. Security Testing including SAST (Sonarqube 8.6) with Jenkins for CICD (Pipelines) and OWASP ZAP for DAST as well as container scanning solutions.
• Managed relationships with external vendors, ensuring timely delivery of hardware and software solutions that met strict security requirements.

• Permanent TSB Bank, Dublin, ROI (Mar20 - Dec20) – Enterprise Security Architect – Cloud Security – AWS, Azure
• Dixons Carphone, London, UK (June19 – Mar20) – Lead Security Architect – Insurance domain – SAP and Cloud Security
• Capita PLC, London, UK (Sep18 – June19) – Enterprise Security Architect – Azure Cloud Greenfield
• Centrica Limited, Staines-upon-Thames, UK (Mar17 – Sep18) – Cloud Security Architect & DevSecOps Lead.
• Motability Operations, London, UK (Feb 15 - Feb 17) - IAM Architect designing Oracle and Sailpoint IAM solutions.
• Shell Trading, London, UK ( Sep 13 - Feb 15) - Solution Architect: Network and Cloud Program.

1. Infosys Limited, London, UK ( Jan 12 - Sep 13) - Role: Senior Consultant, Oracle IAM

2. Accenture Pvt Ltd, Bengaluru. India (Jan 10 - Dec 11) - Role: IT Security Manager – Cyber CCoE

3. Logica PLC, Reading, UK ( Jan 08 - Jan 10 ) - role IT Consultant, network and middleware.

4. Oracle India Pvt Ltd, Bengaluru, India ( Jul 05 - Jan 08), Role: Sr IT Consultant - Oracl