F-201, Phase-I, New Palam Vihar, Sector 110, Gurugram, Haryana-122017
CS/TC05
Dr. Rajesh Kumar Pal
Founder & Director, Mobisec Technologies Pvt. Ltd.
20+ years, Cyber Security, Mobile Security, Data security, VAPT, SecOps, Risk Mitigation & Security Compliance, Cyber Security Audits, Cybersecurity Products Design & Development
A cybersecurity leader with proven record of excellence, innovation, and development-cum-implementation of information security products and services. As former Director of IAF-CERT (Indian Air Force- Computer Emergency Response Team), experienced in defending against real cyber attacks from adversaries, and leading teams of cybersecurity professionals involved in cybersecurity operations, cyber incident response handling & cyber deterrence operations.Possesses expertise in software design, development, cloud infrastructure, vulnerability analysis, penetration testing, risk mitigation and cyber security audits.
Educational Qualification
| Technical / Management / Specialised degree |
Institutional Details | Branch / Program | CGPA / Scores / Grades |
Year |
|---|---|---|---|---|
| Ph.D | IIT Delhi | Computer Science | 8.42 | Aug 2015 |
| Business Management | IIM Indore | General Management | - | Mar 2022 |
| Master of Science | Masaryk University, Brno, Czech Republic | Information Technology Security | Ex | June 2016 |
| M. Tech | IIT Kharagpur | Computer Science & Engineering | 9.34 | June 2008 |
| B.E | SGGS Govt College of Engineering & Technology, Nanded | Computer Science & Engineering | 74.8% | July 1999 |
Domain Expertise
Core Competency
Cybersecurity, mobile security, data security, vulnerability analysis and penetration testing, risk mitigation & security compliance, security audits, cybersecurity products design & development (Software, JavaCard, Embedded)Complimentary Competency
- Cryptography (Encryption, Authenticated Encryption, Digital Signatures).
- Operating Systems (Linux, Android).
- AWS Cloud Infrastructure.
- Cybersecurity awareness talks/lectures.
Professional Certifications
Software Project Management
IBM Rational Software Development Tools
As team CyberMantra got selected in top 12 teams to receive prize for Idea stage in the first Cybersecurity Grand Challenge organised by Meity and DSCI. Results declared by honourable minister of IT on 18 Nov 21. (Refer https://innovate.mygov.in/cyber-security-grand-challenge/)
Received Certificate of Excellence for innovation and improvement of cybersecurity posture in IAF from the honourable Prime Minister of India in Oct 2019.
Received Keshav K Parhi award for best M.Tech. thesis among all branches at IIT Kharagpur in 2008 for Secure File System for Linux OS.
Unique Expertise
- Formulation of cybersecurity solutions offerings.
- Cybersecurity trainings to engineering students/ graduates/ working professionals.
- Mobisec product offerings such as mobiSCAN and mobiHEAL.
Consultancy/Execution Area
- Commissioning & operationalization of Security Operations Centre, Security Testing Labs, and Incident Response Handling Centres (CERT).
- Cybersecurity product design, development and roll out.
- Vulnerability assessment and penetration testing of web applications and mobile apps.
- Cybersecurity audits of enterprise networks/ infrastructure/ systems.
- Cybersecurity Operations (defensive and deterrence operations).
- Cybersecurity trainings.
Professional Experience
| Domain | Experience
(Total years / Details - last 5 years) |
Key Areas of Expertise | Contribution/Role | Remarks |
|---|---|---|---|---|
| Cybersecurity product development | Expertise in spearheading cybersecurity product development and implementation programs. Led and supervised in-house development of Remote Audit Tool (a human-intervention-free real-time endpoint security auditing tool), smartphone security scanner, and web-based platform for software vulnerability assessment. RAT is used on 65K+ computers/ servers in IAF. | Cybersecurity product development and roll-out | Program management, design, development & quality reviews, problem resolution, delivery and team grooming.
Conceived projects to fulfil gaps towards a robust security posture. |
|
| Cyber Security Operations | Experienced in leading and managing security operations centre and cyber incident response teams at Indian Air Force. | Cybersecurity leadership Commissioning & Operations of SOC and CERT | Led and managed the teams involved in security operations and cyber incident handling.
Established processes and procedures to achieve maturity. |
Former Director IAF-CERT (Indian Air Force Computer Emergency Response Team) from 2016 to 2021. |
| Governance | Formulated cybersecurity policy and represented in cybersecurity forums/ bodies. | Formulated cybersecurity policy and represented in cybersecurity forums/ bodies. | Key member of the team that formulated cyber security policy of IAF after deliberations with stakeholders.
Contributed towards formulation of Defence Cyber Agency. |
|
| Compliance Audit & Risk Mitigation | Accomplished in cyber security audits of critical information infrastructures such as Data Centres and Network Operation Centres. | Cybersecurity audits of critical infrastructure and corporate network/ systems | Risk identification, validation and mitigation. | |
| Mobile Security | Expertise in mobile app security, Android threat model, and mobile threat defence. | Expertise in mobile app security, Android threat model, and mobile threat defence. | Developed manual & automated framework for App security testing. Android App development. | |
| Vulnerability Analysis and Penetration Testing | Competence in Vulnerability analysis and penetration testing of web applications, mobile apps, executables and hosts/ servers in typical enterprise network. | VAPT | Conducted hands-on VAPT and reviewed team results. | |
| Security Operations | Led cybersecurity deterrence operations, intelligence gathering, red-teaming, CTFs, and cybersecurity table top team exercises. | SecOps | Led & participated in security operations, CTFs & exercises. | |
| Forensics & Malware analysis | Experienced in cyber forensics, malware analysis, and reverse engineering. | Analysis & reverse engineering of exploits | Analysis of malware obtained from Internet facing machines. | |
| SaaS, SaaI | Proficient in AWS cloud infrastructure creation and deployment. | Cloud infrastructure creation | Created, operationalised & optimised infra for an enterprise. |
| Domain | Experience | Areas of Expertise | Contribution/Role |
|---|---|---|---|
| Rational Suite | 5 yrs | RequisitePro, RSA, ClearQuest, Functional & Performance Tester, AppScan | Implementation of Software Development Lifecycle and Certification Centre at Dte of IT in IAF and roll out of enterprise grade applications through it. |
| Programming | 20 yrs | C, Python, Java, Kotlin, JavaScript, ReactJS, PHP, MySQL, Shell scripting, PowerShell | Data structure design and programming in various languages. Development of enterprise grade applications. |
| AWS Cloud Infrastructure | 5 yrs | lambda functions, S3 buckets, Route 53, API Gateways, DynamoDB, Quicksight, Amplify, etc.) | Web servers, database servers, REST API & dashboard with high availability and resilience features. |
| SIEM / Log Management technologies | 5 yrs | IBM Qradar / Arcsight SIEM | Deployment architecture optimisation with extensive source devices integration, operationalisation and utilisation in security monitoring. |
| Cyber Deterrence | 7 yrs | Kali Linux, BurpSuite, Metasploit, Nmap, wireshark, nikto, aircrack-ng, etc | Performed vulnerability analysis and penetration testing of networks and servers in Ops & exercises. |
| Network Intrusion Prevention Systems | 5 yrs | Bro / Snort | Deployment architecture optimisation with extensive source devices integration, operationalisation and utilisation in security monitoring |
| AI/ ML Python Libraries | 5 yrs | Numpy, Pandas, Keras, TensorFlow, TensorFlowLite | ML model for phishing detection in SMS on mobile phones. Model refinement in cloud using federated learning |
| Incident Response | 5 yrs | FireEye EDR | Security monitoring of endpoints, filtering of clients based on IoCs, incident handling, response and mitigation |
| UTMs/ Firewalls | 7 yrs | Fortinet / CyberRoam / Symantec | Consolidation of 110+ UTMs in hub-spoke architecture, central policy administration, and endpoint device monitoring |
| Digital Forensics & Malware Analysis | 5 yrs | Encase / Volatility / Remnux | Forensics of Windows and Linux computers and mobile phones. Process, memory and storage analysis. |
| Anti-malware | 7 yrs | F-Secure / McAfee | Centralised policy administration and monitoring of malware, USB devices whitelisting, user violation detection and control. |
| Network Admission Control | 5 yrs | Forescout /CISCO ISE | Endpoint security control and admission. Detection of rogue endpoints & their isolation. |
| Vulnerability Assessment platforms | 5 yrs | Nessus / Qualys | Vulnerability assessment of network segments and servers deployed in Data Centres. |
| Application Security testing | 5 yrs | Accunetix / Rapid 7 / IBM AppScan / Drozer / MobSF | Security testing of web applications and mobile apps |
| Encryption | 7 yrs | openssl | Custom encryption schemes and protocols. Authenticated encryption algorithm implementation on JavaCard. |
| Disk Encryption | 5 yrs | Veracrypt /Bitlocker | Data security implementation on 65K + endpoints in AFNET. |
| Data loss prevention | 5 yrs | McAfee | Data loss prevention mechanism implementation. |
- Published six scientific IEEE papers in journals/ conferences of international reputation with around 40 citations (https://scholar.google.co.in/citations?user=yYow2v0AAAAJ&hl=en). The latest being in Euromicro Conference:
- R. K. Pal, "Authenticated Encryption Schemes on Java Card," 2019 22nd Euromicro Conference on Digital System Design (DSD), 2019, pp. 238-245, doi: 10.1109/DSD.2019.00043.
- Prize winner in the Idea stage (among top 12 teams) in the first Cybersecurity Grand Challenge organised by Meity and DSCI.(Refer https://innovate.mygov.in/cyber-security-grand-challenge/ and https://www.hindustantimes.com/india-news/it-minister-to-felicitate-cyber-security-grand-challenge-winners-101637205240881.html)
