Durgesh Gaurav

Cyber Security Threat Enthusiast

Diligent and results-driven Cyber Threat Intelligence professional with a proven track record of effectively analyzing and mitigating complex cyber threats. Dedicated to providing actionable intelligence that empowers organizations to proactively defend against potential cyber-attacks.

About Me

Objective

Committed to staying ahead of evolving cyber threats and contributing to the enhancement of cybersecurity strategies in a dynamic and ever-changing threat landscape.

Pesonal Project



RESEARCH WORK

Virtual Security Assistant - Automated Security : The purpose of the project is to create a secure cyberspace through cyber security automation. The research focuses on the reverse engineering of the malware and attack techniques for identification and neutralization to maintain a safe cyber environment by creating a better protection technique to automate cyber self defense.

What I Do ?

  • Threat Modeling
  • Threat Research
  • Dark-Web Investigation
  • Threat Hunt
  • Threat Emulation & Simulation
  • MITRE Framworks & Threat Models
  • Malware Analysis
  • Penetration Testing
  • Host & Network Forensics
  • Cryptography
  • Vulnerability & Risk Assessment
  • Incident Response
  • MITRE ATT&CK
  • MITRE DeTT&CK
  • MITRE D3FEND
  • MITRE ATLAS
  • MITRE FIGHT
  • OWASP
  • Attack & Surface Vectors
  • YARA, Snort and Sigma


My Book

Book



Book Titile - "Learn how to defend against cyber crimes, in just one day"

The book covers the basics of cyber security. It is written for all audiences to help them understand how to identify, take precautions and appropriate actions to defend themselves against cyber security threats. The soul purpose of the book is to spread cyber security awareness and create a secure cyberspace for everyone. The book focuses on several techniques, concepts, and tools to perform defensive measures against cyber-threats and cyber-crimes.


Download

download my book

Resume

Professional Experience

  • 2024-Present

    Threat Researcher

    Dish Wireless (An EchoStar Company) Responsibilities

    Lead end-to-end intelligence cycle operations:

    Deep research on threat actors, cybercriminals & fraud, IABs, TTPs, disseminate intelligence to stakeholders.

    Assist security operation center on threat hypothesis and detection techniques.

    Research on emerging 5G/telecom/ICS/OT, AI (Artificial Intelligence), Supply chain, and Quantum security threats.

    Establish partnership for intelligence sharing with internal /external partners (GSMA/MITRE, Private companies etc.).

    Architect and govern intelligence workflows for emerging threats, data ingestion, processing threat identification.

    Actively contribute to the development of tools, leverage LLMs/AI for workflows/security, frameworks, services, and guidelines to analyze and respond to threats, and support operational functions on CTI matters (DFIR, SOC, etc.)

    Periodically assess, mentor and evaluate emerging CTI-related products, intelligence data and platforms, and be SME.

    Conduct threat research using open- and closed sources, and maintain Intelligence KBs to effectively track known TTPs, detection coverage, and response/mitigation recommendations associated with specific threats and adversary tradecraft

    Author and deliver executive-level threat intelligence briefings and provide curated intelligence to support operational functions, such as Threat Hunting for executing threat hunting missions and Detection Engineering.

    Consume and analyze technical-oriented Threat Intelligence from a variety of sources (e.g. social media, blog posts, intelligence reports, sandbox output, partner sharing, internal detections, etc.) to track and report on the evolving threat landscape, e.g. TTPs

    Researching and analyzing malware, attack campaigns, threat groups, vulnerability intelligence, supply chain threats, and their tactics, techniques, and procedures (TTP) as observed in the threat landscape

    Assist incident responders, threat hunters, and intrusion analysts in pivoting network, log, and endpoint data in the investigation of targeted attacks and serious profiteering campaigns against mnemonic customers.

    • 2023-2024

      Sr. Security Engineer

      Tesla Responsibilities

      Research and analyze the latest attacker techniques observed via various INTs (OSINT, SMI/SOCMINT, TECHINT) and prescribe actions that resulted in improved security

      Collaborate with cross-functional teams to improve the organization's security posture and implementing countermeasures based on research findings

      Research and take immediate actions on supply chain cyber threats involving internal and external security infrastructure

      Identify potential IOCs, develop hypothesis and hunt for potential threats

      Prepare threat reports and share with the concerned stakeholders on daily, weekly and monthly basis

      Highlighting major threats and vulnerabilities with security recommendations

      Provide detection and response using various security monitoring and automation tools e

      g

      , SIEM, SOAR, EDR, etc

      Work with NOC, IT and various business units to triage and remediate detected security incidents and alerts

      Conduct in-depth investigation of alerts. Perform analysis and correlation of network traffic, OS and application-level events/logs. Threat Hunting activities during the active incidents

      Prioritize threat alerts to conduct investigations based on the threat severity

      Perform Threat Modeling to assess security posture and provide action-based recommendations

      Analyze and extract IOCs to trace threat infrastructure/malicious tool kits

      Signal and alert tuning in collaboration with the Detection and Splunk teams

      Capture malware and perform analysis to identify malware capabilities

      Create new and maintain existing security operation standards, procedures, playbooks to investigate

      Analyze security events, logs and report on threats and incidents across various platforms and environments

      Continuous tuning and improvement of the existing security signals, detection rules and alerts to improve detection and response time to reduce incident impact

      • 2019-2023

        Threat Analyst

        Fortinet Responsibilities

        Researched and developed system(s) to capture active zero-day threats and assess adversary latest TTPs

        Monitored Dark/Deep web for sensitive information, adversary activities and potential threats to infrastructure

        Leveraged MITRE ATT&CK, Diamond, Pyramid of Pain, Cyber Kill Chain, and STRIDE models for threat investigations

        Hunted, investigated, and identified IOCs and IOAs to identify threats/threat actor TTPs in the environment

        Helped improve threat detection by providing latest adversary TTPs to relevant stakeholders

        Leveraged OSINT, SMI/SOCMINT, and TECHINT solutions to obtain/investigate intelligence

        Conducted threat emulation and simulation to identify security gaps and remediated security issues

        Identified infection/attack vectors and assess impact of intrusions

        Performed incident identification, triage and provided response to the incidents

        Developed Digital Forensics, Network Forensics, Incident Response plans and procedures and performed incident investigations

        Identified, collected, and analyzed digital evidences

        Conducted investigations on security incidents

        Performed malware analysis and analyzed threat capabilities

        Analyze malicious traffic and IOCs to perform correlation to attribute threat actors

        Research, analyze, and provide reports on attacker campaigns as required

        Written YARA and Sigma rules

        Manage and consolidate the cyber threat data sources, compile reports and provide regular consultation and threat briefings to stakeholders

        Tested and analyzed vulnerabilities reported in Fortinet products

        Assess the impact of the vulnerabilities

        • 2018-2019

          Information Security Analyst

          Pacific Gas and Electric (Contractor) Responsibilities

          Ensured customer and employee data security against threats

          Conducted SIEM scans and generated dashboard/reports

          Scanned and Identified IOCs and IOAs

          Performed threat analysis using MITRE ATT&CK framework, Pyramid of Pain, and Diamond model

          Assisted Cyber Kill Chain defense against APTs emulations

          Leveraged cyber threat modeling techniques to identify malicious threats and malicious activities

          Analyzed network traffic for malicious and/or abnormal activity for attack vectors

          Identified adversary's TTPs for technical mitigation strategies to prevent, control, and isolate incidents

          Performed malware analysis using various malware analysis methodologies

          Assisted architecture design and review for CCPA integration using data anonymization

          Performed digital forensics to identify suspicious malicious evidence

          Assisted intrusion detection and prevention techniques

          Performed log analysis and identified malicious activities

          Conducted data loss prevention and implemented appropriate measures

          Analyzed potential security violations to identify false positives and policy violations with immediate remediations

          Identified vulnerabilities via penetration tests to report the issues

          Prioritized data loss scan on repositories based on pre-defined criteria and policies

          Created risk matrix as per defined guidelines

        • 2011-2015

          Sr.Software Engineer

          Apace technology, Ghaziabad, UP, India Responsibility

          Assisted in gathering requirements, developing and testing software.

          Projects Undertaken

          Created a desktop inventory control and management system application using Java SE and MySQL, for controlling inventory and monitoring resources.

          Developed and delivered a small number of micro-sites using JSP, Hibernate, and MySQL for business support.

Education

  • 2016-2017

    Master of Science, Cyber Security

    Webster University, St. Louis, Missouri
    Course Projects

    Actively engaged in system security analysis, analyzed application's broken file format and rectifying errors. Regenerating evidence using digital forensics for the assigned criminal case.

    Inspecting assigned corporate breaches, identified the possible root cause, and provided solutions based on the investigation. Resulting in an improvised digital security and mitigate against further violations.

    Research Topic

    Reverse engineering impact on security and vulnerability analysis using AI/ machine learning for automated security and advanced cyber protection". The research focuses on the reverse engineering of the malware and attack techniques for identification neutralization, and response to maintain a safe cyber environment by creating a better protection technique or standard against threats and vulnerabilities.

    Personal Project

    "Virtual Security Analyst" In-progress, developing a self-defending network and system application which is capable of making self-decisions to execute protection against suspicious activities or intrusions using AI/ machine learning.

    Cyber Security active engagements

    Actively involved in cyber security groups and conferences i.e, STL Cyber Meetup, Mastercard STL Cybercon, Gateway2cybercity for updated techniques and technologies.

    Volunteer Work

    Secretary, Webster finance and investment club.

  • 2007-2011

    Bachelor of Technology, Eletrocnics and Instrumentation Engineering

    Galgotias College of Engineering & Technology, Greater Noida, U.P. India Course Projects

    Developed a device called 'Talking Hand' to be used as a speaking medium by the people suffering from Aphasia (speaking disability), involving a micro-controller and voice processor as controlling elements.

    Designed a robot which could be controlled and operated by an insect instead of a micro-controller, based on "Biomimetics" and intended for disaster recovery operations to save human lives.

    Developed an electro-mechanical arm, functions to detect and pick up metals for multiple uses.

    Volunteer Work

    President (2010 - 2011), Rotaract Club Society, organizing various health-related events to spread life-saving information.

Expertise

Threat Modeling
Threat Research
Dark-Web Investigation
Threat Emulation & Simulation
Kill Chain & Threat Models
Host & Network Forensics
Malware Analysis
Penetration Testing
Network, File, & Log nalysis
Incident Response
Cryptography
Vulnerability Assessment
Risk Assessment
MITRE Frameworks
Metasploit
OWASP
Threat & Surface Vectors
YARA, Snort and Sigma Rules
Python
SIEM
EDR/XDR

Pro-Active

Motivated

Team Player

Dedicate

Posts

I'm available

Hire Me

Get in touch

Send me a message


For any information, questions, or concerns please write me at durgesh@durgeshgaurav.com
Location San Francisco, CA 94105