Things I am good at
Establishing cross departmental secure development, technical roadmaps and technology adoption oversight. Providing support to product teams charged with design and development of secure applications, systems and software for automotive controllers and supported infrastructure which includes Web Application, APIs.
Currently I am working with Automotive OEM's, Suppliers and Tier-1 company to setup
Cybersecurity Process (SAE J3061 / ISO 21434) by perfoming gap analysis on exiting process and methodologies
I perform Threat Analysis and Risk Assessment and derive implementable security requirements and verify implementation by conducting security analysis on System level. I also perform Penetration testing on Automotive Devices.
My first security experience was solving a CTF and finding SQL Injection on a public portal. Penetration Testing and Secure Code Analysis are my daily driver. I have experience performing Penetration testing on Embedded Devices, Web Applications, Hosts, Infrastructure, Thick Clients.
Attacks on JTAG, individual ECU functions such as OTA software updates, feature activation or diagnostics, privilege escalation, hardening, in-car apps/services (e.g. navigation services) Analysis of CAN bus, onboard diagnostics and communication technologies (fuzzing of UDS communication), Attacks on media interfaces (USB, Ethernet, WLAN), multimedia functions (e.g. attacks via manipulated MP3 files), other connections such as NFC, Bluetooth, SD card
I have experience with wide varienty of tools and programming languages. My favourite is Python. I have also written programs in JAVA, PHP, Javascript and C. For security testing I have working experience with Kali Linux, Nexpose, Coverity, Synopsys Defensics, HPWebInspect, Wireshark, Binwalk, Radar2, wFuzz, AFL, Radar2, nmap, Ubertooth, WifiPineapple, sqlmap and more...
I like to automate and code in python.
I am proficient in secure code review (PHP, JAVA and getting my hands dirty on C, C++). I provide Tech Talks on Security topics and educate my fellow developers about security concepts and guide them about secure coding practices hearby establishing cybersecurity culture.
I'm a Senior Security Specialist at Elektrobit India. I have 7+ years of experience in Cyber Security domain. This includes 4 years in Application and Infrastructure Security, 4 years in Embedded Security (IoT, Automotive domain) and 2.5 years of Freelancing in Security testing. I'm located in Bangalore, India
May 2020 - Present
Sept 2017 - Dec 2019
April 2015 - May 2017
Jan 2015 - Present
March 2014 - Jan 2015
Aug 2013 - Jan 2014
2009 - 2013
mohitaphale@gmail.com