Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Timeline
Generic

B. SATHISH

Chennai

Summary

Professional Summary

Dynamic information security professional with 20 years of comprehensive IT industry experience, including over 13 years specializing in Threat and Vulnerability Management and policy compliance. Expertise includes leveraging advanced tools to assess and mitigate security risks, supported by a proven track record of developing and implementing robust security strategies aligned with organizational objectives. A collaborative approach enhances overall security posture while navigating complex cyber landscapes. Recognized for delivering results in fast-paced environments, ensuring compliance with industry standards, and safeguarding critical assets against evolving threats.

Overview

21
21
years of professional experience
1
1
Certification

Work History

Cybersecurity Manager

Cognizant Technology Solutions
04.2022 - Current
  • Responsible for managing compliance programs across servers, databases, and cloud environments.
  • Perform leading audits, drive remediation efforts, and collaborate with cross-functional teams to maintain a robust security posture.
  • Implement and maintain compliance policies for Windows/Linux servers and enterprise databases (Oracle, SQL Server, MySQL, PostgreSQL, MongoDB, Pivotal Greenplum, IBM DB2, Azure MI & PAAS) as per CIS benchmarks.
  • Conduct regular audits to ensure adherence to security baselines and regulatory requirements.
  • Collaborate with IT and Security teams to remediate non-compliant configurations and vulnerabilities.
  • Prepare compliance reports for internal stakeholders and external audits.
  • Maintain hardening documents for server and database technologies.
  • Manage policy exceptions for servers and databases, ensuring proper documentation, risk assessment, and approval workflows.
  • Develop and maintain an exception register to track deviations from compliance standards and monitor remediation timelines.
  • Collaborate with stakeholders to evaluate business justification for exceptions and align them with risk tolerance levels.
  • Implement automated alerts for exception expiry and renewal to maintain compliance posture.
  • Conduct periodic reviews of approved exceptions to ensure timely closure or renewal based on updated security policies.
  • Work with audit teams to provide evidence of exception handling during internal and external compliance audits.
  • Lead end-to-end vulnerability management programs, providing expert guidance to clients on risk identification, assessment, and remediation strategies.
  • Deliver tailored vulnerability management solutions for diverse industries, aligning security strategies with business goals and regulatory requirements.
  • Conduct comprehensive risk assessments and vulnerability scans, identify critical vulnerabilities, and advise clients on risk prioritization and mitigation.
  • Design and implement security strategies that enhance threat visibility, reduce attack surfaces, and optimize vulnerability remediation workflows.
  • Partner with IT, security operations, and development teams to ensure seamless integration of vulnerability management processes across client environments.
  • Prepared and delivered clear, concise reports and presentations for C-suite executives, providing high-level security insights, vulnerability trends, and remediation progress.
  • Conducted periodic vulnerability scans across the organization's systems and networks, ensuring comprehensive identification of potential vulnerabilities. Provide detailed, actionable reports outlining the findings for further analysis and remediation.

Senior System Administrator

MFX Infotech Pvt. Ltd.
02.2018 - 04.2022
  • Was responsible for vulnerability scanning and tracking remediation of identified vulnerabilities in the corporate environment.
  • Led and performed Information Technology audits and risk assessments for infrastructure assessments.
  • Managed reputation management score for the organization along with threat-driven activities.
  • Was responsible for vulnerability scanning (Qualys, Nessus) and tracking remediation of identified vulnerabilities for the entire corporate environment.
  • Managed external audits and the recertification process.
  • Analyzed emergency advisories released by different OEMs and provided recommendations to the operations team for remediation.
  • Tracked real-time emergency and critical vulnerabilities on a daily basis until closure.
  • Initiated the Get-to-Green project to drive closure for critical, high, and medium vulnerabilities in the corporate environment.
  • Initiated internal projects for tracking EOL/EOS vulnerabilities remediation/upgrade with the risk management process.
  • Initiated internal projects to remediate zero-day vulnerabilities with compensating controls and workarounds.
  • Was involved in risk analysis for vulnerabilities that the operations team could not remediate within SLA.
  • Managed tools such as Qualys and Tenable.io, performing internal audits monthly to verify that each user had the correct level of access to the Qualys console.
  • Integrated ServiceNow with Qualys Guard (Vulnerability Management Module).
  • Suggested dashboards in ServiceNow for tracking emergency and critical vulnerabilities daily, which was highly appreciated by management.
  • Proactively provided solutions and suggestions for queries raised by technical support groups in fixing reported vulnerabilities.
  • Attended weekly and monthly review calls to discuss BAU activities.
  • Managed vendors like BitSight, Security Scorecard, and Shodan, and continuously monitored perimeter IPs.
  • Drove a project to improve the reputation score after a security incident.
  • Documented operations, reputation management, and critical/emergency vulnerability treatment processes.
  • Standardized job tasks and trained junior team members on industry best practices and standards.

Associate Consultant

HCL Technologies Private Limited
08.2013 - 01.2018
  • Worked as an Associate Consultant – Windows/VMware L3/Security Patch Management, leading the virtual environment of overseas customers with more than 250+ ESXi hosts, 4 vCenters, Citrix XenApp, and standalone HP/HP blade servers.
  • Managed Windows and VMware virtualization environments.
  • Had hands-on experience with patch management tools such as SCCM, WSUS, ManageEngine, and PDQ.
  • Took responsibility for managing the end-to-end vulnerability management workflow.
  • Provided technical support to system and technology owners to propose mitigation and remediation solutions.
  • Performed patch management for virtual environments (ESXi, vCenter) using VMware Update Manager.
  • Conducted daily, weekly, and monthly customer calls to review BAU and project work on SLA, incident management, and problem management.
  • Worked on incident reduction and dynamic automation to minimize repeated issues and optimize resource utilization.
  • Managed HP/HP Blade series servers, including firmware updates and memory upgrades.
  • Participated in Tech Bridge for high-severity calls (P1 & P2) and mentored team members on technical challenges in virtualization environments while providing technical training.
  • Performed Doer-Checker validation on all change requests.
  • Created run books, SOPs, and knowledge base articles for known issues.

Lead Infrastructure Engineer

Mphasis an HP Company
04.2010 - 07.2013
  • Worked as a Windows consultant managing overseas customers, including VMware vSphere 5.5/5.1 with more than 400 ESXi hosts.
  • Administered and migrated vCenter 5.X / ESXi 5.X, 4.X.
  • Monitored performance of the virtualization environment and performed troubleshooting.
  • Managed capacity and resolved problems in the virtualization environment.
  • Managed VMware High Availability with Dynamic Resource Scheduler.
  • Handled and implemented new environment setups on VMware.
  • Created technical documents as per project requirements.
  • Upgraded hardware on ESXi servers to meet workload demands.
  • Handled incident tickets, requests, and changes.
  • Maintained servers with health checks (quarterly, annually) for compliance.

System Administrator

Wipro Technologies Pvt Ltd
01.2006 - 03.2010
  • Worked as a Windows consultant managing overseas customers with more than 400 physical and virtual servers and 50 ESX/ESXi hosts.
  • Remotely accessed and resolved all OS and application-related issues on the servers.
  • Performed regular maintenance of servers, including service pack and OS-related patch upgrades using WSUS.
  • Conducted AD restorations using Authoritative and Non-Authoritative modes.
  • Troubleshot FSMO roles and performed transfer and seizing according to the situation.
  • Monitored file, backup, application, and print servers and escalated issues to the onsite support team when required, along with a corrective action plan.
  • Managed and troubleshot application software such as DoubleTake, SiteScope, and HPSIM.
  • Administered the maintenance of Windows 2000 and Windows 2003 servers.
  • Installed important security and functionality patches to maintain optimal protection against intrusion and ensure system reliability.

Project Engineer

Precision TechServe Pvt Limited
06.2005 - 12.2005
  • Maintained the Backup server by scheduling daily/weekly backups with Veritas Software.
  • Maintained the Symantec Ghost 6.5 imaging Multicast Server and loaded ghost images to client machines.
  • Maintained the Antivirus Parent server and updated the required patches to sustain a virus-free network.
  • Coordinated with the respective vendors to resolve hardware queries such as motherboard problems, leased line issues, and printer servicing.
  • Installed necessary software and utilities for the users.
  • Performed PC and network troubleshooting in a network environment.
  • Installed and configured Lotus Notes Client.
  • Troubleshot HP, DELL, and Compaq PCs and laptops.
  • Resolved client problems through remote control.
  • Determined and scheduled priorities as required to progress engineering work.

Education

Bachelor’s in Engineering - Electrical Electronics Engineering

St. Joseph's College of Engineering
Chennai
05-2002

Skills

  • Vulnerability Assessment
  • Technical Troubleshooting
  • Risk Assessment
  • Exception Management
  • Project Management
  • Server Hardening
  • Database Security
  • Compliance Frameworks (ISO 27001, NIST, CIS)
  • Compliance Documentation & Reporting
  • Stakeholder Communication
  • Audit Support & Evidence Gathering

Accomplishments

  • Client Value Recognition Award
  • Cognizant Coral Award - for outstanding support provided in DB compliance
  • Best Team Member Award
  • Base image certification done for server OS and DB technologies
  • Reduced compliance gaps by 98% through proactive monitoring and remediation. with accuracy and efficiency.
  • Successfully passed [3] external audits with zero major findings.
  • Documented compliance reports for internal stakeholders and external audits.

Certification

  • CISM
  • Qualys Certified Professional
  • Certified Ethical Hacking (CEH)
  • MCSE
  • ITIL



Timeline

Cybersecurity Manager

Cognizant Technology Solutions
04.2022 - Current

Senior System Administrator

MFX Infotech Pvt. Ltd.
02.2018 - 04.2022

Associate Consultant

HCL Technologies Private Limited
08.2013 - 01.2018

Lead Infrastructure Engineer

Mphasis an HP Company
04.2010 - 07.2013

System Administrator

Wipro Technologies Pvt Ltd
01.2006 - 03.2010

Project Engineer

Precision TechServe Pvt Limited
06.2005 - 12.2005

Bachelor’s in Engineering - Electrical Electronics Engineering

St. Joseph's College of Engineering

Similar Profiles

CREATE PROFILE
B. SATHISH