Graduate /
"The art of war teaches us" - Statement of Purpose for MS [3]
"The art of war teaches us to rely not on the likelihood of the enemy not coming, but on our own readiness to receive him."- Sun Tzu in The Art of War. This quote best sums up my motive to pursue my higher education in Information Security; To enable this readiness inside and outside of me.
Time and effort if put together definitely leads to success. I still remember that Friday night, I was testing a web application for security vulnerabilities as a Security Engineer at Paladion Networks. I didn't realize how the night drifted off so quickly, but finally I exploited a SQL Injection vulnerability which revealed sensitive data from the database. This experience in identifying and exploiting security vulnerabilities infused into my mind the love for security, and aspired me to apply to the prestigious Carnegie Mellon University Information Networking Institute's (CMU-INI) Master's Degree in Information Security Technology Management (MSISTM) program.
I have excelled in academics throughout my education. I had an aggregate of 96 percent in Science and Mathematics in the 12th Standard Board Examination. Being in the top 1.1 percent out of 90,000 students in Karnataka Common Entrance Test (K-CET) enabled me to gain admission into the prestigious B.M.S College of Engineering (BMSCE), Bangalore, India to pursue my Bachelors in Telecommunications Engineering where I was in top 5 percent of the class.
For my final semester project at BMSCE, as a part of 4 member team, we built a "Wireless Temperature Measurement System" (WTMS) using C programming. The aim was to solve the perennial problem of manual temperature measurement process in hospitals in India by providing automation and scalability. This project was in top 3 of all 30 projects in the department. Here for the first time, I learnt that I had a passion for research, of getting my hands dirty, fixing bugs and getting things to work. My growing research interests were well rewarded when my paper "Zigbee: A World of Tomorrow" was selected in the prestigious The Institution of Engineering and Technology - The IET India Chapter's Paper Presentation competition. It was one of the top 3 papers from a select group of 40 students.
I believe had the right mix of academia and extra-curricular activities during my undergrad studies. I was President of the prestigious BMSCE Quiz Club consisting of 20 members. It was ranked 3rd among 2000 participants in the University during my tenure. I was a part of BMSLUG (BMS Libre Software Users' Group) and had conducted various sessions and workshops, promoting FOSS across the campus. I was very motivated to bring about social change. As a Social Entrepreneur, I co-founded Samruddhi, a youth organization facilitating socio-cultural awareness in the local community of Bangalore. Conceptualized and successfully implemented 'Shramdaan', a plastic waste disposal drive in the area.
After my undergraduate studies, I was selected from college to work as Security Engineer in Paladion Networks. My role was to perform Web Application Security Assessment (Graybox and Blackbox Testing) to identify vulnerabilities in web applications, Vulnerability Assessment of multiple platforms including Windows, Red Hat Linux, Solaris, etc. Penetration testing of web applications to evaluate the presence of application security controls, Security Code Reviews for Java J2EE, Visual Basic and .NET applications to find out vulnerabilities from analyzing the code. I performed extensive Vulnerability Research in Incident Handling which culminated in a research article titled "An Attack Response Model for a Network Compromise.", published in Palisade - Online Security Magazine. The article describes Incident Handling methodology after a network compromise.
I continued my interests in Web Application Security by joining a global investment banking and securities firm, Goldman Sachs, as a part of their Technology Risk Team. I conducted Design Reviews and Security Code Reviews to identify crucial security weaknesses, Penetration Testing and Vulnerability Management. I was primarily responsible for creating the Manual Penetration Testing Framework which stressed on the need for Threat Analysis and Modeling; it gained much appreciation from the higher management. I was also part of a development project called GSBlock, which implements a dynamic blocking mechanism to prevent brute force attacks.
Along with work, I continued education in the field of Information Security. I pursued a Post
Graduate Diploma in Information Security (PGDIS) from The Centre for Development of Advanced Computing (CDAC). CDAC provides high-end research and development. The course was geared to increase the research intuit in all its participants. I also completed two research-oriented projects under Senior Research Scientists like N.Subramanian: "Forensic Analysis of a compromised Red Hat Linux System" where we performed a Timeline Analysis and recovered deleted files and another project on Cryptography called "OpenSSL Based PKI Implementation" where we had to create and issue Digital Certificates. I also conducted various mini-projects at CDAC like "Snort Alert Analysis", "Implementation of various security protocols using JAVA.". As an avid security enthusiast, I completed many security certifications like GIAC Certified incident Handler (GCIH: Secured 81 percent) from SANS Institute, Certified Ethical Hacker (CEH), ISO27001 Lead Auditor, QualysGuard Certified Specialist. These Certifications have helped me to learn eclectic mix of security topics, and has re-iterated my need to pursue this study further.
An extremely distinguished faculty, a milieu replete with academic activity and a graduate program which blends high quality course work and research facilities at the cutting edge of every sub-field are the factors which have motivated me to choose CMU for graduate studies. I am particularly interested in cross-cutting thrust areas such as Threat Analysis and Modeling and Software Security. I am intrigued by the breadth of research from Cylab and projects undertaken by Dr. Jonathan Aldrich in Software Security namely "Deep Software Assurance: Requirements, Techniques, Field Experience". Considering my vast work experience and research in Software Security, I would greatly appreciate an opportunity to work with him and his team.
In conclusion, I would like to add that the essence of University education lies in a synergy between the student and his department. I feel that graduate study at your University will be the most logical extension of my academic pursuits and a major step towards achieving my objectives as a Software Security Expert. I believe an MS, and then a PhD, followed by some research experience is the way to go in order to realize my vision. I believe that CMU is the right place to pursue my research dreams and it would be my privilege to study at such an esteemed University.