Security Architect

Currently I am responsible for architectural review and planning for Security Assurance, Application
Design Review, Security Process Creation. Review application designs submitted by members of various
teams, also design and increase the adoption of security-related processes, including Threat Modeling,
Code Review, Defect Resolution, etc. -Ensure appropriate knowledge transfer to enable technology teams
to design and implement appropriate safeguards. -Risk management through identifying vulnerabilities
and tracking / driving their mitigation.

There are at least three general approaches to threat modeling:

Attacker-Centric Attacker-centric threat modeling starts with an attacker, and evaluates their goals,
and how they might achieve them. Attacker's motivations are often considered, for example, "The NSA
wants to read this email," or "Jon wants to copy this DVD and share it with his friends." This approach
usually starts from either entry points or assets.

Software-Centric Software-centric threat modeling (also called 'system-centric,' 'design-centric,' or

'architecture-centric') starts from the design of the system, and attempts to step through a model of the
system, looking for types of attacks against each element of the model. This approach is used in threat
modeling in Microsoft's Security Development Lifecycle.

Asset-Centric Asset-centric threat modeling involves starting from assets entrusted to a system, such
as a collection of sensitive personal information.

Solution Architect

Provides technical and business domain throughout feature development also working on pre-envisioning
phase to development and sometimes deployment.

Building integrations based on core technology, providing feedback on product features and priorities to
the product management.

1. Troubleshooting performance, scale, availability issues for integrated solutions and debugging
Production Problems
2. Hands-on engagements to implement application also Hands-on assistance with Integration (code-
reviews, code-samples etc.)
3. Positioning technology while providing prospects/customers with a framework and methodology for
evaluating Distributed Computing technology and an assessment of product fit to the customer's
enterprise/application's architectural needs.