Professional Documents
Culture Documents
Threats represent a potential danger to the security of one or more assets or components
It is widely considered to be the one best method of improving the security of software
Yes. I can.
Since it is a sample application and few technical details were provided, A Generic threat model was
performed.
● We can see the attached Data flow diagrams and threat model diagrams based on the
provided architecture.
● Few of the common and major threats are related to Authentication, Authorization,
privilege escalation, Sensitive data exposure, and database related threats.
● All the threats were provided with their mitigations based on OWASP and STRIDE
framework.
—---------------------------------------------------------------------------------------------------------------------------------------
Self Introduction:
Hi.. Myself Amalapuram Sattibabu.
● I hold 5.2 years of experience in the information security domain, Which includes vulnerability
Assessment, Penetration testing and threat modeling.
● My first company was Radiare Software Solutions, valasarvakkam - Chennai _ and its been 5.2
years me working with organization. I joined as security consultant and now my designation is
Sr.security Consultant
● Coming to my technical skills, I am well experienced with Security assessment, Risk assessment,
for On-Prem/Cloud/Hybrid applications.
● Specialized with Web application security assessment and well familiar with multiple threat
model frameworks like STRIDE/MITRE and dread
● When it comes to tools I use, Microsoft threat modeler, IriusRisk (community edition “ threat
modeling tool , DrawiO etc in my daily work activities.
● That's all about myself
Possible Expected questions:
1. Are you working right now, If Yes why are you looking for a switch...?
I am working with Radiare Software Solutions, now with Chennai as work location and my
hometown is Andhra Pradesh.
I got to know that the current project that we are discussing is of completely remote mode and
that’s the reason I am interested towards this.
This helps me to relocate myself back to my native.
2. Are you serving notice period, If no how soon can you join..?
In our organization we have a notice period of 2 months, However If I was provided with offer, I
am willing to submit my resignation. I can negotiate and get relieving done by 2 weeks.
My current CTC is 13.4LPA Fixed and I expect something around 16LPA Fixed.
Based on the market research, someone with my experience and skill set would expect however
when I worked for the sample assessment project, I got to know the complexity and pre-defined
allocated, the efforts and time I need to invest are a bit more and the process here is too
technical.
5. How long will you stay with us/ will you go if you get any other job offer..?
It was communicated to me that this opening is a contract type, and we still have around 6
months of time to finish the project.
As of now I don't have any plans to look for another job as here we would be working in remote
mode.
I have 5.2 years of experience in cyber security. Over This experience, I found myself working in
multiple areas like Vulnerability assessment, Penetration testing and Threat modelling. I am well familiar
with tools like
Kali Linux
Burp Suite
Nessus
Fortify
Microsoft Threat Modeler
IriusRisk
STRIDE, OWASP, Mitre framework..etc
Challenges are always part of anyone’s work activities. When I was working with Vulnerability
Assessment, Penetration testing there were few challenges in working with scope of application
and slight deviations
from it in-order to achieve the testing coverage.
While working with threat modeling, we face challenges in point of getting application details
(like protocols, asset management, deployment types) from the technical team. Eventually
these can be overcome by interacting with application owners multiple times. May be due to
unavailability of team there might be delay in deliverables. Apart from this there is not much of
challenges.