Avatar

Amish Patadiya

Principal Security Consultant

NotSoSecure

About Me

Amish completed his bachelor’s degree in Electronics & Communications in 2008, but developed an interest in computer hardware with engineering studies four years earlier. His key skills include web application, mobile application and infrastructure Penetration Testing. He began his professional life though working in the field of Communications managing RF links, switching afterwards to Networks and finally joining a network support team at a brokerage firm in 2010. This led to an interest in Information Security and consultancy work, where he gained experience carrying out various onsite and offsite security assessment and compliance projects.

As a Principal Security Consultant with over 13 years of expertise in the information security realm, he excels in efficiently leading teams, overseeing end-to-end client communication, and ensuring timely project delivery. His proficiency extends to conducting security assessments for various domains, including web applications, mobile applications, thick clients, and infrastructure. Additionally, He has successfully executed assessments for secure configuration reviews, secure architecture evaluations, threat modeling, and cloud security assessments.

In his free time he watches anime. 😃

Interests

  • Web & Mobile Application Assessments
  • Infrastructure Assessments
  • Secure Architecture & Config Review Assessments
  • Threat Modelling & Cloud Config Review
  • ISO 27001
  • Vulnerability Management
  • Routing & Switching
  • Building and Breaking stuff

Education

  • B.E. in Electronics & Communication, 2008

    Saurashtra University

Professional Journey

 
 
 
 
 

Principal Security Consultant

NotSoSecure

Jan 2017 – Present Ahmedabad
  • Leading a team to ensure both timely and high-quality project deliveries while maintaining continuous client communication throughout the entire process.
  • Overseeing the individual growth of team members and devising strategic roadmaps for their development.
  • Designing and implementing processes to enhance the quality of work and streamline deliveries, ultimately improving the client experience.
  • Taking charge of security assessments and leading the team in employing a comprehensive approach involving both manual and automated methods.
  • Assessments have been conducted across diverse domains, including web, mobile, thick client, infrastructure, secure configuration review, secure architecture review, threat modeling, and cloud security.
 
 
 
 
 

Security Analyst

Net-Square

Jul 2013 – Jan 2017 Ahmedabad
  • Conducting Vulnerability Assessment and Penetration Testing for Web Applications, Mobile Applications, Thick Applications, and Networks.
  • Implementing ISO 27001 compliance measures and overseeing Compliance Internal Audits.
  • Reviewing network architecture for optimization and security enhancement.
  • Managing client communication and leading teams effectively.
  • Handling Infrastructure and Security Management responsibilities.
 
 
 
 
 

Information Security Consultant

Crystal Solutions Limited

Aug 2011 – Jul 2013 Ahmedabad
  • Conducting Vulnerability Assessment and Penetration Testing for Web Applications and Networks.
  • Implementing ISO 27001 compliance measures and conducting internal audits for compliance.
  • Assessing and recommending security solutions such as Firewalls, SSL VPN, IPS/IDS, Antivirus, Proxies, Anti-Spam, and Vulnerability Assessment Scanners.
  • Researching, analyzing, and suggesting software or hardware changes to address infrastructure security deficiencies or improve security performance.
  • Communicating with clients and managing project delivery within the team.
  • Spearheading the development of a Security Operation Centre.
 
 
 
 
 

Network Support

Indusface Consulting Pvt. Ltd.

Apr 2011 – Jul 2011 Vadodara
  • Overseeing the configuration of network and network security, including firewall management.
  • Administering the Access Control System.
  • Addressing connectivity issues and troubleshooting as needed.
  • Managing the assets and maintaining an inventory list.
 
 
 
 
 

IT Executive

Angel Broking

Feb 2010 – Jun 2010 Ahmedabad
  • Overseeing network management and offering technical support to customers.
  • Maintaining and managing servers.
 
 
 
 
 

Engineer

Global InnovSource Solutions Pvt. Ltd

Mar 2009 – Jan 2010 Ahmedabad

  • I contributed to projects at AIRTEL BHARTI, specifically working with ALVARION and RADWIN devices and software. Our focus encompassed Wi-MAX and Point-to-Point communication, showcasing expertise in:

    • Wireless and RF (Radio Frequency) technologies.
    • Wi-MAX testing, installation, and survey using ALVARION equipment.
    • Point-to-Point survey and installation utilizing RADWIN devices.
    • Providing solutions for Down-call scenarios for AIRTEL BHARTI.
 
 
 
 
 

Engineer

Gemini Communication Ltd

Sep 2008 – Mar 2009 Silvassa

  • I contributed to projects at TATA Communication and AIRTEL BHARTI, engaging with TELSIMA, ALVARION, and RADWIN devices and software. Our responsibilities included Wi-MAX and Point-to-Point communication, demonstrating proficiency in:

    • Wireless and RF (Radio Frequency) technologies.
    • Wi-MAX testing, installation, and survey using ALVARION equipment.
    • Point-to-Point survey and installation utilizing RADWIN devices.
    • Offering solutions for Down-call scenarios for both TATA and AIRTEL BHARTI projects.`

Accomplish­ments

ACSA (AlienVault Certified Security Analyst)

AlienVault Oct 2012

ACSE (AlienVault Certified Security Engineer)

AlienVault Oct 2012

CEHv7

EC Council Jan 2012

ISO 27001 LA

IRCA Aug 2011

CCNA

Cisco Jan 2010

Recent Posts

Last updated on Jan 17, 2024

How to Intercept Android Studio Emulator Traffic in BURP Suite

In this blog, I and Sanjay have explained how we can capture any application network traffic in Android Studio Emulator. To begin, export the Burp certificate in the ‘DER’ format and save it to the base system, as illustrated in the following figure: Next, utilizing OpenSSL, convert the DER file to a PEM file. Afterward, rename the PEM file with the certificate hash and proceed to push the certificate to the emulator’s ‘/sdcard’ folder, as depicted in the figure below:

Last updated on Apr 2, 2021

IPv6 for Pentester

Last updated on Feb 13, 2020

Analyzing CVE-2018-6376 – Joomla!, Second Order SQL Injection

https://www.notsosecure.com/analyzing-cve-2018-6376/

Recent & Upcoming Talks

IPv6 For Pentesters
Sep 16, 2018 — Ahmedabad

Contact