ASHISH MORONE
Bhopal
Summary
Dedicated and results-driven professional with 2.9+ years of extensive experience in leading a team of Analysts and overseeing Vulnerability Assessment & Penetration Testing processes. Skilled in end-to-end management of security tools, risk management, stakeholder engagement, and compliance. Proven ability to deliver comprehensive risk postures to top management and drive continuous improvement in cybersecurity practices.
Polished in developing and implementing security plans and procedures and developing strategies to respond and recover from security breaches.
Overview
4
4
years of professional experience
1
1
Certification
Work History
Information Security Engineer
CRISIL
08.2021 - Current
- Led a team of analysts in conducting Vulnerability Assessment and Penetration Testing processes
- Procured and managed Vulnerability Assessment and Penetration Testing tools, ensuring optimal utilization and efficiency
- Managed yearly license renewals of tools and maintained constant connects with the vendors
- Regularly engaged with IT stakeholders and business heads to communicate risk postures and strategies for risk management
- Conducted Vulnerability Assessments on organization's infrastructure assets including servers, network devices, endpoints, and headless devices
- Performed Server hardening assessments on on-premise and cloud servers.
- Planned and oversaw configuration changes for security infrastructure platforms.
- Applied Center for Internet Security (CIS) benchmarks to verify performance of ongoing security measures.
- Developed presentable risk compliance decks for board meetings, providing insights into overall risk posture to top management (CISO, CTIO) and risk committees
- Assisted other InfoSec domains such as GRC, TPRM, and Exception Board in evaluating internal, third-party, and client-side risks
- Managed regular InfoSec approvals for third-party software installations and upgrades, evaluating associated risks and calculating residual risk
- Been a member of Change Control Board as one of the Approvers, evaluating changes on application and infrastructure assets for potential vulnerabilities and risks before deployment to production
- Handled internal and external cybersecurity audits for the team and tracking audit findings to closure
- Proficient in tools including Rapid7 InsightVM (Nexpose), Titania Nipper, Security Scorecard, BurpSuite, Tanium, and JFrog.
Information Security- Intern
CRISIL
01.2021 - 06.2021
- Vulnerability Assessment scanning on on-premise servers using Nexpose
- OS hardening assessment on On-premise servers using Nexpose
- Automated application scanning via BurpSuite
- Vulnerability remediation
- VA scanning tool POC.
Education
MCA -
K.J. Somaiya Institute of Management
Mumbai, MH06.2021
BCA -
IPS Academy
Indore, MP01.2018
12th -
New Wisdom Public School
Bhopal, MP10th -
St. Xaviers Sr.sec Co-ed School
Bhopal, MPSkills
- Linux
- Nexpose
- Nmap
- Metasploit
- BurpSuite
- Vulnerability Assessment
- OS Hardening
- Penetration Testing
- Software Composition Analysis
- Application security
- Decision Making
- Risk mitigation strategies
- Leadership
- Communication Skills
Accomplishments
- Received 1 CLAP recognition award in 2021 & 2 CLAP recognition award in 2022 for Good work and completing the assigned tasks on time.
- Worked dedicatedly in bringing down risk posture of the organization by presenting timely risk data to upper management, taking followups and making critical escalations to get the vulnerabilities remediated on time with a 96% drop in Aged vulnerabilities. Received "Risk and compliance champion award" in Q1 2022.
- Worked on enhancing Nexpose tool for scanning, reporting and vulnerability tracking. Evaluated Tanium for vulnerability scanning and provided resultant to management on onboarding the tool. Onboarded Automated vulnerability tracking and governance tool. Received "Execution excellence award" in Q4 2022.
- Achieved Positive outcomes throughout the year by effectively working on yearly goals as Team Management, project planning, tool implementations, Vulnerability assessment, Internal/ External Audits. Received "Annual Analytical Excellence Award" in 2023.
Languages
English
Hindi
Marathi
Hobbies and Interests
- Fitness & Nutrition consulting
- Gymming
- Bike riding
- Table tennis
- Football
- Travelling
- Gaming
Certification
Certified Ethical Hacker v11, EC-council (April 2026)
Linux command line, EC-council
Timeline
Information Security Engineer
CRISIL
08.2021 - Current
Information Security- Intern
CRISIL
01.2021 - 06.2021
MCA -
K.J. Somaiya Institute of Management
BCA -
IPS Academy
12th -
New Wisdom Public School
10th -
St. Xaviers Sr.sec Co-ed School
Similar Profiles
Vyenkatesh NavalVyenkatesh Naval
Analyst at CRISILAnalyst at CRISIL
Vamsi Kalyan ReddyVamsi Kalyan Reddy
Full-stack Java Spring Boot Developera at CRISILFull-stack Java Spring Boot Developera at CRISIL
Nilesh BarhateNilesh Barhate
Lead Engineer at CRISILLead Engineer at CRISIL