Gaurav Suryawanshi

[Sharing my life experiences, learnings and takeaways from my professional career and academia in InfoSec!]

whoami / about

As a growing information security professional and a life-long learner, Gaurav led the penetration tests, cloud and offensive security engagements for major PwC accounts and customers in the private sector, before pursuing his Master’s of Cybersecurity Engineering at Duke University.

Gaurav's extensive experience includes roles as a Senior Security Analyst at McKesson Corporation and at TATA Consultancy Services Limited, where he honed his expertise in adversary emulation, penetration testing and vulnerability assessments. Adept as a technical lead and an individual contributor both, he has a proven track record of leading multiple projects, mentoring team members, and exceeding objectives.

He is proficient in conducting extensive penetration testing assessments across a range of technologies, such as Websites, Applications, Networks, APIs, Active Directory, and Cloud (AWS, Azure Infrastructure, Office365, and Azure AD). He's gained offensive and defensive security skills simulating sophisticated adversary TTPs, organized with the MITRE ATT&CK framework, while building pro-active defenses against them.

Gaurav holds multiple certifications, including the INE fka eLearnSecurity Junior Penetration Tester (eJPT), Certified AppSec Pentester (CAPen) and is working towards his Offensive Security Certified Professional (OSCP) certification, which underpin his technical competencies. Notably, he has played a pivotal role in identifying and remedying critical vulnerabilities, considerably improving organizational security postures. His strong communication skills have been key to conveying complex security challenges and plans effectively to stakeholders and partners. He is always curious to connect with industry peers and leaders as we all navigate the evolving information security landscape.

cat /education

Master of Engineering in Cybersecurity [August 2024 - December 2025]

Duke University, Durham, North Carolina, United States of America

CGPA: 3.825/4

Relevant Coursework: Cyber Risk Management, Security Incident Detection, Response, and Resilience, Advanced Concepts in Cloud Security, Management of High-Tech Industries, Identity and Access Management, Business Fundamentals for Engineers, Cyber Law/Policy

Affiliations: Duke Office of Information Technology (Student Worker), Duke Cyber and CTF Club (Technical Track Member), Duke Gaming Club, Duke Aviators Club

Teaching Assistant: CYBERSEC 590 - Advanced Secure Enterprise Network Architecture (under Prof. Karen Schnell for Spring 2025)

Bachelor of Science in Computer Science [August 2018 - October 2021]

Dr. Vishwanath Karad MIT World Peace University, Pune, India

CGPA: 3.92/4

Relevant Coursework: System Analysis and Design, Number Theory & Calculus, Correlation, Regression & Analysis, Advanced Digital Electronics, Data Structures & Algorithms, Object Oriented Programming (OOPs), Computer Architecture, Computer Organization, Data Communication & Networking, UNIX & Shell Scripting

Affiliations: MIT Cricket Club

./experience

Teaching Assistant

Duke University - Pratt School of Engineering, Durham, North Carolina

October 2024 - Present

(Student on-campus employment, Part-time)

  • Assisting Prof. Schnell in grading, curriculum improvement, and incorporating industry-relevant security topics, for the Advanced Secure Network Architecture graduate-level course.

Research Assistant

Duke University - Pratt School of Engineering, Durham, North Carolina

October 2024 - Present

(Student on-campus employment, Part-time)

  • Actively contributing to the university's cybersecurity research and excellence initiatives under the program's faculty director, supporting efforts to attain the NSA Center of Academic Excellence (NSA CAE) designation.

Technology Support Assistant

Duke University - Office of Information Technology, Durham, North Carolina

October 2024 - Present

(Student on-campus employment, Part-time)

  • Fixing and troubleshooting issues and tickets related to the ePrints, across Duke University's West, Central and East campuses.
  • Supporting Office of IT activities and initiatives at the Perkins Library.

Cybersecurity Associate Consultant- Advisory Cyber BU

PricewaterhouseCoopers Services LLP (PwC India), Mumbai, India

July 2023 - June 2024

(Professional employment, Full-time)

  • Led security engagements across penetration testing, threat hunting, and red teaming for PwC's global clients.
  • Contributed to GenAI attack research, enhancing AI-driven threat defense.
  • Developed an automated audit solution, cutting compliance gaps by 95% and saving $15K/month.
  • Advised CxOs and client leadership on aligning security controls with ISO/NIST frameworks.
  • Mentored 9+ analysts, fostering technical and business growth.

Senior Security Analyst - Enterprise Vulnerability Management and Center of Excellence

TATA Consultancy Services Limited, Pune, India

June 2021 - June 2023

(Professional employment, Full-time)

  • Led scoping and debrief sessions for security assessments, cutting remediation times by 65%.
  • Secured internal code pipelines with automated vulnerability scans, accelerating releases by 45% while ensuring OWASP and shift-left security practices.
  • Developed threat models using STRIDE and MITRE ATT&CK, minimizing attack surfaces.
  • Assessed CVEs, triaged bug bounty reports, and validated zero-day fixes.
  • Published incident response playbooks, reducing triage and remediation time by 58%.

ls -l /skills

Technical Skills

  • Offensive Security
  • Red Teaming
  • Vulnerability Assessment, Management and Penetration Testing (Websites, APIs, Active Directory, Networks, Thin/Thick-clients, Android/iOS, SAP systems, Citrix VDIs)
  • Exploitation techniques
  • DevSecOps
  • Social engineering
  • Advanced threat emulation
  • Physical security testing (ATMs, RFID and IoT devices)
  • Adversary tactics, techniques, procedures (TTPs)

Defensive Security

  • Blue Teaming
  • Security Operations Center (SOC)
  • Security Information and Event Management (SIEM)
  • Log analysis and monitoring
  • Cyber threat intelligence and threat detection
  • Security controls implementation
  • Incident Response & Digital Forensics (DFIR)
  • Incident management lifecycle, Incident Response Planning

Risk Management and Compliance

  • Risk Assessment
  • Threat modeling
  • Risk analysis methodologies
  • Security assessment frameworks (ISO 27001, NIST, CIS)
  • Compliance
  • Regulatory standards (GDPR, HIPAA, PCI-DSS)
  • Audit procedures and controls
  • Data protection & privacy regulations
  • Governance
  • Drafting security policies, procedures and SOPS

Leadership and Business acumen

  • Technical writing
  • Liaising with non-technical stakeholders, teams
  • Presentations & documentation
  • Communication
  • Problem-solving & Analytical Thinking
  • Root cause analysis
  • Critical thinking and troubleshooting
  • Collaboration & Teamwork
  • Cross-functional team collaboration
  • Stakeholder management
  • Continuous learning

./certifications

INE fka eLearn Security Junior Penetration Tester [eJPTv2]

Verify

Offensive Security Certified Professional [OSCP]

Expected by April, 2025

./achievements

ls -al /worksamples

Web application penetration test report

An actual redacted pentest report prepared by me as a part of independent security consulting for a UAE based customer dated September 2023.

Cyber Threat Intelligence Report - Analysis on 'DopplePaymer' ransomware group

Published a comprehensive CTI report, as a part of my own interest and mid-term examination for CYBERSEC 510 coursework under Prof. Arturo Ehuan

Case Study - CapitalOne AWS Data breach

Published an in-depth case study, as a part of my mid-term examination for CYBERSEC 590 coursework under Prof. David Faraone

HSE Ransomware Play Book

Prepared a ransomware playbook, as a part of my final examination for CYBERSEC 510 coursework under Prof. Arturo Ehuan

HSE Incident Response Plan

Prepared an end-to-end IRP (Incident Response Plan), as a part of my final examination for CYBERSEC 510 coursework under Prof. Arturo Ehuan

HSE Incident Response Policy

Prepared a IR (Incident Response) Policy, as a part of my final examination for CYBERSEC 510 coursework under Prof. Arturo Ehuan

ifconfig // Get in Touch