Welcome to my website
Karan Dwivedi is a security engineering manager at Google. He has over 7 years of experience in information security specializing in defensive engineering (also known as “blue team”) i.e. detection, incident response, digital forensics, insider threats and investigations at scale. His mission is to defend and protect users and organizations to make the internet a safer place. He has successfully led projects within large scale tech companies in Silicon Valley to improve security for over a billion users. He graduated from Carnegie Mellon University with Masters in Information Security in 2016.
He owns the security blog “All things pwned” where he shares interviewing advice for security engineers. His interviewing articles are provided as a reference by the Google hiring team. He serves as a program committee member of the DFRWS conference, reviewer for DFIR Reviews and editorial board member of international journals in digital forensics. He contributed to the cybersecurity certificate program on coursera and has helped several people land jobs in the field. He is a regularly invited speaker at security conferences, universities, and podcasts.
Security Engineering Manager at Google
Sunnyvale, California, USA
(April 2022 – Present)
Highlights of my current work:
i. Lead a team of security engineers to defend Alphabet from security risks.
ii. Mentor and train security engineers.
iii. Lead technical work by setting strategy, making decisions and unblocking the team.
iv. Develop people by holding regular 1:1s, career conversations, providing growth opportunities.
v. Contribute to hiring by interviewing, holding shadow sessions for new interviewers etc.
vi. Develop a sense of belonging by building a safe community to do productive work and drive business outcomes.
Senior Security Engineer at Google (Technical Lead)
Sunnyvale, California, USA
(March 2018 – March 2022)
Summary: Detection & Response at Scale to protect users and the internet from bad things.
Highlights of my current work:
i. Successfully lead projects across teams and business units to catalogue and mitigate threats to Google and its users.
ii. Mentor and train new hires in the detection team.
iii. Contribute to the detection codebase with high quality signals to indicate threats.
iv. Perform both small and large scale investigations to remediate risk.
v. Received two promotions (Oct 2019 and Oct 2021).
Technical Security Engineer I at Yahoo! (Forensics and Incident Response)
Sunnyvale, California, USA
(May 2016 – March 2018)
Responsible for Investigations and Incident Response tasks which include:
i. Tracking intruders on the network using modern and experimental techniques at scale of 1 billion users per month
ii. Conducting and automating digital forensic analysis on hosts to determine root cause of an incident
iii. Handling 24×7 on-call rotation for incident response
iv. Analyzing, triaging and verifying fixes of security vulnerabilities
v. Filing mass security tickets for vulnerabilities affecting Yahoo infrastructure
vi. Bringing systems and network back to restore expected/normal operations
Skills Gained and/or Developed:
Large scale investigations (memory dump, system logs, disks), Responding to Incidents (information disclosure, phishing, exposed vulnerabilities/services, insecure configurations, DOS and DDOS attacks, Advanced dedicated threats), Threat hunting using various tools like Splunk, Google GRR and Carbon Black, Python and Bash scripting to automate forensic analysis, Effective leadership (C-level) briefing in writing and presentations, Mentoring new hires (1:1 as well as through monthly technical presentations company wide)
Intern II Technical at Yahoo!
Sunnyvale, California, USA
(May 2015 – Aug 2015)
Responsible for the following with Yahoo’s security team – Paranoids:
i. Aggregate all enterprise logs in a centralized location
ii. Develop intrusion detection mechanisms by automating analysis on the collected logs which have millions of events
Skills Gained and/or Developed:
Big data technologies like Hadoop, Hive and Oozie, Bash Scripting, Python, Java, Splunk API
Project Trainee at Honeywell
(Jan 2013 – Jul 2013)
Implemented information security layer for integration of wireless electronic locks and smart cards with Honeywell’s Enterprise Building management system. The layer in turn made calls to known algorithms (e.g. DPAPI, RSA, AES) with desired parameters in C# to facilitate secure communication between software and hardware (EBI Server and EBI client).
Software Engineer at Honeywell
(July 2013 – July 2014)
As part of digital video manager team which develops IP based security products (video management surveillance systems), my primary job function was to develop C++ components that aid in integration of new cameras from different vendors and Honeywell digital video manager system.
M.S. in Information Security, Carnegie Mellon University
B.E. in Computer Science & Engineering, Manipal Institute of Technology
Conducted full scale forensic analysis in a team of 2 as part of a multi-week multi-phase exercise related to an enterprise breach. This exercise was simulated using a scenario with evidence handed out every week with a set of questions to be answered based on it. The investigation involved analyzing network capture using wireshark, filtering out suspicious connections, tracking lateral movement of attackers, conducting disk analysis of compromised systems, creating super timeline to correlate events and finding truecrypt container passwords which were exposed in the memory dump. As part of deliverables, documented entire investigation methodology and provided remediation steps to prevent future breaches and to harden overall security.
Leveraged PCA (Principal Component Analysis) using RapidMiner software to filter out interesting events in a linux firewall log consisting of over 300,000 events. The steps involved included parsing the log file using python to get field information and correct formatting errors, normalizing the field values, feeding the CSV into RapidMiner to get important components based on columns parsed and then looking at outliers to determine potential violations.
Forensically analyzed a suspect’s hard drive for evidence relating to an attack plan. Recovered graphic image files by file carving, user accounts, thumbnail databases, analyzed MSN and IRC chat logs, internet history and cookie information and decrypted encrypted evidence. Correlated gathered evidence to create a timeline of events. Created a professional forensic report outlining all findings and evidence
Analyzed a memory dump and IR data of a compromised windows web server running IIS. Leveraged volatility and its plugins to gather information about processes including potential rootkits, associated files and handles, network activity and suspicious connections. Detailed out findings in a report.
It is a research based project aimed at inferring firewall policies on a given SDN network. We experimented with random probing algorithm and smart probing algorithm which made use of machine learning (SVM classifier) to determine network access control policy. We also determined the effectiveness of the above algorithms in python and created a project report detailing theory, implementation and results of our research.
Implemented information assurance principles on a vulnerable virtual company network which included hardening servers, defending and responding to live injected attacks to ensure uptime of critical services on the network
Created a network scenario as a proof of concept to leverage IPv6 in order to compromise a windows server machine using Armitage(Metasploit) running on Kali Linux
Exploited buffer overflow vulnerability in C by writing shell code to change the runtime behavior of various programs (standalone, client-server) with and without ASLR protection
Built a simple stateful firewall using the modular software router Click which can be used for fast prototyping of routing protocols. Network traffic is inspected against a policy file and decisions are made by the firewall.
Induced DOS attack by sending random SYN packets to a switch connected to a SDN controller in mininet. The switch was not able to find the matching handling rules and thus forwarded the packet to the controller, thereby flooding it with requests which saturated the SDN control plane.
Implemented a dynamic taint checker for a programming language called SIMPLE (subset of C). The taint checker ensured that no value derived from a secret is ever printed. Developed several test cases that demonstrate that the checker worked correctly.
Gained first hand experience with running snort on network traffic capture files and detecting alerts. Wrote simple custom snort rules to detect a sample worm. Analyzed BGP update data using route_btoa tool and plotted graphs depicting BGP route announcements and withdrawal messages at the time slammer worm was launched.
Wrote custom static analysis checkers using the Coverity API to enforce desired program properties. Checkers detected usage of unsafe functions in C, modification of random variables, off-by-one and buffer overflow errors and negative shift values.
Gained hands on experience on various prominent web application attacks such as SQL injection, XSS, CSRF and Timing Attacks. Documented each attack, clearly explaining the vulnerability and how the exploit works.
Used the SPARK verification tools to explore verification of security properties. Added preconditions and postconditions to existing ADA functions to enforce desired properties.
Implemented and optimized the runtime of the algorithm described in the research paper titled “Digital Steganography for ASCII Text Documents” using C
A front end for the linux firewall with basic and advanced filtering features such as creating and modifying custom chains. Monitoring support to view firewall rules as well as active connections simultaneously is included. Incorportes features such as port scanning, information on IP, whois and reverse lookup.
A secure, cost effective and flexible remote control system that operated via sms service for performing day to day trivial tasks on one’s PC.
Reviewer and Judging Service
1) BSides SF 2023 CFP Judge
2) Technical Program Committee Member for DFRWS 2022 and 2023 Conference: Reviewed research papers, offered expert opinions and critical reviews.
3) Board of Referees for “Forensic Science International: Digital Investigations“ Journal
4) Editorial Board Member for International Journal of Electronic Security and Digital Forensics
5) Technical Reviewer for multiple security books for O’Reilly Media.
6) Reviewer for the digital forensics publication “DFIR Reviews“
7) Technical reviewer for the world’s second largest magazine for digital forensics – eforensicsmag.com.
8) TraceLabs OSINT CTF Judge: Served as a judge to evaluate open source intelligence from participants to find missing people.
honors & Awards
Honors & Awards
Indian Achiever’s Forum
Achiever’s Award in 2023 for outstanding professional achievements and contributions.
Awarded a merit scholarship by Carnegie Mellon University for my information security degree program.
Represented India (Team of 3) at SEARCC International Student Software Competition (ISSC) 2007, Bangkok, Thailand.
Capture the flag (CTFs) Competitions
SANS-504 CTF Winner (Team of 4)
My team took first place as part of the CTF in SANS course 504 (Hacker Techniques, Exploits and Incident Handling) with approximately 20 students held in San Jose, CA in March 2017. The challenges consisted of exploiting 4 servers on a network by active reconnaissance, lateral movement using SMB, cracking passwords and privilege escalation to gather 5 flags. We successfully completed the CTF in 2.5 hours. I acquired 2 flags independently and worked together to solve the rest of the challanges
Microsoft Build The Shield – Finalist top 25 teams (Team of 4)
My team from Carnegie Mellon INI ranked in the top 25 teams at the finals of Microsoft CTF held in Redmond, Washington in March 2016. The qualification round was online jeoopardy style CTF and the finals were both jeopardy and Attack & Defense. There were a total of 75 teams comprising of average 3-4 members per team
I had worked with Karan on the project Mobremote. Karan showed a great deal of enthusiasm during the development period of Mobremote. He has quite a good hold of Networking fundamentals & Security domain.
I was awed and amazed by the amount of energy and enthusiasm. His ability to grasp concepts and convert them to reality is impeccable. He was instrumental in one of our key developments. Karan is very knowledgeable and hard working individual. Any task assigned to him doesn't need a follow-up. His technical depth information security domain is excellent. He is a great team player and fosters team spirit.
Karan is a very enthusiastic person and a quick learner. He was able to understand the development framework faster and contribute to the projects within a short duration. His ‘Never give up’ attitude helped him to complete the Green Belt certification successfully incorporating the identified control plan in the project.
Karan was an exceptionally devoted and hard working person. He's really passionate about a few things, such as information security, computer systems etc. We have worked together briefly and I would strongly recommend him for Software Development.
Karan is an extraordinary person who has the rare ability to connect requirements, technical feasibility, implementation complexity and market surveys to come up with great ideas. His coding skills are at-par with the best in the industry. In the numerous projects that we have worked together, his inputs have brought in tremendous quality and flexibility. He has a lot of focus on the quality of code, the modularity and flexibility of the design. He is always updated with the latest trends in the industry. Given these qualities, along with his determination, hard work, technical skills and friendly attitude, he brings great value to each and every project he works on, and, in return, he enjoys the satisfaction of successfully completing a project that everyone appreciates. I am sure he will scale great heights in a very short span of time.
I worked with Karan in the Yahoo Paranoids - Incident Response team. Karan is been a valuable resource to the team and is able to work on multiple incidents and projects in parallel. He was able to work on forensic analysis and identify root cause in a relatively short amount of time. His scripting skills have been very useful during incidents. I would recommend Karan to any Infosec team that would like to hire a Incident responder with good analysis and scripting skills.
Karan joined our team as a intern in Honeywell Building Solutions during the summer of 2013. He quickly made his mark as a good programmer - he initially implemented couple of handy tools to test out our access control system solutions. Later he also helped in creating a software security layer for our access system solution. The good work done as an intern lead him to be a full time engineer at Honeywell. His enthusiasm towards technology, thoroughness in getting tasks done and clear communication stood out. I highly recommend Karan as a software engineer.
I met Karan when I was interning with him at Honeywell, Bangalore. I remember that he was quite dedicated and resilient towards his work. He was interning in access control systems, and worked closely with the team to integrate security mechanisms in their new product development. His attitude and commitment was appreciated by all Honeywell employees, and his friendly nature impressed many. He went on further to work as a full time employee at Honeywell, and I am sure his perseverance will take him to great heights in his career.
Get In Touch
Please feel free to send your message using the form below or reach me on my social media websites listed at the bottom of the page