Hello!

Welcome to my website

ABOUT Karan

Karan Dwivedi is a recognized cybersecurity expert. Currently, he serves as a security engineering manager at Google. Karan has led large-scale security projects at Google and Yahoo in the US for products like Google Search, Google Assistant, Yahoo Mail, Yahoo Finance, Flickr, etc, to safeguard over a billion users. At Yahoo, he was part of the security team responding to the world’s largest data breach. He is the author of the book “Kickstart your security engineering career” which is a definitive guide for anyone looking to start a career in security engineering. Karan contributed to the latest internet standard for scoring vulnerabilities, the Common Vulnerability Scoring System (CVSS 4.0). He is featured in major media like Hakin9 Media Magazine, Forensic Focus News, etc. He has delivered talks at national and international conferences like Tech Ex North America, Tech Summit SF, BSides Las Vegas, National Cyber Summit, etc, to influence private and public sectors. Karan was featured as a subject matter expert in the Google Cybersecurity Certificate program launched in May 2023 on Coursera, which had an enrollment of over 41000 students in a few weeks. Furthermore, Karan has served as an advisor to startups, an editorial board member in international security journals, and judged global competitions. He holds a master’s degree in Information Security from Carnegie Mellon University, USA.

Industry Experience

google-logo-g-suite-google

Security Engineering Manager at Google

Sunnyvale, California, USA

(April 2022 – Present)

Highlights of my current work:

i. Lead a team of security engineers to defend Alphabet from security risks.
ii. Mentor and train security engineers.
iii. Lead technical work by setting strategy, making decisions and unblocking the team.
iv. Develop people by holding regular 1:1s, career conversations, providing growth opportunities.
v. Contribute to hiring by interviewing, holding shadow sessions for new interviewers etc.
vi. Develop a sense of belonging by building a safe community to do productive work and drive business outcomes.

google-logo-g-suite-google

Senior Security Engineer at Google (Technical Lead)

Sunnyvale, California, USA

(March 2018 – March 2022)

Summary: Detection & Response at Scale to protect users and the internet from bad things.

Highlights of my current work:
i. Successfully lead projects across teams and business units to catalogue and mitigate threats to Google and its users.
ii. Mentor and train new hires in the detection team.
iii. Contribute to the detection codebase with high quality signals to indicate threats.
iv. Perform both small and large scale investigations to remediate risk.
v. Received two promotions (Oct 2019 and Oct 2021).

iconfinder_yahoo_246014

Technical Security Engineer I at Yahoo! (Forensics and Incident Response)
Sunnyvale, California, USA
(May 2016 – March 2018)

Responsible for Investigations and Incident Response tasks which include:

i. Tracking intruders on the network using modern and experimental techniques at scale of 1 billion users per month
ii. Conducting and automating digital forensic analysis on hosts to determine root cause of an incident
iii. Handling 24×7 on-call rotation for incident response
iv. Analyzing, triaging and verifying fixes of security vulnerabilities
v. Filing mass security tickets for vulnerabilities affecting Yahoo infrastructure
vi. Bringing systems and network back to restore expected/normal operations
Skills Gained and/or Developed:
Large scale investigations (memory dump, system logs, disks), Responding to Incidents (information disclosure, phishing, exposed vulnerabilities/services, insecure configurations, DOS and DDOS attacks, Advanced dedicated threats), Threat hunting using various tools like Splunk, Google GRR and Carbon Black, Python and Bash scripting to automate forensic analysis, Effective leadership (C-level) briefing in writing and presentations, Mentoring new hires (1:1 as well as through monthly technical presentations company wide)

iconfinder_yahoo_246014

Intern II Technical at Yahoo!
Sunnyvale, California, USA
(May 2015 – Aug 2015)

Responsible for the following with Yahoo’s security team – Paranoids:

i. Aggregate all enterprise logs in a centralized location
ii. Develop intrusion detection mechanisms by automating analysis on the collected logs which have millions of events

Skills Gained and/or Developed:
Big data technologies like Hadoop, Hive and Oozie, Bash Scripting, Python, Java, Splunk API

honeywell

Project Trainee at Honeywell
Bangalore, India
(Jan 2013 – Jul 2013)
Implemented information security layer for integration of wireless electronic locks and smart cards with Honeywell’s Enterprise Building management system. The layer in turn made calls to known algorithms (e.g. DPAPI, RSA, AES) with desired parameters in C# to facilitate secure communication between software and hardware (EBI Server and EBI client).

honeywell

Software Engineer at Honeywell
Bangalore, India
(July 2013 – July 2014)
As part of digital video manager team which develops IP based security products (video management surveillance systems), my primary job function was to develop C++ components that aid in integration of new cameras from different vendors and Honeywell digital video manager system.

Media & Talks

Invited Conference Talks

1) Tech Ex North America, Santa Clara, 2023

2) Techno Security & Digital Forensics, San Diego 2022

3) National Cyber Summit, Huntsville, Alabama, 2022

4) Keynote at International Conference on Global Security, Safety & Sustainability, 2022

5) BSides Las Vegas 2022
     i) Recording link is here

6) BSides San Antonio 2022
     i) Recording link is here

7) BSides Boulder 2022

Invited University Talks For “The Security Engineer Career” (Event links below)

1) University of Southern California – Nov 2020

2) University of California, Irvine – Oct 2020

3) Drexel University – Aug 2020

News, Media, Podcasts and video interviews

1) Guest on Scale to Zero podcast, 2023
     i) Episode on Spotify

     ii) Scale to zero website post with transcript
     iii) LinkedIn newsletter post is here.

2) Guest on the Google Cloud Security Podcast, 2023
     i) Episode on Google Podcasts
     ii) Episode on Spotify

3) Interview with Forensic Focus, 2022

4) Interview with Hakin9 magazine, 2022

5) Humans of Infosec Podcast – Emerging Voices, 2021
  i) Episode on Soundcloud
 ii) Episode on Apple Podcasts

6) Video on cybersecurity with youtuber Harnoor Singh (singhinusa.com), 2021

7) Video Podcast with Youtuber Yudi J, 2021

Courses

1) Coursera course “Prepare for cybersecurity jobs” contributor – Video on interview tips 

Education

Education

M.S. in Information Security, Carnegie Mellon University

manipal_academy

B.E. in Computer Science & Engineering, Manipal Institute of Technology

Projects

Conducted full scale forensic analysis in a team of 2 as part of a multi-week multi-phase exercise related to an enterprise breach. This exercise was simulated using a scenario with evidence handed out every week with a set of questions to be answered based on it. The investigation involved analyzing network capture using wireshark, filtering out suspicious connections, tracking lateral movement of attackers, conducting disk analysis of compromised systems, creating super timeline to correlate events and finding truecrypt container passwords which were exposed in the memory dump. As part of deliverables, documented entire investigation methodology and provided remediation steps to prevent future breaches and to harden overall security.

Leveraged PCA (Principal Component Analysis) using RapidMiner software to filter out interesting events in a linux firewall log consisting of over 300,000 events. The steps involved included parsing the log file using python to get field information and correct formatting errors, normalizing the field values, feeding the CSV into RapidMiner to get important components based on columns parsed and then looking at outliers to determine potential violations.

Forensically analyzed a suspect’s hard drive for evidence relating to an attack plan. Recovered graphic image files by file carving, user accounts, thumbnail databases, analyzed MSN and IRC chat logs, internet history and cookie information and decrypted encrypted evidence. Correlated gathered evidence to create a timeline of events. Created a professional forensic report outlining all findings and evidence

Analyzed a memory dump and IR data of a compromised windows web server running IIS. Leveraged volatility and its plugins to gather information about processes including potential rootkits, associated files and handles, network activity and suspicious connections. Detailed out findings in a report.

This technical paper describes the enhancements and precision improvements made to the static taint (information leakage) analyzer for android applications known as DIDFAIL (Droid Intent Data Flow Analysis for Information Leakage). I added functionality to track taint propagated through content providers. The project is open source and is funded by the United States Department of Defense in collaboration with Carnegie Mellon University’s Software Engineering Institute. The publication can be viewed here.

It is a research based project aimed at inferring firewall policies on a given SDN network. We experimented with random probing algorithm and smart probing algorithm which made use of machine learning (SVM classifier) to determine network access control policy. We also determined the effectiveness of the above algorithms in python and created a project report detailing theory, implementation and results of our research.

Implemented information assurance principles on a vulnerable virtual company network which included hardening servers, defending and responding to live injected attacks to ensure uptime of critical services on the network

Created a network scenario as a proof of concept to leverage IPv6 in order to compromise a windows server machine using Armitage(Metasploit) running on Kali Linux

Exploited buffer overflow vulnerability in C by writing shell code to change the runtime behavior of various programs (standalone, client-server) with and without ASLR protection

Built a simple stateful firewall using the modular software router Click which can be used for fast prototyping of routing protocols. Network traffic is inspected against a policy file and decisions are made by the firewall.

Induced DOS attack by sending random SYN packets to a switch connected to a SDN controller in mininet. The switch was not able to find the matching handling rules and thus forwarded the packet to the controller, thereby flooding it with requests which saturated the SDN control plane.

Implemented a dynamic taint checker for a programming language called SIMPLE (subset of C). The taint checker ensured that no value derived from a secret is ever printed. Developed several test cases that demonstrate that the checker worked correctly.

Gained first hand experience with running snort on network traffic capture files and detecting alerts. Wrote simple custom snort rules to detect a sample worm. Analyzed BGP update data using route_btoa tool and plotted graphs depicting BGP route announcements and withdrawal messages at the time slammer worm was launched.

Wrote custom static analysis checkers using the Coverity API to enforce desired program properties. Checkers detected usage of unsafe functions in C, modification of random variables, off-by-one and buffer overflow errors and negative shift values.

Gained hands on experience on various prominent web application attacks such as SQL injection, XSS, CSRF and Timing Attacks. Documented each attack, clearly explaining the vulnerability and how the exploit works.

Used the SPARK verification tools to explore verification of security properties. Added preconditions and postconditions to existing ADA functions to enforce desired properties.

Implemented and optimized the runtime of the algorithm described in the research paper titled “Digital Steganography for ASCII Text Documents” using C

A front end for the linux firewall with basic and advanced filtering features such as creating and modifying custom chains. Monitoring support to view firewall rules as well as active connections simultaneously is included. Incorportes features such as port scanning, information on IP, whois and reverse lookup.

A secure, cost effective and flexible remote control system that operated via sms service for performing day to day trivial tasks on one’s PC.

CErtifications

Community Service

Reviewer and Judging Service

1) Author of “Kickstart your security engineering careerbook (#1 new release in Career Guides and Job Interviewing as of Feb 2023)

2) BSides SF 2023 CFP Judge

3) Judge for Globee Cybersecurity Awards 2024

4) Technical Program Committee Member for DFRWS 2022, 2023 and 2024 Conference: Reviewed research papers, offered expert opinions and critical reviews.

5) Board of Referees for “Forensic Science International: Digital Investigations“ Journal

6) Editorial Board Member for International Journal of Electronic Security and Digital Forensics

7) Technical Reviewer for multiple security books for O’Reilly Media.

8) Reviewer for the digital forensics publication “DFIR Reviews

9) Technical reviewer for the world’s second largest magazine for digital forensics – eforensicsmag.com.

10) TraceLabs OSINT CTF Judge: Served as a judge to evaluate open source intelligence from participants to find missing people.

honors & Awards

Honors & Awards

CyberSecurity Excellence Awards
1) Gold Award Winner for “Cybersecurity Professional of the year” 2023.
2) Gold Award Winner for “
Cybersecurity Strategist of the year” 2023.

Indian Achiever’s Forum
Achiever’s Award in 2023 for outstanding professional achievements and contributions. 

Cyber Defense Magazine
Most Innovative Security Expert 2023 Award

Merit Scholarship
Awarded a merit scholarship by Carnegie Mellon University for my information security degree program.

Additional Honor
Represented India (Team of 3) at SEARCC International Student Software Competition (ISSC) 2007, Bangkok, Thailand.

Capture the flag (CTFs) Competitions

SANS-504 CTF Winner (Team of 4)
My team took first place as part of the CTF in SANS course 504 (Hacker Techniques, Exploits and Incident Handling) with approximately 20 students held in San Jose, CA in March 2017. The challenges consisted of exploiting 4 servers on a network by active reconnaissance, lateral movement using SMB, cracking passwords and privilege escalation to gather 5 flags. We successfully completed the CTF in 2.5 hours. I acquired 2 flags independently and worked together to solve the rest of the challanges

Microsoft Build The Shield – Finalist top 25 teams (Team of 4)
My team from Carnegie Mellon INI ranked in the top 25 teams at the finals of Microsoft CTF held in Redmond, Washington in March 2016. The qualification round was online jeoopardy style CTF and the finals were both jeopardy and Attack & Defense. There were a total of 75 teams comprising of average 3-4 members per team

testimonials

Get In Touch

Please feel free to send your message using the form below or reach me on my social media websites listed at the bottom of the page

Have Something To Write?