🚨 SECURITY ALERT 🚨

Unauthorized access attempt detected!

Please respect the security measures.

βœ… Message Sent Successfully!

Your message has been delivered.

Thank you for reaching out.

> CompTIA Security+ Certified
> Experienced in Web & Network Vulnerability Assessment and Penetration Testing (VAPT) to identify, assess, and mitigate security risks.
> Skilled in Governance, Risk & Compliance (GRC), ISO 27001 implementation, and audit readiness, strengthening compliance, risk posture, and information security governance.
> Proven ability to manage cybersecurity projects end-to-end, ensuring stakeholder alignment, timely delivery, and strategic execution.
joshikathan11@gmail.com
kathan-joshi
   +91 99782 44288
> about
> skills
> experience
> certifications
> contact

> about_me

> I am an Associate Consultant – Governance, Risk & Compliance (GRC) with proven expertise in audit readiness, compliance assessments, and cybersecurity operations. Currently, I support a leading financial services client by conducting pre-audit checks, evidence validation, and compliance reviews to align with international and regulatory standards.

> Previously, as a Cybersecurity Analyst & Project Coordinator, I delivered over 10+ client projects covering Vulnerability Assessment & Penetration Testing (VAPT), ISO 27001 audits, and GRC implementations. I specialized in coordinating project lifecycles, closing compliance gaps, and strengthening client security posture.

> My professional foundation was built during my internship, where I conducted network and web VAPT, identifying 100+ vulnerabilities and preparing detailed remediation reports that supported clients in mitigating risks effectively.

> I am CompTIA Security+ certified and continuously advancing my expertise in ISO, PCI DSS, and emerging GRC frameworks. Passionate about helping organizations streamline audit processes, mitigate risks, and build resilient compliance-driven operations in today’s evolving threat landscape.

> skills_expertise

πŸ” Governance, Risk & Compliance (GRC)

  • Conducted multiple IS audits in alignment with UCB (Urban Cooperative Banks) and NHB (National Housing Bank) guidelines
  • Performed physical security assessments for financial institutions and private sector organizations, to ensure compliance with regulatory standards
  • Led ISO 27001 implementation, guiding organizations through framework design, control adoption, and audit preparation.
  • Supported pre-assessments for ISO 27001, by identifying gaps and preparing organizations for certification
  • Actively involved in internal and external ISO 27001 audits, assisting with evidence collection, remediation, and closure
  • Applied RBI guidelines to strengthen governance, risk management, and security practices across client organizations
  • Delivered GAP assessments, mapping existing controls against ISO 27001 and regulatory requirements
  • Reviewed and guided development of security policies and procedures, to ensure audit compliance and governance alignment
  • Developed and reviewed Statement of Applicability (SoA) and Risk Assessment & Risk Treatment (RART) documentation
  • Conducted audit preparedness programs, training teams on documentation, evidence management, and regulatory compliance readiness

βš™οΈ Cybersecurity & Vulnerability Assessment and Penetration Testing (VAPT)

  • Performed Network Vulnerability Assessment & Penetration Testing (VAPT) to identify and remediate infrastructure-level risks
  • Conducted Web Application VAPT, uncovering vulnerabilities such as injection flaws, authentication weaknesses, and misconfigurations
  • Executed API security testing and Mobile App VAPT using automated tools to detect common exposure points
  • Delivered vulnerability mitigation guidance, supporting remediation and revalidation to close high-risk gaps
  • Conducted Cloud Security Assessments to evaluate configurations, IAM policies, and security controls across environments
  • Performed Firewall & Endpoint Security Assessments, ensuring secure configuration, monitoring, and patching
  • Monitored firewall and endpoint protection systems (EPS) for anomalies, threats, and control effectiveness
  • Executed phishing simulation exercises to assess user awareness and reduce susceptibility to social engineering
  • Delivered cybersecurity awareness training programs to employees, strengthening organizational security culture
  • Applied fundamental Active Directory (AD) security practices, including privilege management and access control checks
  • Assisted in the identification of security incidents and supported root cause analysis (RCA) activities.
  • Provided basic support in digital forensics investigations, including log review and documentation.

πŸ“Š Consulting & Project Management

  • Managed the full project lifecycle from planning and scoping to execution, delivery, and closure
  • Handled task prioritization, scheduling, and resource allocation to ensure projects stayed on track and aligned with objectives
  • Maintained effective stakeholder communication and cross-functional coordination, bridging business, IT, and compliance teams
  • Oversaw technical implementations such as patching, network upgrades, and security rollouts, ensuring adherence to compliance and security standards
  • Produced high-quality documentation, reports, and audit deliverables to support audit readiness and client presentations
  • Ensured quality and timely service delivery across multiple, parallel client engagements
  • Managed end-to-end audit lifecycles (monthly, quarterly, and semi-annual), including planning, evidence collection, gap analysis, and reporting
  • Performed control gap analysis and developed corrective action plans, providing practical remediation guidance
  • Delivered governance reporting and executive-level presentations, including dashboards, heat maps, and compliance updates
  • Designed and executed cybersecurity awareness programs and phishing simulations to build workforce resilience
  • Applied structured project planning, scheduling, and engagement delivery discipline, achieving consistent on-time outcomes

πŸ’‘ Professional Strengths

  • Strategic Thinking & Risk-Based Decisions – balances practical security measures with business objectives
  • Project Planning & Time Management – ensures timely delivery of audits, assessments, and client engagements
  • Research & Technical Reporting – develops clear, actionable reports and documentation for audits and security findings
  • Effective Communication & Presentation – translates technical risks into business language for stakeholders and executives
  • Business Communication & Email Etiquette – professional interaction across clients, auditors, and internal teams
  • Collaboration & Team Leadership – coordinates cross-functional teams, influences without authority, and builds cooperation
  • Adaptability in Fast-Paced Environments – agile and resilient under changing priorities or compliance requirements
  • Client-Centric Execution – focuses on measurable improvements in audit outcomes, compliance posture, and control maturity
  • Continuous Learning & Development – actively upgrading expertise with certifications such as CompTIA Security+, PCI, ISO/IEC 27701, and Purple Teaming

> professional_experience

Associate Consultant – Cybersecurity & Compliance
Anzen Technologies
July 2025 – Present

    As an Associate Consultant, I focus on conducting pre-assessments prior to formal client audits, ensuring documentation, logs, and data assets are accurate, complete, and audit-ready. This role bridges the gap between operational teams and auditors, proactively identifying issues before they surface in formal compliance evaluations. Key responsibilities include:

  • Performing pre-audit assessments to identify gaps in documentation, security evidence, and process compliance against relevant standards.
  • Reviewing, correcting, and standardizing policies, procedures, and technical documents to align with audit and regulatory requirements.
  • Validating and organizing system logs, monitoring data, and data dictionaries to ensure completeness, integrity, and accessibility during audit reviews.
  • Collaborating with internal teams to resolve documentation and evidence gaps prior to official audit submission.
  • Maintaining an audit readiness checklist to track evidence updates, process changes, and compliance milestones.
  • Advising stakeholders on best practices for log retention, data mapping, and evidence management to strengthen audit performance.

    • This role has enhanced my skills in documentation governance, evidence validation, and pre-audit remediation, ensuring clients are well-prepared for formal compliance reviews with minimal non-conformities.

Cybersecurity Analyst & Project Coordinator
Cyber Octet Pvt. Ltd.
April 2024 – July 2025

    As a Cybersecurity Analyst and Project Coordinator, I lead the execution and coordination of cybersecurity initiatives across web, mobile, and infrastructure environments. I’ve actively contributed to the implementation of ISO 27001-based ISMS, supported cybersecurity audits, and ensured compliance with industry and regulatory standards through structured risk assessments and mitigation planning. Key responsibilities include:

  • Conducting web and network vulnerability assessments (VAPT) using both manual techniques and professional tools to identify and remediate security flaws.
  • Supporting the design and execution of ISO 27001-compliant security controls, policies, and frameworks to improve organizational security posture.
  • Coordinating end-to-end project management, from client requirement gathering and resource allocation to delivery tracking and final reporting.
  • Performing risk assessments, gap analyses, and developing mitigation strategies aligned with business objectives and compliance mandates.
  • Driving stakeholder communication, aligning security objectives with business goals, and ensuring timely project outcomes.
  • Leading cybersecurity awareness initiatives and participating in phishing simulation programs to reduce user-based threats.
  • Supporting audit readiness, including documentation preparation, internal assessments, and post-audit action tracking.

    • This role has strengthened my ability to blend technical insight with business-oriented project execution, making me well-suited for future roles in cyber risk advisory, GRC consulting, and strategic cybersecurity leadership.

Cybersecurity Analyst Intern – Penetration Testing
Cyber Octet Pvt. Ltd.
July 2023 – April 2024

    As a Cybersecurity Analyst Intern, I immersed myself in hands-on security assessments using industry-standard tools and methodologies, strengthening my understanding of cybersecurity risks and mitigation strategies. This role provided direct exposure to real-world penetration testing environments, allowing me to develop both technical expertise and analytical problem-solving skills. Key responsibilities included:

  • Conducting penetration tests on web applications, networks, and systems, simulating real-world cyberattacks to uncover vulnerabilities.
  • Collaborating with senior security professionals to review findings, validate vulnerabilities, and recommend remediation measures to improve security posture.
  • Utilizing cutting-edge security tools such as Nmap, Burp Suite, OWASP ZAP, and Metasploit for vulnerability scanning, exploitation, and reporting.
  • Documenting penetration testing results with detailed technical reports, including proof-of-concept evidence, risk ratings, and mitigation recommendations.
  • Participating in security knowledge-sharing sessions to enhance my practical skills and stay updated on evolving cyber threats.

    • This internship provided a strong foundation for my career in offensive security, fueling my ambition to become a proficient Penetration Tester and contribute to building resilient security architectures against emerging threats.

> certifications

CompTIA Security+ Certified

CompTIA

AIQI ISO/IEC 42001 Awareness eLearning

UKAS

PCI Compliance

Qualys

Lean Six Sigma White Belt

Management and Strategy Institute

ISO/IEC 27701 Information Security Management

Udemy

Purple Teaming Fundamentals

CyberWarFare

Ethical Hacking with Nmap

CodeRed

Advanced Diploma in Ethical Hacking & Cyber Security

Cyber Octet Pvt. Ltd.

Practical Penetration Testing with BackBox

CodeRed

> contact_me

> Let's connect! I'm open to collaboration, freelance opportunities, consultations, or full-time roles in the cybersecurity space.

© 2025 All rights reserved.

user@kathan-joshi:~$

πŸ“± Mobile Experience Notice

For better experience, we recommend using desktop.