Vidya Murthy
Hi! My name is Vidya. (Pronounced - vidh-ya)
Scroll down to know a little bit about me.
Hi! My name is Vidya. (Pronounced - vidh-ya)
Scroll down to know a little bit about me.
I am a Cybersecurity professional with 3 years experience. Just before I started my undergraduate studies, my credit card details were stolen. It was this incident that piqued my interest and set me on the path of Cybersecurity.
I have had the opportunity to work on various aspects of cybesecurity such as Risk management, Privacy, Policy and Governance and Network Security. I currently hold an active USG Secret Clearence. I am passionate about network and infrastructure security and intend to continue in this facet of Cybersecurity.
Being a victim of cybercrime myself, I am motivated to contribute towards making the cyberspace safer.
Naleku, a 14-month-old female baby elephant was found in the Masai Mara. Her mother had passed away and she was not in a position to fend for herself. I contributed to her care via an animal welfare organization involved in caring for orphaned animals.
“Don’t let the muggles get you down.” – Ron Weasley
I fostered many abandoned stray dogs growing up. All of them eventually found their forever homes. Fostering these puppies cemented in me what a lot of people already knew - Dogs are the best thing to happen to humans.
I was later found at a nearby Pizza Hut.
Note: Demonstrated correct priorities and clear decision-making skills at a young age
When travelling the world was actually a thing.
Pittsburgh, USA
GPA: 3.87 (Highest distinction)
Courses: Network Threat Analysis, Ethical Penetration Testing, Introduction to Cyber Threat Intelligence, Cybersecurity Policy and Management
Bangalore, India
GPA: 3.7 (First Class with Distinction)
Courses: Information Network Security, Data Structures, Operating Systems, Design and Analysis of Algorithms
San Jose, CA
January 2022- Present
100% Remote
June 2020 - Present
● Led data-driven adversarial hunts to look for specific threat actor activity
● Drove process improvement to leverage additional exisiting tools in hunts to provide better context resulting in improved visibility across enterprise networks.
● Conducted daily Tactical Hunts to identify anamoulous activities
● Create a process to identify high priority threat hunts to govern the hunt program
● Presented at the women in cyber conference
Dallas,TX
May 2019 - May 2020
● Responsible for preliminary Threat Hunts
● Devised a solution to leverage MITRE ATT&CK Framework across the enterprise network
● Created baselines to monitor RPA bot activity in the enterprise network
● Developed a process to whitelist request domains and base domains across enterprise network
Bangalore, India
July 2017 - July 2018
● Performed a comparative study of threat intelligence tools to determine the best one suited for the company's needs.
● Prepared comprehensive Intelligence reports of potential threats.
● Updated and circulated Situational Awareness Bulletins based on TLP.
● Analyzed data from multiple sources in order to determine if intelligence is actionable.
● Published weekly Cyber Security Advisory regarding latest campaigns observed within the network as well as externally.
License# - Cert 221267
License# - Cert 226449
Arcsight, Splunk
Tanium, Wireshark, Metasploit, Nessus
C, C++, Python
Cyber Threat Hunting, Situational Awareness, Cyber Threat Intelligence, Incident Response, Penetration Testing, Network Security
Capstone Project
Advisor: K. O'Meara - Threat Researcher and Adjunct Professor at Carnegie Mellon University
Research Period: January 2020 - May 2020
Co-authors: C. Harris, K. Rota, H. Manganello, S. Vagell
This report is a framework that a company could use as a guide to create a cyber threat intelligence team. Companies with cyber threat intelligence teams claimed that their average return on investment three years after creating the team was 284%, according to a survey conducted by Recorded Future, and the companies' risk was reduced by approximately 10 times due to identifying threats sooner.
Our approach offers nine steps to institute a new, small cyber threat intelligence team. For each step, we provide its goal, scope of implementation, best practices based on personal experiences and literature reviews of US Government and private sector company methodologies, and recommendations for improving the team’s performance over time. Our intent is that the framework is practical, such that it outlines methods to accomplish each step rather than merely identifying lofty goals without any explanation of how to achieve them.
In addition to providing a procedure to set up a cyber threat intelligence team, we have included a workflow of the team’s daily operations, including how the team could integrate with senior leaders. Each component in the workflow refers back to the detailed descriptions contained within the nine steps, which should aid a manager in tailoring the team’s processes to match the company’s vision for the cyber threat intelligence team.
Independent Study
Advisor: M.J Butkovic - Director-Risk and Resilience CERT Division-Software Engineering Institute
Research Period: January 2020 - May 2020
The theft worth billions of dollars of intellectual property (IP) due to malicious cyber activity threatens the U.S. economy and national security. In an attempt to curb the exfiltration of Controlled Unclassified Information from the Defense Industrial Base (DIB), the United States Department of Defense announced that it will implement the Cybersecurity Maturity Model Certification (CMMC).
The CMMC model draws from existing maturity models such as Capability Maturity Model Integration (CMMI) and the CERT Resilience Management Model (CERT-RMM) . This new model certifies defense contractors based on their cyber hygiene. Certifications range from ‘Basic Cyber Hygiene’ at Level 1 to ‘Advanced/Progressive’. Contractors will be eligible to bid on contracts based on their certification level.
This paper studies the implementation of such maturity models before delving into the CMMC. Insights gained from analyzing CMMI and RMM are used to make recommendations for organizations to prepare for the implementation of CMMC. Additionally, certain changes are recommended for future versions of CMMC with the aim of improving the efficiency of CMMC and eventually, reduce the exfiltration of CUI from the DIB.
Speaker at Women In Cyber Security Conference 2020
Research Period October 2019-April 2020
Co-presenter: Addison Moran
A digital footprint is a trail of data you create while using the Internet. It includes the websites you visit, emails you send, and information you submit to online services.
In this presentation, we identified the sources of digital footprints, some were typical sources like Social media, but we also found some unusual sources like Venmo or Google Maps.
We then discussed possible scenarios where your digital footprint could be used to hack your accounts.
The first scenario was a black box test - where the attacker did not know the target personally. The second scenario was an insider threat case where the attacker was connected to the target across various social media platforms.
Finally, we discussed certain tactics that can help in protecting privacy and recommended some best practices.
Technical Director-Risk and Resilience CERT Division at Software Engineering Institute
"Vidya is a highly capable cybersecurity professional who displays a true passion for the domain. She demonstrates excellent critical thinking in all aspects of accomplishing an objective. Vidya is also one of the most inclusive and thoughtful students I’ve ever encountered at Carnegie Mellon University. She strives to collaborate with respect for all. I first met Vidya when she was a student in my cybersecurity policy and governance course at the Heinz College of Information Systems and Public Policy. I also had the pleasure of serving as her thesis advisor. Vidya consistently exceeded expectations in her research and application of analytical techniques. Based on these experiences, I can endorse Vidya without hesitation. She is a remarkable person with a very bright future ahead in our profession."
Information Security Analyst III at American Express
" I had the pleasure of working with Vidya on a variety of projects throughout our Information Security Policy and Management program at Carnegie Mellon University Heinz College. Vidya was consistently a high contributing team member and provided valuable insights and ideas to every project she was a part of. Vidya is hardworking, motivated, and passionate about her work. Time and time again she was there for her classmates to provide advice and words of encouragement. My two years at Heinz College would not have been the same without Vidya, and any company would find themselves lucky to have her as a part of their team. "
Please send me an email to receive a copy of my resume.
Contact Email: info@murthyvidya.com