Vidya Murthy

Hi! My name is Vidya. (Pronounced - vidh-ya)

Scroll down to know a little bit about me.

About Me

I am a Cybersecurity professional with 3 years experience. Just before I started my undergraduate studies, my credit card details were stolen. It was this incident that piqued my interest and set me on the path of Cybersecurity.

I have had the opportunity to work on various aspects of cybesecurity such as Risk management, Privacy, Policy and Governance and Network Security. I currently hold an active USG Secret Clearence. I am passionate about network and infrastructure security and intend to continue in this facet of Cybersecurity.

Being a victim of cybercrime myself, I am motivated to contribute towards making the cyberspace safer.

Fun facts

Accomplishment I am most proud of: Adopted an orphaned baby Elephant

Naleku, a 14-month-old female baby elephant was found in the Masai Mara. Her mother had passed away and she was not in a position to fend for herself. I contributed to her care via an animal welfare organization involved in caring for orphaned animals.

I have read the entire Harry potter series atleast 6 times

Accomplishment I am most proud of: Adopted an orphaned baby Elephant

“Don’t let the muggles get you down.” – Ron Weasley

Retirement Plan: Own and run a doggy day care center

Accomplishment I am most proud of: Adopted an orphaned baby Elephant

Retirement Plan: Own and run a doggy day care center

I fostered many abandoned stray dogs growing up. All of them eventually found their forever homes. Fostering these puppies cemented in me what a lot of people already knew - Dogs are the best thing to happen to humans.

Got lost in Disneyland when I was 5 years old

Traveled to over 20 countries, 5 continents and counting

Retirement Plan: Own and run a doggy day care center

I was later found at a nearby Pizza Hut.

Note: Demonstrated correct priorities and clear decision-making skills at a young age

Traveled to over 20 countries, 5 continents and counting

When travelling the world was actually a thing.

Education

Master of Science in Information Security Policy and Management (2018-2020)

Pittsburgh, USA

GPA: 3.87 (Highest distinction)

Courses: Network Threat Analysis, Ethical Penetration Testing, Introduction to Cyber Threat Intelligence, Cybersecurity Policy and Management

Bachelor of Engineering in Information Science and Engineering (2013-2017)

Bangalore, India

GPA: 3.7 (First Class with Distinction)

Courses: Information Network Security, Data Structures, Operating Systems, Design and Analysis of Algorithms

Work experience

Senior Analyst - Cyber Threat Intelligence

San Jose, CA

January 2022- Present

Senior Cyber Threat Analyst

100% Remote

June 2020 - Present

● Led data-driven adversarial hunts to look for specific threat actor activity

● Drove process improvement to leverage additional exisiting tools in hunts to provide better context resulting in improved visibility across enterprise networks.

● Conducted daily Tactical Hunts to identify anamoulous activities

● Create a process to identify high priority threat hunts to govern the hunt program

● Presented at the women in cyber conference

Cyber-security Graduate Intern

Dallas,TX

May 2019 - May 2020

● Responsible for preliminary Threat Hunts

● Devised a solution to leverage MITRE ATT&CK Framework across the enterprise network

● Created baselines to monitor RPA bot activity in the enterprise network

● Developed a process to whitelist request domains and base domains across enterprise network

Graduate Engineer Trainee

Bangalore, India

July 2017 - July 2018

● Performed a comparative study of threat intelligence tools to determine the best one suited for the company's needs.
● Prepared comprehensive Intelligence reports of potential threats.
● Updated and circulated Situational Awareness Bulletins based on TLP.

● Analyzed data from multiple sources in order to determine if intelligence is actionable.
● Published weekly Cyber Security Advisory regarding latest campaigns observed within the network as well as externally.

Research

9 Steps to Creating New Cyber Threat Intelligence Team

Capstone Project

Advisor: K. O'Meara - Threat Researcher and Adjunct Professor at Carnegie Mellon University

Research Period: January 2020 - May 2020

Co-authors: C. Harris, K. Rota, H. Manganello, S. Vagell

This report is a framework that a company could use as a guide to create a cyber threat intelligence team. Companies with cyber threat intelligence teams claimed that their average return on investment three years after creating the team was 284%, according to a survey conducted by Recorded Future, and the companies' risk was reduced by approximately 10 times due to identifying threats sooner.

Our approach offers nine steps to institute a new, small cyber threat intelligence team. For each step, we provide its goal, scope of implementation, best practices based on personal experiences and literature reviews of US Government and private sector company methodologies, and recommendations for improving the team’s performance over time. Our intent is that the framework is practical, such that it outlines methods to accomplish each step rather than merely identifying lofty goals without any explanation of how to achieve them.

In addition to providing a procedure to set up a cyber threat intelligence team, we have included a workflow of the team’s daily operations, including how the team could integrate with senior leaders. Each component in the workflow refers back to the detailed descriptions contained within the nine steps, which should aid a manager in tailoring the team’s processes to match the company’s vision for the cyber threat intelligence team.

An Organizational Primer For CMMC

9 Steps to Creating New Cyber Threat Intelligence Team

Independent Study

Advisor: M.J Butkovic - Director-Risk and Resilience CERT Division-Software Engineering Institute

Research Period: January 2020 - May 2020

The theft worth billions of dollars of intellectual property (IP) due to malicious cyber activity threatens the U.S. economy and national security. In an attempt to curb the exfiltration of Controlled Unclassified Information from the Defense Industrial Base (DIB), the United States Department of Defense announced that it will implement the Cybersecurity Maturity Model Certification (CMMC).

The CMMC model draws from existing maturity models such as Capability Maturity Model Integration (CMMI) and the CERT Resilience Management Model (CERT-RMM) . This new model certifies defense contractors based on their cyber hygiene. Certifications range from ‘Basic Cyber Hygiene’ at Level 1 to ‘Advanced/Progressive’. Contractors will be eligible to bid on contracts based on their certification level.

This paper studies the implementation of such maturity models before delving into the CMMC. Insights gained from analyzing CMMI and RMM are used to make recommendations for organizations to prepare for the implementation of CMMC. Additionally, certain changes are recommended for future versions of CMMC with the aim of improving the efficiency of CMMC and eventually, reduce the exfiltration of CUI from the DIB.

Exploiting Your Digital Footprint

9 Steps to Creating New Cyber Threat Intelligence Team

Exploiting Your Digital Footprint

Speaker at Women In Cyber Security Conference 2020

Research Period October 2019-April 2020

Co-presenter: Addison Moran

A digital footprint is a trail of data you create while using the Internet. It includes the websites you visit, emails you send, and information you submit to online services.

In this presentation, we identified the sources of digital footprints, some were typical sources like Social media, but we also found some unusual sources like Venmo or Google Maps.

We then discussed possible scenarios where your digital footprint could be used to hack your accounts.

The first scenario was a black box test - where the attacker did not know the target personally. The second scenario was an insider threat case where the attacker was connected to the target across various social media platforms.

Finally, we discussed certain tactics that can help in protecting privacy and recommended some best practices.

Testimonials

Matthew James Butkovic

Technical Director-Risk and Resilience CERT Division at Software Engineering Institute

"Vidya is a highly capable cybersecurity professional who displays a true passion for the domain. She demonstrates excellent critical thinking in all aspects of accomplishing an objective. Vidya is also one of the most inclusive and thoughtful students I’ve ever encountered at Carnegie Mellon University. She strives to collaborate with respect for all. I first met Vidya when she was a student in my cybersecurity policy and governance course at the Heinz College of Information Systems and Public Policy. I also had the pleasure of serving as her thesis advisor. Vidya consistently exceeded expectations in her research and application of analytical techniques. Based on these experiences, I can endorse Vidya without hesitation. She is a remarkable person with a very bright future ahead in our profession."

Susan Vagell

Matthew James Butkovic

Information Security Analyst III at American Express

" I had the pleasure of working with Vidya on a variety of projects throughout our Information Security Policy and Management program at Carnegie Mellon University Heinz College. Vidya was consistently a high contributing team member and provided valuable insights and ideas to every project she was a part of. Vidya is hardworking, motivated, and passionate about her work. Time and time again she was there for her classmates to provide advice and words of encouragement. My two years at Heinz College would not have been the same without Vidya, and any company would find themselves lucky to have her as a part of their team. "

Vidya Murthy

About Me

Fun facts

Accomplishment I am most proud of: Adopted an orphaned baby Elephant

Accomplishment I am most proud of: Adopted an orphaned baby Elephant

Accomplishment I am most proud of: Adopted an orphaned baby Elephant

I have read the entire Harry potter series atleast 6 times

Accomplishment I am most proud of: Adopted an orphaned baby Elephant

Accomplishment I am most proud of: Adopted an orphaned baby Elephant

Retirement Plan: Own and run a doggy day care center

Accomplishment I am most proud of: Adopted an orphaned baby Elephant

Retirement Plan: Own and run a doggy day care center

Got lost in Disneyland when I was 5 years old

Traveled to over 20 countries, 5 continents and counting

Retirement Plan: Own and run a doggy day care center

Traveled to over 20 countries, 5 continents and counting

Traveled to over 20 countries, 5 continents and counting

Traveled to over 20 countries, 5 continents and counting

Education

Master of Science in Information Security Policy and Management (2018-2020)

Bachelor of Engineering in Information Science and Engineering (2013-2017)

Work experience

Senior Analyst - Cyber Threat Intelligence

Senior Cyber Threat Analyst

Cyber-security Graduate Intern

Graduate Engineer Trainee

Certifications

Splunk Certified User

Splunk Certified Power User

Skills

SIEM

Tools

Languages

Operational

Research

9 Steps to Creating New Cyber Threat Intelligence Team

9 Steps to Creating New Cyber Threat Intelligence Team

9 Steps to Creating New Cyber Threat Intelligence Team

An Organizational Primer For CMMC

9 Steps to Creating New Cyber Threat Intelligence Team

9 Steps to Creating New Cyber Threat Intelligence Team

Exploiting Your Digital Footprint

9 Steps to Creating New Cyber Threat Intelligence Team

Exploiting Your Digital Footprint

Testimonials

Matthew James Butkovic

Matthew James Butkovic

Matthew James Butkovic

Susan Vagell

Matthew James Butkovic

Matthew James Butkovic

Resume

Social

I would like to hear from you!

Drop me a line!