Karthik R Sundar

Successfully orchestrated business development initiatives, generating USD 12 million in NSR across various service lines dealing with "digital transformation" as cross-sell and "cyber resilience maturity" in a dynamic market where the market size for digital transformation was 100 billion USD and cyber was 4 billion USD within the SEA Region. My journey on this endeavor reflects a deep comprehension of market demands and the cultivation of enduring client relationships. My strategic approach has been meticulously implemented through key sales channels:

Pipeline: spearheaded the development of a robust pipeline, collaboratively working with the team to identify and nurture leads, comprehend client needs, and position our services as essential solutions. Our collective strategic planning and market analysis have been pivotal in fostering a steady stream of opportunities.

Conversion: We thrive in a team environment to convert prospects into clients by collectively underscoring the unmatched value and relevance of our services. Our team's persuasive communication and deep industry knowledge have led to successful negotiations and widespread client buy-in.

Deal Closure: Together with my team, we've mastered the art of deal closure by ensuring all client concerns are addressed and expectations are not just met but exceeded. Collective shared attention to detail and commitment to excellence have resulted in numerous successful closures, significantly contributing to business growth.

KPMG Risk Consulting Sdn Bhd during my time with them, was focused on expanding emerging tech practices to over 200 professionals, specializing in digital transformation and cyber security. We aimed to identify and nurture talent that significantly enhanced the team's capability to sustain and advance the practice to a USD 8 million revenue-generating practice.

Business Development and People Management:

• I worked in tandem with the Business Development Team to estimate the year-to-date pipeline across cyber services and emerging technology worth USD 5 million year-on-year (YoY) to reach USD 8 million NSR in 2 years as the target.

• My goal was to define strategic marketing objectives to effectively sell cyber security services and emerging technology integration assessment services in the SEA region.

• committed to developing a detailed service catalog that outlines our current services, their outcomes, and the added value they bring to our clients for seamless client perspective management and client acquisition.

• Branding: Create campaigns to scout talent and work with educational institutions to onboard fresh minds to obtain fresh perspectives on the services offered.

Design and strategize:

• I was dedicated to understanding the core challenges SEA clients face in their Digital Transformation Journey and Cyber Resilience Challenges

• My team and I design tailored approaches and methodologies to simplify and effectively address complex problems.

Alliances:

Description: We actively seek potential alliances to enhance our digital transformation and cyber service offerings, focusing on areas such as cloud computing, technology refresh, layered with identity and access management (IAM), data loss prevention (DLP), and behavioral threat detection through services such as Red Team offensive security assessment, Cyber Drill, Breach, and Attack Simulation, Cyber Drill Assessment, Cyber Change Management and cultural awareness within the region

Goal: Our goal was to go to market with a well-adopted framework that provides comprehensive visibility on delivery and ensures end-to-end service excellence with customized offerings to meet client needs and address specific problems that they face across people, processes, and technology, and generate a service revenue of 8 million USD in 2 years.

Result: Our strategic focus on alliances has culminated in a remarkable achievement. We've collectively managed to generate a net service revenue (NSR) of USD 7.5 million across "digital transformation and cyber service offerings," particularly within the financial and renewable energy sectors across the Southeast Asia (SEA) region. This significant milestone underscores the effectiveness of our partnerships and our tailored approach to addressing the specific needs of our clients in these dynamic sectors.

Successful Materiality Alliances:

1. Amazon Web Services

2. Google Cloud

3. Ping Identity

4. Sentinel One

5. Crowdstrike

6. Mandiant Threat Intelligence

Enterprise Architecture (TOGAF): My role was to design a contextual Open Group Architecture Framework (TOGAF) for a systematic approach to designing, planning, implementing, and governing enterprise information architecture. TOGAF is instrumental in aligning IT strategy with business goals, ensuring a holistic understanding of organizational structures, processes, information systems, and technologies. We use advanced modeling tools, conduct thorough stakeholder analysis, and establish governance models to ensure the architecture is responsive to evolving business needs.

Areas : Technology Refresh , Cyber Maturity Assessment., Security Operations Center Enablement , Information technology refresh, cyber maturity assessment, security operations center enablement, information technology organization structuring and alignment with critical business pillars

Enterprise Security Architecture (SABSA): In security, we leverage the Sherwood Applied Business Security Architecture (SABSA) to develop a robust security framework. This involves a detailed layering approach, focusing on defining the security needs at different levels of the enterprise. Through techniques such as intricate Red Team Assessments, we simulate sophisticated cyberattacks to identify vulnerabilities. Our cyber drill assessments involve crafting detailed user stories and defining precise use cases to prepare for real-life scenarios. For ongoing threat assessment, we utilize a range of tools to conduct compromise assessments, establishing and reporting IOCs (Indicators of Compromise) and IOAs (Indicators of Attack) to our clients, ensuring they are equipped with actionable intelligence and predictive insights.

Comprehensive Cybersecurity & Architecture Management (CCAM)

Conduct architecture assessments, conduct comprehensive cyber resilience assessments, and adhere to various standards like Malaysia's RMIT, NIST 800-53, the NIST Risk Management Framework (RMF), ISO 27001, IACS 62443 OT Security Assessment, and GDPR practices. These assessments help ensure robust cybersecurity postures across diverse regulatory landscapes. I also specialize in cloud security assessments for IaaS, PaaS, SaaS, and DaaS, as per Cloud Security Alliance, Fedramp, ENISA standards, and NIST 500-291 and NIST 500-293, ensuring secure and compliant cloud operations. Define assessment methodologies that integrate these standards to provide a detailed, multifaceted view of clients' security stance, enabling proactive defense and resilience in an ever-evolving digital landscape.

Product development: developed a small-scale Threat Intelligence Product for disseminating the latest Intelligence information using open-source STIX and TAXII services from other TI providers and data from Google Kaggle

Technology Stack

1. Cloud Technologies: AWS VPC , Athena , S3 , GCP cloud Suite

2. Front End: React Framework , Python , Figma , Json , XML , Angular JS , Tailwind , HTML / CSS

3. AWS Glue for Extract , Transform and loading Data

4. AWS API Gateway

Customized Product Development

• Customized Solution Development: Worked with Python, React Native, and Ruby on Rails to develop tailored solutions that cater to specific regulatory and operational needs.
• Data Analytics & Dashboarding: Proficient in conducting Extract, Transform, and Load (ETL) processes for data analytics and creating insightful dashboards for informed decision-making.
• IT Cyber Security Posture/Maturity Assessments: Conducted in-depth evaluations aligned with industry best standards for various industries to identify vulnerabilities and strengthen security.
• Vulnerability Assessment & Penetration Testing: Provided targeted services for private and government sectors, identifying and mitigating potential security threats.
• Attack Simulation: Defined use case scenarios for cyber attack simulation assessments, focusing on the energy and financial industries, to prepare organizations against sophisticated threats.
• Security Architecture Review: Developed and reviewed cyber security architectures and frameworks for diverse sectors based on frameworks like SABSA, TOGAF, and CIS, ensuring robust and resilient infrastructures.
• Operational Technology (OT) Maturity Assessment: Conducted assessments for manufacturing industries aligned with ISO 27001, IACS 62443, and NIST 800-53 to enhance security in operational technologies.
• Business Continuity Planning: Developed Standard Operating Procedures for Disaster Management Operationalization, ensuring minimal disruption and quick recovery for both the government and private sectors.
• Cyber Security Disaster Management Framework: established frameworks adhering to industry best practices to manage and mitigate the impacts of cyber incidents effectively.
• Cyber and Operational Risk Management: Defined, developed, and enhanced frameworks to identify, assess, and mitigate risks in an ever-evolving threat landscape across Cyber Guidelines and Standards
• RFP and RFI Preparation: Skilled in the identification, preparation, and translation of technical requirements into pragmatic approaches and methodologies, ensuring clear and effective responses to client tenders.

Juniper SSL VPN & Network Engineering for Data Analytics

• Configured and managed Juniper SSL VPN with a focus on Proxy as Service implementation using Anonymous Servers.
• Troubleshot and configured endpoint security solutions in Juniper SA, including antivirus, firewall, and anti-spyware rules with remediation options.
• Conducted virus signature version monitoring, patch assessment, and log monitoring for comprehensive security coverage.
• Managed Certificate Signing Requests (CSR) for new certificates, utilizing Intermediate Server CA Certificates and enabling trusted Client CAs and hierarchies.
• Configured Citrix & Windows Terminal Services and set up Juniper SSL VPN in Cluster Mode (Active/Active and Active/Passive) for enhanced performance and reliability.
• Configured and troubleshoot Junos Pulse for mobile and hand-held devices ensuring secure and seamless remote access.
• Developed and defined data schemas based on user requirements, leveraging JSON for structured and efficient data representation and integration.
• Applied expertise in software development to enhance data analytics capabilities, ensuring that the data schemas are optimized for analysis, reporting, and decision-making.

My role effectively bridged the gap between advanced network security solutions and data-driven decision-making, providing Juniper Networks with robust security infrastructure and insightful data analytics. This integrated approach ensures not only the security of networks and data but also their effective use in driving business strategies and technological advancements.