Aditya K Sood (Ph.D.) is a cybersecurity advisor, practitioner, researcher, and consultant. With the experience of more than 15 years, he provides strategic leadership in the field of information security covering products and infrastructure. He is well experienced in propelling businesses by making security a salable business trait. Dr. Sood is well versed in designing algorithms by harnessing security intelligence and data science. During his career, he has worked with cross functional teams, management and customers thereby providing them with the best of the breed information security experience. Dr. Sood has research interests in cloud security, IoT security, malware automation and analysis, application security, and secure software design. He has worked on a number of projects pertaining to product/appliance security, networks, mobile, and web applications while serving Fortune 500 clients for IOActive, KPMG and others. He has authored several papers for various magazines and journals including IEEE, Elsevier, Crosstalk, ISACA, Virus Bulletin, and Usenix. His work has been featured in several media outlets including Associated Press, Fox News, The Register, Guardian, Business Insider, CBC, and others. He has been an active speaker at industry conferences and presented at Blackhat, DEFCON, HackInTheBox, RSA, Virus Bulletin, OWASP, and many others. Dr. Sood obtained his Ph.D. from Michigan State University in Computer Sciences. Dr. Sood is also an author of "Targeted Cyber Attacks" and "Empirical Cloud Security" books.
He held positions such as Senior Director of Threat Research and Security Strategy, Head (Director) of Cloud Security, Chief Architect of Cloud Threat Labs, Lead Architect and Researcher, Senior Consultant, and others while working for companies such as F5 Networks, Symantec, Blue Coat, Elastica, IOActive, Coseinc, and KPMG.
• Mercury Learning , July 2023
This book is designed for security and risk assessment professionals, DevOps engineers, penetration testers, cloud security engineers, and cloud software developers who are interested in learning practical approaches to cloud security. It covers practical strategies for assessing the security and privacy of your cloud infrastructure and applications and shows how to make your cloud infrastructure secure to combat threats, attacks, and prevent data breaches. The chapters are designed with a granular framework, starting with the security concepts, followed by hand-on assessment techniques based on real-world studies, and concluding with recommendations including best practices.
More details can be found here: https://empirical-cloudsecurity.adityaksood.com/• Mercury Learning , April 2021
This book is designed for security and risk assessment professionals, DevOps engineers, penetration testers, cloud security engineers, and cloud software developers who are interested in learning practical approaches to cloud security. It covers practical strategies for assessing the security and privacy of your cloud infrastructure and applications and shows how to make your cloud infrastructure secure to combat threats, attacks, and prevent data breaches. The chapters are designed with a granular framework, starting with the security concepts, followed by hand-on assessment techniques based on real-world studies, and concluding with recommendations including best practices.
More details can be found here: https://empirical-cloudsecurity.adityaksood.com/• Syngress, April 2014
Cyber-crime increasingly impacts both the online and offline world, and targeted attacks play a significant role in disrupting services in both. Targeted Cyber Attacks examines real-world examples of directed attacks and provides insight into what techniques and resources are used to stage these attacks so that you can counter them more effectively.
Syngress published this book (ISBN-10: 0128006048 | ISBN-13: 978-0128006047) and it is available at : Amazon, Elsevier Store, Barnes and Nobles and others. Third-party reviews about the book is available at : Help Net Security and RSA Conference Blog. Search Security Techtarget has displayed a one chapter of the book here : Bookshelf. The book is also hosted in the Toronto Public Library. The book is also available through Google Play.
Chinese transaltion is available at Amazon Bookstore.
A number of vulnerabilities have been disclosed under the hood of "Responsible Disclosure" and cannot be disclosed due to business and legal constraints. A number of disclosed vulnerabilities are listed below but not limited to:
Reported many vulnerabilities to vendors as a part of bug bounties (entirely fun). The list of vendors are presented below but are not limited to:
Hacking Botnet Command and Control Panels
Conference TalkDissecting the Design of SCADA Web HMIs: Hunting Vulnerabilities
Conference TalkHacking Botnets Die Hard: Owned and Operated
Conference TalkThe Government Can See EVERYTHING?! - Fact or Fictional
Conference TalkScammers taking advantage of Gmail, Google Drive users’ trust
Conference TalkThe Realm of 3rd Generation Botnet Attacks.
Conference TalkAdvancements in Botnet Attacks.
Conference TalkMangling with Botnets.
Conference Talk