Platform Security Lead @ Atlassian | Researcher | Speaker | Tech Blogger | Technosociologist
8 Years of Experience
Bengaluru, Karnataka, India
-
-
Not Available
Creating new things, circumventing expected behavior (ethical hacking), diving deep into technicalities & building security right into the platform renders me immense satisfaction and happiness. Currently, I am working as a Platform Security Lead at Atlassian. In this role, I'm responsible for leading a team of security engineers to conduct security reviews, code reviews, threat modelling, pentests of the core components that build up Atlassian's cloud infrastructure. Conducting investigations/research on best AWS security controls, SAST, DAST tools. Consulting the devs for best security practices and answering all their open questions/concerns on how to build the security of their products. I am particularly passionate about security research, studying the ever evolving relationship of tech and humans and spreading cyber awareness. I started an initiative called "!nfinite Hacks" to research on the same and spread awareness through creative events about the issues ranging from cybersecurity, data privacy, addiction, information overload etc that tech brings along in modern day world and brainstorm about possible solutions. I have presented my work in multiple international conferences including RSAC, Diana Initiative, Android Security Symposium, ISEA International Conference on Security and Privacy, Microsoft's Reverse Engineer Summit, Android Dev Days and conducted trainings for Microsoft, Google, Mozilla, Girl Script, Swecha and several non-profit tech communities.
Atlassian, SaaS/Cloud Product, Computer Software
Atlassian
Atlassian
Atlassian, Atlassian, Atlassian, !nfinite Hacks, Microsoft, Microsoft, Microsoft, Microsoft, Independent Researcher, Electronic Frontier Foundation, Google, Microsoft India, Carnegie Mellon University, Aspiring Minds Pvt Ltd, LLS Project- Drexel University, Pennsylvania
Job Title : Lead Security Engineer
Company name : Atlassian
Period : January 2023 - Present
Job Title : Senior Product Security Engineer
Company name : Atlassian
Period : October 2022 - Present
Job Title : Product Security Engineer
Company name : Atlassian
Period : May 2021 - October 2022
Job Title : Founder
Company name : !nfinite Hacks
Period : January 2021 - Present
Job Title : Software Engineer II
Company name : Microsoft
Period : March 2020 - April 2021
Summary : Contributed to building Microsoft Defender for Android from scratch and shipped it.
Location : Hyderabad, Telangana
Job Title : Software Engineer
Company name : Microsoft
Period : March 2019 - March 2020
Location : Hyderabad Area, India
Job Title : Data Scientist
Company name : Microsoft
Period : November 2017 - February 2019
Summary : Presently I am working on PROSE, which is Program Synthesis using Examples. This is a remarkable research product developed by MSR, Redmond. My job includes extending the capabilities of certain DSLs for team specific use case of extractions from web data.
Location : Hyderabad Area, India
Job Title : Software Engineer
Company name : Microsoft
Period : July 2016 - October 2017
Location : Hyderabad Area, India
Job Title : Android Security Researcher
Company name : Independent Researcher
Period : January 2019 - April 2021
Job Title : Tech Intern via Outreachy program
Company name : Electronic Frontier Foundation
Period : December 2015 - March 2016
Summary : Privacy Badger is a browser addon for Firefox and Chrome which automatically blocks advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. It's currently only built for desktop Chrome and Firefox. The goal of this project will be to re-implement the existing Privacy Badger for Android.
As a part of the project I:
1. Researched on different kind of possibilities that exist for the implementation of intercepting network traffic on Android.
2. Created local proxy server on Android that led to successful interception of traffic, successfully sending and receiving the outbound and inbound traffic.
3. Tried doing the same using AndroidVpnService, one way was accomplished.
4. Created an Android App that had the basic features of turning on the proxy server for interception and view intercepted traffic.
5. Learned about socket programming, OSI layers, networking protocols and open source approach to project.
Job Title : Google Student Ambassador
Company name : Google
Period : 2014 - January 2016
Summary : The Google Student Ambassador Program is an opportunity for students to act as liaisons between Google and their universities.
As a GSA my duties involved:
1. Leading Google Students' Club at the campus that was responsible for conducting several technical events.
2. Spreading awareness about the new technology and student opportunities with Google.
3. Motivating student communities and helping them out to build up the right attitude for paving way into the technical industry.
4. Teaching JAVA . Android, Git and other tools on student communities request.
5. Event Planning and Management.
Job Title : Microsoft SDE Intern
Company name : Microsoft India
Period : May 2015 - July 2015
Summary : As a part of this internship I worked on:
1.Developing a strong validation framework that verifies that the execution of custom extraction techniques is symmetric across the different systems(C#, JavaScript, C++).
While working on this project I delivered a real time validation framework using SignalR library.
Solution involved SignalR based client-server architecture where server is the SignalR hub and there were separate clients for the three languages C#, C++, JavaScript Client.
Major learnings were electing efficient use of data structure, correct usage of RPC mechanisms of SignalR, efficient client-server architecture setup,handling race conditions and doing SOLID software development.
2. Solving minor bugs and adding requested features in an MVVM application.
3. Attending and organizing Machine Learning Boot Camp.
Job Title : IPTSE Winter School
Company name : Carnegie Mellon University
Period : December 2014 - December 2014
Summary : A 15 days long workshop where a team of five students tried to solve a challenging problem of making the machine learn to identify sounds using machine learning model. My contribution involved researching, learning about classifying techniques. developing ML classifiers, writing python scripts for automation, working with OpenSMILE, scikit learn, MFCC extraction libraries and other audio processing libraries.
Location : NIT-K Surathkal
Job Title : Content Expert
Company name : Aspiring Minds Pvt Ltd
Period : May 2014 - July 2014
Summary : Analyzed above 500 code samples and graded them on the basis of algorithm followed, time and speed efficiency and other stringent parameters described in rubric provided by the company.
Job Title : Solution Developer
Company name : LLS Project- Drexel University, Pennsylvania
Period : 2014 - 2014
Summary : The main requirement was to develop a website for The Leukemia and Lymphoma Society, Philadelphia that would simplify collaboration among office workers. The website was developed on asp.net and offered features like Login-information, Board Members' Profile, Messaging System, Document Sharing , Poll Generation, Event Creation etc.
My role was to develop:
1. Real time IRC like chat feature: This involved displaying all the names logged in, green dot corresponding to their availability for chat, chat windows and real time chat.
2. Event creation and poll generation: This functionality allowed user to create an event and do voting from all other users for the same.This involved sending notifications as and when the event is created and also graphical viewing of the poll results by the creator of event.
NA
Title : Serialize Badge
Period : March 2023 - Present
Summary : PTLS2822.pdf, pentesterlab.com, https://pentesterlab.com/badges/serialize
Issuing Authority : PentesterLab
Title : Associate Architecting and SysOps on AWS
Period : June 2021 - Present
Issuing Authority : Amazon Web Services (AWS)
Title : Make the Move from Individual Contributor to Manager
Period : April 2021 - Present
Summary : linkedin.com, https://www.linkedin.com/learning/certificates/52353a74a87a51806d2b5f1fc3b6e3fd7cd009e072abf97f01511c9cae479e87?trk=backfilled_certificate
Issuing Authority : LinkedIn
Title : Ethical Hacking: Enumeration
Period : December 2020 - Present
Summary : linkedin.com, https://www.linkedin.com/learning/certificates/9ab23f9ac1051352bc3523854c7f2205e0b908b781092016580d4fb6e1d5feb2?trk=backfilled_certificate
Issuing Authority : LinkedIn
Title : EC-Council iWeek Training
Period : October 2020 - Present
Summary : 596429, google.com, https://drive.google.com/file/d/1Y5ut3RBe5tLOZx6ODmpObiptz9DA9jb6/view?usp=sharing
Issuing Authority : EC-Council
Title : Android Pen Testing
Period : June 2020 - Present
Summary : linkedin.com, https://www.linkedin.com/posts/aditi-bhatnagar-8a110662_android-security-activity-6680517666790219776--Dqf?trk=flagship-lil_details_certification
Issuing Authority : LinkedIn
Title : Ethical Hacking: Sniffers
Period : June 2020 - Present
Summary : linkedin.com, https://www.linkedin.com/learning/certificates/0c8c2b28bf771c37484d1a3f2cd5642bfc28083945c471e98bba405e7c63983d?trk=backfilled_certificate
Issuing Authority : LinkedIn
Title : Application Security and Secure Coding Training course in .NET
Period : June 2017 - Present
Summary : 4c33c0316624eab23334e7bc0b1eb8d5a2d39520, codebashing.com, https://certificates.codebashing.com/dotnet_course_certificate_4c33c0316624eab23334e7bc0b1eb8d5a2d39520.pdf
Issuing Authority : Codebashing
Title : Certified Ethical Hacker (CEH)
Period : April 2021 - April 2024
Summary : ECC2591376480
Issuing Authority : EC-Council
Title : An Introductory Guide to Hacking NETBIOS
Publisher : Hacker Noon
Publication time : 2021
Title : How to Map Your Home Networks Using NMAP
Publisher : Hacker Noon
Publication time : 2020
Title : I Automated My Whatsapp Chats on Android and H
English , Hindi , Sanskrit
Award : Nominatedfor 2022 - Hackernoon Contributor of the year in Cybersecurity
Issuer : Hackernoon
Date : 12 2022
Summary : https://hackernoon.com/about/aditiBhatnagar
Award : Best Talk at Android Dev Days conducted globally across Microsoft
Date : 11 2020
Award : Speaker at Diana Initiative 2020
Issuer : Diana Initiative
Date : 8 2020
Summary : https://tdi2020.sched.com/speaker/aditi24.bhatnagarHow does the security landscape looks like for Android, are there known privacy limitations or security threats? How do you look into the internals of an Android app? How do you look into the internals of Android itself? This talk will answer these questions for the audience. As a part of the talk, we will cover the following:
1. Overview of Android Security Landscape: Present day's security and privacy posture of Android, the attacks and challenges in defence.
2. Android Apps Internals: How to reverse engineer Android App and see what it does?
3. FRIDA: Using FRIDA to explore Android Apps Ecosystem
4. Design of malwares and spywares
5. Current situation, exploitation, risks and future.
Award : Nominated for Hacker Noon Contributor of The Year: TECHNOLOGY 2020
Issuer : Hacker Noon
Date : 7 2020
Summary : The Noonies are Hacker Noon’s way of recognizing the tech industry’s top writers, thinkers, hodlers, leaders, and makers. Got publicly nominated for:
Hacker Noon Contributor of The Year: TECHNOLOGYHere’s linkage to award page:
https://noonies.tech/award/hacker-noon-contributor-of-the-year:-technology
Award : Speaker at Android Security Symposium 2020
Issuer : Johannes Kepler University Linz (JKU) and University of Applied Sciences Upper Austria
Date : 7 2020
Summary : A smartphone is something that stays with you almost “always” throughout the day. It’s equivalent to roaming around with an explicit sensor which can listen to you, get your location, get your movements, get your conversations, see your facial expressions, in fact, even get your heartbeat and so on. The device can literally capture your state as-is and is easily capable of compromising your privacy. This talk brings forward an in-depth investigation into Android Apps eco-system from a purely privacy perspective. We will dive deep into:1. Permissions: How permissions roll in Android, what all data can be collected without user permission by privacy invasive apps, the nature and validity of permissions;
2. Client side collusion of information: Interaction and information exchange between the apps using same third-party libraries;
3. Exploits used by aggressive adwares in Android Ecosystem
4. Finding which apps interact with which ones using binder logs.
5. Finding shared code between apps by gene analysis using Knowledge Graph
https://android.ins.jku.at/symposium/
Award : Speaker at Third ISEA International Conference on Security and Privacy 2020
Issuer : Information Security and Education Awareness Project – Phase II (ISEA-II), an initiative of Ministry of Electronics and Information Technology, Govt. of India
Date : 2 2020
Summary : Android Threat Landscape- An industrial perspective
Abstract:
Mobile endpoints have drastically drifted the security landscape. In a world where every person owns a personal device, several privacy and security concerns have evolved. The talk brings forward the state of Android Threat Landscape from an industrial perspective. We will walk through the different threats that prevail and will dive deep into their platform-specific operational details. The talk will also focus on what kind of challenges are there when we try to defend Android platforms from such threats.
http://event.iitg.ac.in/isap2020/KeynoteSpeakers.php#industry-talk2
Award : GHCI Student Scholar
Issuer : Grace Hopper Conference India
Date : 9 2015
Show More