Portfolio

Portfolio | Gouti1454

PORTFOLIO INSIGHTS

SECUR-TAINMENT

BLOG HANDS-ON PROJECTS

I bring over 17 years of experience across software quality, risk management, compliance, and information security. My work bridges the gap between technical assurance and governance, with proven expertise in global standards like ISO 9001, CMMI, TL9000, AS9001, ISO 27001, and ITGC frameworks. With formal academic qualifications in IT Security (MSc), Business Law (MBL), and Engineering (ECE), I approach risk and compliance with both depth and balance.

Risk Management
Designed and implemented risk frameworks, performed risk assessments, and led mitigation planning at both project and enterprise levels.

Compliance & Assurance
Facilitated and supported external audits (ISO 9001, TL9000, CMMI V2.0) and performed internal audits on ITGC controls, ISO 27001, Change Management, and Business Continuity (DR/BCP).

Data Analysis & Reporting
Built performance models (regression/logistic), tracked KPI trends, and reported performance health indicators to support leadership decisions.

Collaboration & Stakeholder Engagement
Worked closely with cross-functional teams to align quality and security goals with business objectives, ensuring shared ownership of outcomes.

Cybersecurity Experience
Gained practical exposure to cybersecurity controls, threat modeling, and vulnerability assessment through hands-on lab projects, MSc coursework, and formal training.

EXTERNAL CERTIFICATIONS

27001 Lead Implementer – (2021)
Executive Diploma in Data Science - (2020)
TL 9000 Internal Auditor (2019)
Internal Auditor 9001:2015 (2016)
Six Sigma Green Belt – ISI (2014)

ACADEMICS

MSc IT SECURITY
- NOTTINGHAM TRENT UNIVERSITY, NOTTINGHAM, UK - 2024
MASTER OF BUSINESS LAWS (MBL)
- NATIONAL LAW SCHOOL OF INDIA UNIVERSITY - 2019
ELECTRONICS AND COMMUNICATION ENGINEERING
- ANNA UNIVERSITY - 2007

HOME LAB PROJECTS

I’ve set up personal home labs to explore cybersecurity tools and technologies hands-on. You can find detailed walkthroughs of these projects on my blog: Gouti1454.com, where I enjoy sharing insights and solutions with others.

LOVE FOR CONTINUOUS LEARNING

The joy of learning drives my passion, motivating me to explore my interests further and continuously grow my knowledge.

KNOWLEDGE SHARING

Welcome to Gouti1454.com! This blog is dedicated to sharing my experiences and research across various subjects. Observing that many face common challenges and seek solutions, I established this platform to store and share my insights.

Driven by a profound love for technology, I explore software applications, gadgets, and the expansive world of Android. I am passionate about cybersecurity and want to help people stay safe in the digital world.

TECHNICAL SKILLS

ACHIEVEMENTS

Achieved 100% success rate in governance and compliance certifications through successful implementation and completion of:

CMMI 2.0 (2020), CMMI V1.3 (2017), TL9000 (2018, 2019, 2020, 2021, 2022), ISO 9001:2015 (2017).
AS9100 surveillance audits (2015, 2016), Supplier GOLD standards (5S, RRCA, VSM) (2016).
Launched training programs and led process improvement activities, resulting in successful AS9100 (2011,2012,2013) and CMMI v1.3 Dev (2013) assessments.

PROCESS EXCELLENCE & GOVERNANCE

Led multi-standard certification achievement:
- Spearheaded project teams through external certification processes for CMMI 2.0 multimodal, ISO 9001:2015, TL9000, AS9100, ISO 27001, and Agile models, ensuring compliance and process maturity.
Developed and implemented performance health indicators:
- Created and published key performance indicators (KPIs) tracked at various levels (VP, Service Delivery, Delivery Unit, Customer), providing valuable insights for decision-making.
Empowered project teams:
- Aided Service Delivery, Delivery, and Project Managers in achieving and maintaining process compliance and improvement through training, guidance, and mentorship.

POLICY CREATION AND DOCUMENTATION

Developed and improved the Software-Hardware Implementation Forum process, documenting and releasing it in the portal.
Conducted due diligence on the security policies and procedures of suppliers in procurement to identify and mitigate any potential risks.
Analysed procurement suppliers to identify gaps in their information security controls against the ISO 27001:2013 standard, GDPR, Cyber Essentials.

GAP ANALYSIS

Conducted due diligence on the security policies and procedures of suppliers in procurement to identify and mitigate any potential risks.
Analysed procurement suppliers to identify gaps in their information security controls against the ISO 27001:2013 standard.

VULNERABILITY ASSESSMENT

Analysed software and hardware requests to assess the likelihood and impact of potential security vulnerabilities.
Reviewed vulnerability assessment and SOC reports from procurement suppliers to ensure their compliance with the organisation's security standards.

ITGC AUDITS

Conducted comprehensive audits covering Access Controls, Physical and Environmental Controls, Change Management, Backup and Recovery, System Software Controls, Network Security, and Business Continuity and Disaster Recovery across various accounts. Ensured strict adherence to compliance standards and client objectives.
Captured risk assessments and ranked them based on the risk index using RAG (Red, Amber, Green) indicators for clear and actionable insights.
Published non-compliance findings from the audits and diligently tracked them until resolution, ensuring continuous improvement and adherence to standards.
Performed detailed asset verification audits to confirm the accuracy and integrity of asset records.

RISK MANAGEMENT & COMPLIANCE

Established robust risk management:
- Implemented project and account-level risk tracking, effectively communicating findings, non-compliance issues, progress reports, and remediation plans to stakeholders.
Managed RAG status reporting:
- Utilised RAG (Red, Amber, Green) status to monitor key performance indicators (data collection, customer satisfaction, tool compliance, TL9K data) for data-driven decision-making.

PROCESS IMPROVEMENT & PROJECT MANAGEMENT

Built and deployed process performance models:
- Developed and published regression and logistic models, leveraging data analytics to identify trends and inform proactive process improvements.
Conducted comprehensive gap analyses, aligning company and customer processes for seamless integration and operational efficiency.
Guided project lifecycles:
- Facilitated Project Managers through the entire SDLC (kick-off, monitoring, measuring, improvement, closure), utilising templates, checklists, and inspections to ensure quality and adherence to best practices.
Supported quality audits:
- Assisted project quality analysts in Data Verification & Validation (DVV) and Configuration Management (CM) audits.

PEOPLE DEVELOPMENT & MENTORSHIP

Reviewed and facilitated project artefacts:
- Reviewed and facilitated project artefacts like Project Management Plans (PMPs), Project Management Workbooks (PMWBs), Requirement Traceability Matrices, Agile Workbooks, Skill Matrices, and PPMWBs, guaranteeing project alignment and success.
Mentored and coached team members:
- Mentored and coached both direct and indirect team members, tailoring content based on individual needs and goals.
Supervised team activities:
- Supervised team activities, provided feedback, and ensured alignment with KPIs.

DESKTOP INSTALLATION

OS Installation/Upgrades - Software Configurations - Group Policy Configurations
Network Configurations
Printer Firmware/Network Installation - First-Level Troubleshooting and Escalation.
PC Operating Systems, PC Hardware, Device Resources, BIOS/CMOS.

TOPOLOGIES & PROTOCOLS

Security, Resource Sharing, Network Administration, Peer-to-Peer & Client/Server, TCP/IP Networking, Networking Services, Configuration and Troubleshooting.
Wi-Fi Installation, use and testing. Domain Membership & Policies.

PERSONAL HOBBIES

Beyond work, I’ve been committed to bodybuilding for 16 years. I’ve also spent 7 years learning Latin dances, which I truly enjoy.

Photography is another passion — I love capturing nature through my lens. I’m also an adventure enthusiast, going on motorbike/SUV trips and treks through the Himalayas, often hiking through thick forests with fellow explorers.

PROFESSIONAL EXPERIENCE

IT Security Assurance Officer | HM LR, UK | Sep 2022 – Sep 2023

I supported the Information Security team by contributing to policy, risk, and supplier assurance activities.

Policy and Process Development:
- Improved and documented the Software-Hardware Implementation Forum process and published it to the internal portal for wider adoption.
Risk Assessment and Vulnerability Review:
- Assessed hardware and software requests to evaluate potential vulnerabilities and their impact. Reviewed vulnerability and SOC reports from suppliers to ensure alignment with ISO 27001:2013, GDPR, and Cyber Essentials requirements.
Third-Party Risk Management (TPRM):
- Performed due diligence on supplier security policies and procedures during procurement to identify gaps and reduce information security risks.

Deputy Manager – Quality | HCL Tech Ltd. | Mar 2015 – Dec 2021

Led enterprise-wide governance and compliance efforts across multiple standards and certifications.

Governance

Led multi-standard certification achievement: Spearheaded project teams through external certification processes for CMMI 2.0 multimodal, ISO 9001:2015, TL9000, AS9100, ISO 27001, and Agile models, ensuring compliance and process maturity.
Developed and implemented performance health indicators: Created and published key performance indicators (KPIs) tracked at various levels (VP, Service Delivery, Delivery Unit, Customer), providing valuable insights for decision-making.
Empowered project teams: Supported Service Delivery, Delivery, and Project Managers in achieving and maintaining process compliance and improvement through coaching, guidance, and resources.

Compliance

Established robust risk management: Implemented project and account-level risk tracking, effectively communicating findings, non-compliance issues, progress reports, and remediation plans to stakeholders.
Conducted ITGC audits: Audited IT General Controls (access controls, data change management, disaster recovery) across accounts, ensuring adherence to compliance standards and client objectives.
Managed RAG status reporting: Utilised RAG (Red, Amber, Green) status to monitor key performance indicators (data collection, customer satisfaction, tool compliance, TL9K data) for data-driven decision-making.

Process Improvement

Built and deployed process performance models: Developed and published regression and logistic models, leveraging data analytics to identify trends and inform proactive process improvements.
Performed gap analysis: Conducted comprehensive gap analyses, aligning company and customer processes for seamless integration and operational efficiency.
Guided project lifecycles: Facilitated Project Managers through the entire SDLC (kickoff, monitoring, measuring, improvement, closure), utilising templates, checklists, and inspections to ensure quality and adherence to best practices.
Supported quality audits: Assisted project quality analysts in Data Verification & Validation (DVV) and Configuration Management (CM) audits.

Mentorship

Reviewed and facilitated project artefacts: Reviewed and facilitated project artefacts like Project Management Plans (PMPs), Project Management Workbooks (PMWBs), Requirement Traceability Matrices, Agile Workbooks, Skill Matrices, and PPMWBs, guaranteeing project alignment and success.
Mentored and coached team members: Mentored and coached both direct and indirect team members, tailoring content based on individual needs and goals.
Supervised team activities: Supervised team activities, provided feedback, and ensured alignment with KPIs.

Achievements

Achieved 100% success rate in governance and compliance certifications through successful implementation and completion of:
CMMI 2.0 (2020), CMMI V1.3 (2017), TL9000 (2018, 2019, 2020, 2021, 2022), ISO 9001:2015 (2017).
AS9100 surveillance audits (2015, 2016), Supplier GOLD standards (5S, RRCA, VSM) (2016).
Launched training programs and led process improvement activities, resulting in successful AS9100 (2011,2012,2013) and CMMI v1.3 Dev (2013) assessments.

Lead SQA | Xchanging Malaysia | Apr 2014 – Dec 2014

I was responsible for process facilitation and compliance checks for the account, supporting the delivery team to meet quality goals.

My focus was on process optimization using lean principles for the testing team. I created process flow maps, developed standard procedures, and designed templates and checklists tailored to testing activities.
I conducted awareness workshops for over 200 team members, along with training sessions for team leads and managers to align with updated processes.
Key responsibilities included:
- Performing audits, publishing non-conformances, and tracking them to closure.
- Carrying out gap analysis to identify process improvement areas and supporting implementation.
- Preparing and presenting monthly status reports to senior management, including departmental heads, with insights on process compliance and improvement areas.

Lead Quality | Infosys Ltd | Aug 2010 – Mar 2014

I supported large enterprise accounts like Boeing and Airbus, offering end-to-end quality consulting and compliance support to over 600 team members across delivery locations.

Key achievements include the successful AS9100 assessment across teams in Chennai, Bangalore, and Pune in Nov 2013, and the CMMI v1.3 Dev appraisal completed in Aug 2013.
My responsibilities involved conducting audits in areas like Configuration Management (CM) and Delivery Performance (DP), ensuring process adherence, tracking non-conformities, and supporting closure activities. I also consulted on Business Value Articulation (BVA) to highlight process improvements aligned with client goals.
I was actively involved in Infosys' i-Trim (Lean Six Sigma) initiatives, identifying process improvement opportunities that led to measurable cost savings. I regularly tracked and published project health metrics such as MTR (Metrics Report), MSR (Milestone Report), and risk dashboards, all contributing to DU Scorecard performance.
Some of my ongoing responsibilities included:
- CMMI compliance reviews every 45 days across ~22 active projects.
- Single point of contact (SPOC) for Chennai Delivery Center's Tools Group.
- Participated in environmental and cultural initiatives, including Go Green campaigns and Water Day awareness drives.
Trainings Conducted:
- AS9100 (Aerospace Standards)
- CMMI v1.3 Process Overview
- i-Trim (Lean Six Sigma)
- BVA (Business Value Articulation)
- IPM+ (Project Management System)
- SLIM (SLA Prediction Model)
- SPRINT (SQA Tracking Framework)
- Configuration Management Plans
- Infosys Internal Processes
- Excel Macros and Automation
- MU Model (Maintenance Unit Calculation)

Quality Executive | HCL Tech Ltd. | Aug 2007 – Aug 2010

I was responsible for supporting CMMI Level 5 implementation, conducting regular audits and facilitating internal assessments to ensure compliance across multiple projects. My work focused on validating PIID (Practice Implementation Indicator Descriptions), coordinating monthly CMMI audits using standard checklists, and participating in senior management reviews.

I contributed to ISO 20000 (ITIL) implementation in two projects and supported overall quality compliance efforts across engagements. I helped manage process activities for over 200 members, including scheduling audits, tracking status, publishing reports to senior management, and escalating issues when needed.
I onboarded new projects into the quality cycle, participated in project kickoff and closure meetings, and ensured best practices were documented. I briefed first-time managers on required process steps, delivered training on customer-specific and internal processes (PMLite, N2N, PM-Smart), and continuously improved internal process documentation.
Some key contributions:
- Owned and updated PMLite internal process documentation based on business needs.
- Designed templates: PQA work plan, audit checklists, master audit database, SMRs, and MOMs.
- Conducted regular audits, configuration audits, and data verification checks.
- Trained and mentored 3 junior resources as quality facilitators.
- Reviewed process documents and engineering templates with project teams.
- Supported final inspection readiness checks and phase-end reviews.
- Delivered monthly presentations to senior management and clients on project compliance.
Trainings Attended:
- FP and FP NESMA Estimation techniques
- NEM (New Engagement Model) Estimation techniques
- Trained on CMMi v 1.2 which was provided by KPMG lead appraiser.
- Internally trained on ISO 2000 & ISO 9001:2000
- Trained on Six Sigma Yellow belt.
- Trained on Statistical Process Control tools and Process Performance Model.
Trainings Conducted:
- CMMI v1.2 overview for project teams
- PM Lite, PM Smart, MPP tools
- Internal QMS and Process/Product Quality Assurance
- Customer QMS process walkthroughs
Tools & Certifications:
- PM Smart (Project Management) – Expert
- Microsoft Project Plan – Expert
- Serena Version Control, Visual SourceSafe – Familiar
- Internally certified on HPMP (Risk Management and QPM)
Technical Exposure:
- Basic AS400/RPG (internal training – coding, screen design)
- Completed Java, C, and C++ from NIIT

Search This Blog

Secur-tainment

HOME LAB : HANDS-ON