Practice Lead, Threat & Vulnerability Management, AT&T Security Solutions
As Practice Lead, Security Consulting for AT&T Security Solutions, Rajat Swarup and his team of penetration testers get to break things. As white-hat hackers, their job is to identify security threats before the black-hat hackers do and help enterprise companies secure their networks and applications. Rajat advises Fortune 100 companies and helps customers establish and support security around networks (both wired and wireless), mobile applications, VoIP, and database technologies. He provides application security assessments from the ground up, supporting black-box application penetration tests, SDLC security, application code reviews and POS application penetration tests.
During his five-year tenure with VeriSign, he was one of the key parties involved in solving a criminal breach investigated by the U.S. Secret Service that led to the largest computer crime conviction in U.S. history. As a penetration tester, he responsibly disclosed 0-day exploits – two of which were for Oracle’s flagship software – and found security flaws in software considered secure by other researchers. He also performed creative social engineering attacks for organizations ranging across 21 different industry verticals.
After VeriSign was acquired by AT&T in 2009, Rajat established a state-of-the-art lab for penetration testers around the world to use and deliver attack and penetration assessments with more ease and finesse. He started his career with Tata Consultancy Services (TCS) as an operating system kernel programmer for HP NonStop servers and wrote code for the transaction services module for Tandem systems in C++. After TCS, Rajat was an integral part of an elite team of ethical hackers at Ernst & Young’s Advanced Security Center in New York City.
After more than 10 years’ experience in the industry, Rajat still retains the attitude and passion of the student. He reads books on game theory in his free time and contemplates its application to various client engagements. He participates in hacker competitions (called “capture the flag”) and enjoys the adrenaline rush of performing social engineering assessments, forensics investigations, and incident handling. Having been exposed to a wider range of technologies than most security experts, he’s broken into systems as small as a chip and as large as a mainframe.
Rajat earned his Masters of Science in Computer Science from the University of Southern California, having completed courses in cryptography, advanced OS, computer communications, analysis of algorithms, and search engines, among many others. He’s a member of OWASP, ISACA, ISSA and enjoys playing ping pong and watching cricket when he’s not working. He lives in New York City.