Senior Security Engineer at Sharechat co
Speaker
Senior Security Engineer at Sharechat co
Security Engineer with 5 years of experience, currently working as a Senior Security Engineer at ShareChat.
Previously worked with Flipkart as a Security Engineer and bug bounty hunter. Experienced across multiple domains including cloud security, WAF, application security, network and infrastructure security, as well as mobile security testing.
We keep hearing about cloud breaches caused by misconfigurations—open S3 buckets, overly permissive IAM roles, missing MFA—leading to a cycle of scan, find, patch, repeat. This talk challenges that approach by focusing on hardening the backend at the service level, making entire categories of misconfiguration structurally impossible.
Drawing from hands-on experience hardening GCP infrastructure at ShareChat (200M+ users) without a CSPM product, and mapping it against real-world breaches across AWS, Azure, and GCP, the session demonstrates how controls like VPC Service Controls via Terraform, Organization Policies, Workload Identity Federation, JIT access with TTL-based privileges, and systematic IAM hardening eliminate common attack vectors. This practitioner-focused talk highlights how native cloud controls and automation can provide effective, scalable security without reliance on expensive tools.
