KIERAN UPADRASTA CISSP, CISM, CRISC                                                                                                                     

 

Kieran Upadrasta, CISSP is the Chief Information Security Officer (CISO) and Founder & Director of Cyber Artificial Intelligence Systems Inc. He is an AI cybersecurity architect, information security consultant, and InfoSec researcher with deep expertise in cyber defence, risk management, and enterprise security strategy. Kieran holds CISSP, CISM, and CRISC certifications and serves as a policy advisor and expert witness. A University Gold Medallist, he is a member of a Cyber Defence Taskforce, contributing to strategic and operational cybersecurity initiatives at national and enterprise levels.

With over 27 years of experience in business analysis, consulting, technical security strategy, architecture, governance, threat assessments, and risk management, Kieran has spent 27 years in cybersecurity, including tenure at Big 4 consulting firms, and 21 years in the financial and banking sector. He has guided leading corporations in achieving compliance with OCC, SOX, GLBA, HIPAA, ISO 27001, NIST, PCI DSS, and SAS 70.

Kieran has consulted for numerous Fortune 500 clients across banking, financial services, insurance, defence, and aerospace sectors. His expertise spans establishing risk management programs, designing enterprise network security architectures, and building enterprise-wide security programs that align business objectives with cybersecurity imperatives.

He was the lead author of a prize-winning research paper in AI and cybersecurity, published in peer-reviewed journals, and presented at national and international conferences. Kieran continues to advance pioneering research at the intersection of Artificial Intelligence and Cybersecurity, driving innovations for next-generation security solutions.

He is also an expert in Business Continuity Planning (BCP), Disaster Recovery Planning (DRP), Incident Response, Crisis Management, Major Incident Management (MiM), stakeholder engagement, and requirements mapping. His specialization includes Cybersecurity Strategy & Architecture, Identity & Access Management (IAM/PAM), Governance, Risk & Compliance (GRC), Threat & Vulnerability Management, Cloud Security & DevSecOps, Regulatory Compliance & Audits

 

A computer with a person's face on the screen Description automatically generated with medium confidence

                  

Domain                                   

Expertise & Technologies                                                                                                                             

🟣 Security Architecture & Strategy      

HLD & LLD Design; Enterprise Architecture (SABSA, TOGAF); Board Reporting; M&A Cyber Due Diligence 

🟡 Identity & Access Security            

IAM: AD, Azure AD, Okta; PAM: CyberArk, BeyondTrust, Thycotic, Centrify, Broadcom CA PAM; IGA: SailPoint                                                

🟢 Risk Management                       

SARA, SPRINT, IRAM                                                                                                                                      

🔴 Threat & Vulnerability Management     

Threat Modelling, Threat Hunting, Intelligence, DDoS Mitigation; Arbor SP Peakflow, Akamai Kona Defender, SiteShield; Qualys, Tenable Nessus, Foundstone

🔵 Governance, Risk & Compliance (GRC)    

IT Governance, Auditing, Policy, Legal & Regulatory Compliance, Investigations & Forensics; COBIT, Archer eGRC; PCI DSS, GDPR, Data Protection, SOX     

Cybersecurity Platforms                

CrowdStrike, Palo Alto Networks, SentinelOne, M365 Defender, Falcon X; MITRE ATT&CK; EDR/XDR, Zero Trust, NGAV, Container Security

🔵 Standards & Assurance                 

ISO/IEC 27001, NIST, COBIT, SAS 70; Smart City Reviews; BCP & DRP; HIPAA, SOC 2, DORA; AI Governance (ISO/IEC 42001)

🟠 Data Protection & Insider Threat      

Data Loss Prevention (DLP), Fraud Prevention, APT, User Behaviour Analytics (UBA); Symantec DLP                                                         

☁️ Cloud & DevSecOps                     

AWS, Azure, Google Cloud Platform (GCP); Cloud & Hybrid Security; Ansible, Kubernetes, Docker, Terraform, Jenkins, Python

🟤 Security Operations & SIEM            

SOC Leadership & Operations; ArcSight ESM, QRadar, Splunk, LogRhythm, RSA Security Analytics                                                            

🧱 Network, Endpoint & Perimeter Security

Firewalls, IDS/IPS, WAF; Check Point, Cisco, Juniper, McAfee, Snort, Sourcefire; Encryption, VPN, IPsec, PKI; SafeBoot, Pointsec, CrowdStrike     

🌐 Web Security & Content Filtering      

Blue Coat, Zscaler, Finjan, IronPort                                                                                                                    

⚙️ Delivery & Engineering                

Agile, PRINCE2, DevOps, DevSecOps                                                                                                                       

🏛️ Regulatory & Government Experience   

Engagement with International Security Agencies; Financial Conduct Authority (FCA); Prudential Regulation Authority (PRA)  

  Qualified: CISM, CRISC, CISSP, CyberArk Certified, CCSE, CCSP, CCNA Security, JNCIS-FWV, MBA and BEng