Senior Product Security Leader | PSIRT | Vulnerability Research | SBOM & Supply Chain Security | 500+ CVEs | Speaker @ AusCERT, PoC & Confidence.
Cybersecurity leader with 15+ years of experience across Product Security, PSIRT, Compliance and Vulnerability Research, currently leading global product security initiatives at Fortinet.
Recognized with 500+ CVE disclosures, 3 U.S. patents, and Hall of Fame acknowledgments from Google, Microsoft, Adobe, Cisco, Nvidia, SAP, IBM, and Intel for responsible vulnerability research.
As Senior Manager of Product Security, I helped scale Fortinet’s PSIRT and vulnerability management programs protecting a $5B+ product portfolio — reducing incident response time by 40%, cutting exploitable surface by 70%, and advancing SBOM-driven supply chain assurance.
My core expertise spans the following:
Security Assurance & Vulnerability Remediation Lifecycle.
PSIRT Operations & Disclosure, Governance (ISO 30111 / NIST 800-161).
Secure Development Lifecycle (SDLC) Design.
Threat Modeling, Fuzzing (AFL++, libFuzzer), and Reverse Engineering.
Leadership of cross-regional and cross-functional security teams.
Conference Speaker: Confidence ’20 | AusCERT ’20 | PoC ’19
Certifications: CEH, RHCE, CCNA (CISSP, OSCP – in progress)
Build secure by design. Lead by example.
Built and scaled Fortinet’s global PSIRT program, recruiting and mentoring a cross-regional team of 20+ engineers driving vulnerability disclosure, security automation, and incident response across 25+ product families. Partnered with R&D to harden cloud and on-prem products, uncovering ~1,000 vulnerabilities and cutting exploitable surface by 70%. Led Blackbox testing that revealed 100+ zero-days, championed SBOM adoption, and reduced supply-chain risk by 45%.
Built and led Fortinet’s Zero-Day Research team, driving coordinated vulnerability disclosure with global vendors and MITRE. Delivered proactive IPS protections for discovered exploits, published technical advisories, and trained internal teams on OSINT and vulnerability research.
Discover Zero Day Vulnerabilities in Popular Software, Firmware & Hardware products.
Build & Maintain FortiGuard Packages for Malicious Botnet Domains, IPs & Certificates and Blacklist IPs.
Ladies others the six desire age. Bred am soon park past read by lain. As excuse eldest no moment. An delight beloved up garrets am cottage private. The far attachment discovered celebrated decisively surrounded for and.
She suspicion dejection saw instantly. Well deny may real one told yet saw hard dear. Bed chief house rapid right the.
Rochester Institute of Technology
SVKM's Narsee Monjee Institute of Management Studies (NMIMS)
Delivered invited talks at leading international security conferences
|
VENDOR
|
CVE Details
|
|---|---|
|
Google
|
CVE-2017-1543, CVE-2017-15418, CVE-2017-145388, CVE-2017-5044, FG-VD-17-013, FG-VD-16-031, FG-VD-17-012, FG-VD-17-025, FG-VD-17-058
|
|
Microsoft
|
CVE-2020-1296, CVE-2018-8136, FG-VD-17-047, FG-VD-17-105
|
|
Intel
|
CVE-2018-3649, FG-VD-17-042, FG-VD-17-043, FG-VD-17-044, FG-VD-17-038
|
|
NVIDIA
|
CVE-2019-5676, FG-VD-17-082, FG-VD-17-083, FG-VD-17-084
|
|
Amazon
|
|
|
Adobe
|
CVE-2017-3004, CVE-2019-8247, CVE-2019-8248, CVE-2020-9570, CVE-2020-9571, CVE-2020-9572, CVE-2020-9573, CVE-2020-9574, CVE-2020-9575, CVE-2021-21103, CVE-2021-21104 & CVE-2021-21105, CVE-2018-12810, CVE-2018-12811, CVE-2022-23195, CVE-2022-23194, CVE-2022-23193, CVE-2022-23192, CVE-2022-23191, CVE-2022-23190, CVE-2022-23188, CVE-2020-9555, CVE-2020-9562, CVE-2020-9562, CVE-2020-9568, CVE-2020-9566, CVE-2020-9567, CVE-2020-9554, CVE-2020-9556, CVE-2020-9559, CVE-2020-9560, CVE-2020-9561, CVE-2020-9564, CVE-2020-9565, CVE-2020-9569, CVE-2022-44498, CVE-2022-44500, CVE-2022-23187, CVE-2022-23188, CVE-2021-43020, CVE-2022-23203, CVE-2022-24090, CVE-2021-44184, CVE-2021-21082, CVE-2020-3783, CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-3787, CVE-2020-3788, CVE-2020-3789, CVE-2019-8247, CVE-2019-7990, CVE-2019-7991, CVE-2019-7992, CVE-2019-7997, CVE-2019-7998, CVE-2019-7999, CVE-2019-7993, CVE-2019-8001, CVE-2025-54240,CVE-2025-52439,CVE-2025-52438,CVE-2025-54205,CVE-2025-54192,CVE-2025-54194,CVE-2025,54188,CVE-2025-54187,CVE-2025-54193,CVE-2025-54191,CVE-2025-54189,CVE-2025-54195,CVE-2025-54190,CV-2025-54202,CVE-2025-54204,CVE-2025-49573,CVE-2025-54235,CVE-2025-54203,CVE-2025-54186,CVE-2025-54198,CVE-2025-54200,CVE-2025-54199,CVE-2025-54201,CVE-2025-54197,CVE-2025-27165,CVE-2025-21167,CVE-2025-21166,CVE-2025-47135,CVE-2025-21168,CVE-2025-24448,CVE-2025-30312,CVE-2024-53000,CVE-2024-53005,CVE-2024-52999,CVE-2024-53002,CVE-2024-53004,CVE-2024-53001,CVE-2024-49546,CVE-2025-24449,CVE-2024-49547,CVE-2024-49538,CVE-2024-49541,CVE-2024-49551,CVE-2024-52998,CVE-2024-49536,CVE-2024-49511,CVE-2024-49512,CVE-2024-49510,CVE-2024-47427,CVE-2024-47436,CVE-2024-47437,CVE-2024-47428,CVE-2024-47435,CVE-2024-47453,CVE-2024-47446,CVE-2024-47442,CVE-2024-47443,CVE-2024-47449,CVE-2024-47445,CVE-2024-47444,CVE-2024-47454,CVE-2024-45143,CVE-2024-45144,CVE-2024-45109,CVE-2024-45108,CVE-2024-45111,CVE-2024-41867,CVE-2024-41868,CVE-2024-41873,CVE-2024-41872,CVE-2024-41871,CVE-2024-41870,CVE-2024-45150,CVE-2024-20790,CVE-2024-34135,CVE-2024-34133,CVE-2024-34134,CVE-2024-45145,CVE-2024-41863,CVE-2024-41861,CVE-2024-41862,CVE-2024-41860,CVE-2024-30271,CVE-2024-20724,CVE-2024-20772,CVE-2024-20725,CVE-2024-20723,CVE-2025-27165,CVE-2024-20715,CVE-2024-20712,CVE-2024-20711,CVE-2024-20714,CVE-2024-20713,CVE-2024-20710,CVE-2023-48639,CVE-2023-48637,CVE-2023-48638,CVE-2023-48636,CVE-2023-48626,CVE-2023-48628,CVE-2023-48630,CVE-2023-48625,CVE-2023-48627,CVE-2023-48629,CVE-2023-47076,CVE-2023-47077,CVE-2023-47081,CVE-2023-47080,CVE-2023-44330,CVE-2023-47063,CVE-2023-44332,CVE-2023-44331,CVE-2023-44333,CVE-2023-44334,CVE-2023-44335,CVE-2023-44346,CVE-2023-44341,CVE-2023-44342,CVE-2023-44344,CVE-2023-44343,CVE-2023-44345,CVE-2023-44347, CVE-2018-4927, CVE-2017-11295, CVE- 2016-4119, CVE-2017-3010, CVE-2017-2946, CVE-2016-7856, CVE-2016-6948, CVE-2016-4119, CVE-2017-2990, FG-VD-16-053, CVE-2018-4928
|
|
Autodesk
|
CVE-2023-29070, CVE-2023-29071, CVE-2022-33888, CVE-2021-27043, CVE-2022-25797, CVE-2022-33883, CVE-2022-27525, CVE-2022-41306, CVE-2022-42934, CVE-2022-42935, CVE-2022-42936, CVE-2022-42937, CVE-2022-42933, CVE-2022-42943, CVE-2022-41310, CVE-2022-42040, CVE-2022-42939, CVE-2022-42942, CVE-2022-42941, CVE-2022-42938, CVE-2022-41309, CVE-2022-42944, CVE-2022-33890, CVE-2022-27526, CVE-2022-41301, CVE-2022-41305, CVE-2022-41307, CVE-2022-41308
|
|
CISCO
|
CVE-2017-12313, CVE-2017-12252, CVE-2018-0264, CVE-2019-1924,CVE-2019-1925, CVE-2019-1926,CVE-2019-1927, CVE-2019-1928, CVE-2019-1929, CVE-2018-0379, CVE-2021-1502, CVE-2021-1503, CVE-2021-1526, CVE-2021-1527, CVE-2019-1637, CVE-2019-1640, CVE-2019-1641, CVE-2018-0287, CVE-2019-15283, CVE-2019-15284, CVE-2019-15285, CVE-2019-15286, CVE-2018-0380, CVE-2017-12312, CVE-2017-12372, CVE-2017-12371, CVE-2017-12368, CVE-2017-12370, CVE-2017-12369, CVE-2017-12367
|
|
Siemens
|
CVE-2022-34291, CVE-2022-34290, CVE-2022-34289, CVE-2022-34288, CVE-2022-34287, CVE-2022-34286 CVE-2022-34285 CVE-2022-34284 CVE-2022-34283 CVE-2022-34282 CVE-2022-34281 CVE-2022-34280 CVE-2022-34272 CVE-2022-34273 CVE-2022-34274 CVE-2022-34275 CVE-2022-34276 CVE-2022-34277 CVE-2022-34278 CVE-2022-34279
|
|
Corel
|
CVE-2021-38096, CVE-2021-38097, CVE-2021-38098, CVE-2021-38099, CVE-2021-38100, CVE-2021-38101, CVE-2021-38102, CVE-2021-38103, CVE-2021-38104, CVE-2021-38105, CVE-2021-38106, CVE-2021-38107, CVE-2021-38108, CVE-2021-38109, CVE-2021-38110
|
|
IBM
|
CVE-2021-39049, CVE-2021-39050
|
|
Fortinet
|
CVE-2024-23107, CVE-2025-54822, CVE-2024-23107, CVE-2025-59921
|
|
Schneider Electric
|
CVE-2019-6825, CVE-2017-7967, FG-VD-16-093
|
|
Norton
|
CVE-2017-13676, CVE-2018-5235, CVE-2018-5238
|
|
Kaspersky
|
CVE-2018-6306
|
|
SAP
|
CVE-2021-27584, CVE-2021-27595, CVE-2021-27596, FG-VD-16-070, FG-VD-17-071, FG-VD-17-072, FG-VD-16-046
|
|
Broadcom
|
CVE-2017-6329
|
|
GLiNET
|
CVE-2022-44212, CVE-2022-44211
|
|
Foxit
|
CVE-2017-7584, CVE-2017-5364, CVE-2016-6168, CVE-2017-12892,
|
|
Anydesk
|
CVE-2018-13102
|
|
Samsung
|
|
|
MySwisscomAssistant
|
CVE-2018-6765, CVE-2018-6766
|
|
Fitbit
|
CVE-2017-14485
|
|
Symantec
|
CVE-2017-6329
|
|
Trend Micro
|
|
|
Synology
|
CVE-2017-11158, CVE-2017-11160, CVE-2017-11157
|
|
IDM Computer Solutions' UltraEdit
|
CVE-2017-12580
|
|
Zoho Docs
|
CVE-2017-14584
|
|
Ethereum
|
FG-VD-17-066, FG-VD-17-133
|
|
F-Secure
|
|
|
TorGuard
|
|
|
BinUtils
|
|
|
Yandex Disk
|
|
|
Citrix
|
|
|
Trend Micro's RUBotted
|
|
|
Blackberry
|
|
|
Uber
|
|
|
QIWI
|
FG-VD-17-128, FG-VD-17-129, FG-VD-17-130
|
|
Naver.com
|
CVE-2017-15913, CVE-2018-12449
|
|
DJI
|
FG-VD-17-158, FG-VD-17-159, FG-VD-17-160, FG-VD-17-161, FG-VD-17-162
|
|
Alibaba
|
FG-VD-17-048, FG-VD-17-049, FG-VD-17-050, FG-VD-17-051, FG-VD-17-052, FG-VD-17-053
|
|
Tencent
|
FG-VD-17-054, FG-VD-17-055, FG-VD-17-056, FG-VD-17-057
|
|
Spotify
|
FG-VD-17-059
|
|
Facebook
|
FG-VD-17-060, FG-VD-17-193, FG-VD-17-208
|
|
Razor
|
FG-VD-17-086, FG-VD-17-087, FG-VD-17-088
|
|
Mail.ru
|
FG-VD-17-115
|
|
Xiaomi
|
FG-VD-17-118
|
|
Avast
|
FG-VD-17-148, FG-VD-17-149, FG-VD-17-150, FG-VD-17-151
|
|
Atlassian
|
FG-VD-17-171, FG-VD-17-172, FG-VD-17-173, FG-VD-17-174, FG-VD-17-175, FG-VD-17-176, FG-VD-17-177
|
|
HackerOne
|
FG-VD-17-192
|
|
Ubiquiti Networks
|
FG-VD-17-199
|
|
Line Corporation
|
FG-VD-17-200
|
|
Hancom Office
|
FG-VD-17-201, FG-VD-17-202, FG-VD-17-203, FG-VD-17-204
|
|
Slack
|
FG-VD-17-206
|
Add multiple feature items, set different icons or images for each feature and also give custom links if needed.
Choose your style from three different layouts and two unique icon background shapes.
Show a connector line between each icon, changes its color and style to fit your unique design.
Easily customize every aspect of your list from widget styles but also you can give custom colors to each item as well.
Easily customize every aspect of your list from widget styles but also you can give custom colors to each item as well.
Kept in sent gave feel will oh it we. Has pleasure procured men laughing shutters nay. Old insipidity motionless continuing law shy partiality. Depending acuteness dependent eat use dejection.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur laoreet cursus volutpat. Aliquam sit amet ligula et justo tincidunt laoreet non vitae lorem. Aliquam porttitor tellus enim, eget commodo augue porta ut. Maecenas lobortis ligula vel tellus sagittis ullamcorperv vestibulum pellentesque cursutu.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur laoreet cursus volutpat. Aliquam sit amet ligula et justo tincidunt laoreet non vitae lorem. Aliquam porttitor tellus enim, eget commodo augue porta ut. Maecenas lobortis ligula vel tellus sagittis ullamcorperv vestibulum pellentesque cursutu.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur laoreet cursus volutpat. Aliquam sit amet ligula et justo tincidunt laoreet non vitae lorem. Aliquam porttitor tellus enim, eget commodo augue porta ut. Maecenas lobortis ligula vel tellus sagittis ullamcorperv vestibulum pellentesque cursutu.
kushal89.shah@gmail.com
Sunnyvale, California
