Ranjan Kathuria
My name is Ranjan Kathuria, and I am currently a Staff Cloud Security Engineer / Cloud Security Architect at Rubrik, a recognized leader in Data Backup and Data Security. Based in San Francisco, I lead Rubrik’s cloud security program, drawing on nearly a decade of experience in the information security field. I have served as a founding security engineer twice, building security programs from the ground up, and I am passionate about advancing the industry through both hands-on engineering and research. My achievements include being ranked as the #1 security researcher for Hubspot and Quora’s Bug Bounty programs, and I am the inventor on a pending patent for efficient vulnerability analysis over backups – https://patents.google.com/patent/US20230376605A1/en
I also have had past experience in presenting my work with AWS some years back – https://www.youtube.com/watch?v=Bd4pTqAuvBQ
Session
This talk presents a scalable framework for deploying an enterprise Private Certificate Authority (CA) using OpenSSL and cloud-based HSMs. We explore a solution that centralizes certificate lifecycle management—including issuance, monitoring, and automated expiry alerts—while enforcing security through offline key generation with OpenSSL (RSA-2048) and hardware-grade protection via AWS CloudHSM. The design eliminates direct key exposure by leveraging FIPS 140-2 Level 3-validated HSMs and enables self-service workflows with minimal manual intervention. Attendees will learn practical strategies for balancing security, automation, and usability in PKI deployments.