Xiarch
Utsav Mittal
CEO & Founder · Xiarch Solutions
CERT-In Empanelled MeitY Empanelled Youngest CISSP at Age 21 18+ Years Experience 3,000+ Investigations Purdue CERIAS Alumni IIT Delhi SIMAP Pegasus Expert — Economic Times CHIPS Raipur Lead Investigator Filehound — 300+ US Agencies ISC² Delhi Chapter Founder 2,000+ ISC² Members Quantum Cryptography Speaker ORF Policy Author Techno-Legal Expert Offices in Noida · Delhi · Mumbai · Chicago Global Reach — 12 Countries · 5 Continents MS Purdue USA · CISSP CERT-In Empanelled MeitY Empanelled Youngest CISSP at Age 21 18+ Years Experience 3,000+ Investigations Purdue CERIAS Alumni IIT Delhi SIMAP Pegasus Expert — Economic Times CHIPS Raipur Lead Investigator Filehound — 300+ US Agencies ISC² Delhi Chapter Founder 2,000+ ISC² Members Quantum Cryptography Speaker ORF Policy Author Techno-Legal Expert Offices in Noida · Delhi · Mumbai · Chicago Global Reach — 12 Countries · 5 Continents
🛡️ CEO & Founder · Xiarch Bharat

Where Technology
Meets Law

Truth is proven in bytes.

India's foremost cyber security authority — 18+ years in digital forensics, critical infrastructure, threat intelligence, and techno-legal advisory. Youngest CISSP in India at age 21. Trusted by governments, armed forces, and law enforcement worldwide.

Notable Cases → Engage Utsav
0
Years
Experience
0
Investigations
& Cases
0
Age at
CISSP
0
ISC²
Members
🏛️
CERT-In Empanelled
Govt. of India
🎓
Purdue CERIAS
MS InfoSec · USA
CERT-In · MeitY
Utsav Mittal
Utsav Mittal
CEO & Founder, Xiarch Bharat
CISSP CEH CISA Purdue CERIAS IIT Delhi
About Utsav

A Legacy Built at the
Intersection of Cyber & Justice

Utsav Mittal is one of India's most distinguished cyber security professionals, having dedicated over 18 years to protecting critical infrastructure, investigating high-profile cybercrime, and shaping the nation's cyber policy landscape. He holds the distinction of becoming India's youngest CISSP at age 21 — a milestone that set the tone for a career of consistent excellence.

He pursued his Master's in Information Security at Purdue University's CERIAS — one of the world's top cyber security research centers, led by Prof. Eugene Spafford, a member of the White House Cybersecurity Advisory Committee. This foundation in research-led practice has informed every engagement he has led since.

Utsav founded Xiarch Solutions, which today is empanelled by both CERT-In and MeitY — India's highest government bodies for cyber security. Xiarch serves banking, defence, telecom, power sector, and critical infrastructure clients across India and internationally. He also completed the IIT Delhi SIMAP executive programme, deepening his leadership and public policy expertise.

Beyond investigations, Utsav serves as a techno-legal expert, contributing to government policy through platforms like the Observer Research Foundation (ORF). He is the Founder of the ISC² New Delhi Chapter, which today boasts over 2,000 members — the largest chapter in South Asia.

🔐
CISSP
(ISC)² · Age 21
🎯
CEH
EC-Council
📋
CISA
Certified IS Auditor
🏛️
CERT-In Empanelled
Govt. of India
🇮🇳
MeitY Empanelled
Ministry of Electronics & IT
18+
Years in Cyber Security
21
Age at CISSP — Youngest in India
3,000+
Investigations & Forensic Cases
2,000+
ISC² Delhi Chapter Members
CERT-In · MeitY · Purdue CERIAS · IIT Delhi
Institutional Affiliations
ISC² Founder CERIAS Alumni CERT-In DSCI NASSCOM OWASP ACM/SIGSAC ORF Author CII FICCI
Career Journey

Two Decades of
Building Cyber Excellence

2006 – 2007
Security Analyst
NSS Technologies, New Delhi
Began career conducting vulnerability assessments, network security audits, and penetration tests for enterprise clients. Built foundational expertise in offensive security techniques.
VAPTNetwork SecurityPen Testing
2007 – 2008
Security Consultant
AKS Information Technology, New Delhi
Delivered cyber security consulting and incident response. Achieved CISSP at age 21 — making him the youngest CISSP holder in India.
CISSP at 21Incident ResponseConsulting
2008 – 2010
MS Information Security
Purdue University · CERIAS, West Lafayette, USA
Graduate studies at CERIAS — ranked among the world's top cyber security research institutions, founded by Prof. Eugene Spafford (White House Cybersecurity Advisory Committee). Researched network forensics and critical infrastructure protection.
CERIASResearchNetwork ForensicsCritical Infra
2009 · During Purdue
Security Research Intern
Cigital Inc., USA
Application security research and software security assessments at one of the US's leading AppSec firms — bridging academic research with enterprise security.
AppSecSoftware SecurityResearch
2010 – 2015
Principal Consultant & Co-Founder
Xiarch Solutions, New Delhi
Co-founded Xiarch and built it into a premier consultancy. Led VAPT, red team, forensics, and compliance for banking, telecom, and government. Secured CERT-In and MeitY empanelment.
Co-FounderCERT-InRed TeamForensics
2015 – Present
CEO & Founder
Xiarch Bharat · New Delhi, India
Leads Xiarch as CEO across India and internationally. Landmark cases include Pegasus forensics (Economic Times), CHIPS-Raipur, Filehound (300+ US agencies), Indian Navy IFR-2017, EY Gulf G-SOC, and India's largest power company SCADA audit. Founded ISC² Delhi Chapter (2,000+ members). IIT Delhi SIMAP alumnus.
CEOPegasus ExpertISC² FounderIIT DelhiGlobal
Core Expertise

Comprehensive Cyber Security
Capabilities

From offensive security to regulatory compliance — Xiarch delivers end-to-end protection across the most demanding sectors.

🎯
Vulnerability Assessment & Penetration Testing
Comprehensive VAPT across web applications, mobile apps, network infrastructure, APIs, and cloud environments. CERT-In and MeitY empanelled for government and regulated sector engagements.
Web AppSecNetworkMobileAPICloud
🔴
Red Team & Adversary Simulation
Advanced persistent threat (APT) simulation, social engineering, physical security bypass, and full-scope red team operations that go far beyond standard penetration testing.
APT SimulationSocial Eng.PhysicalFull-Scope
🔬
Digital Forensics & Cyber Investigations
Court-admissible digital evidence collection, malware forensics, mobile/disk/network forensics, and techno-legal expert witness services. 3,000+ investigations completed.
MalwareMobile ForensicsLegal ExpertChain of Custody
📜
Regulatory Compliance & Audits
Compliance frameworks for RBI, SEBI, UIDAI, IRDA, TRAI, PCI-DSS, ISO 27001, SOC 2, GDPR, PDPB, and IT Act. Empanelled by CERT-In and MeitY for government sector work.
RBISEBIPCI-DSSISO 27001UIDAI
☁️
Cloud Security & Architecture
Cloud security assessments, secure cloud architecture design, DevSecOps pipeline integration, container security (Docker/Kubernetes), and cloud compliance audits for AWS, Azure, and GCP.
AWSAzureDevSecOpsContainers
SCADA / ICS / OT Security
Operational technology security assessments for power, oil & gas, manufacturing, and water treatment sectors. Led India's first comprehensive SCADA audit of a major power company.
Power SectorICSOT NetworksSCADA
🚨
Incident Response & Crisis Management
24/7 cyber incident response, breach containment, ransomware recovery, and post-incident forensic analysis. Designed and set up EY's Gulf region G-SOC operations centre.
24/7 IRRansomwareSOC SetupBreach Mgmt
🏗️
Secure Architecture & Design Review
Security-by-design principles applied at the architecture level. Threat modelling (STRIDE/PASTA), secure SDLC, zero trust architecture, and enterprise security framework design.
Threat ModellingZero TrustSecure SDLC
🎓
Training, Awareness & Capacity Building
Customised cyber security training programmes for C-suite, IT teams, law enforcement, and judiciary. Founder of ISC² New Delhi Chapter with 2,000+ members — the largest in South Asia.
C-SuiteLaw EnforcementJudiciaryISC²
Notable Cases

Landmark Investigations
& High-Profile Engagements

A track record of solving the most complex cyber cases — trusted by governments, courts, law enforcement, and international institutions.

Forensics · Spyware
Pegasus Spyware Forensic Investigation
Led technical forensic investigation into Pegasus spyware infections on high-profile Indian targets. Findings and expert analysis featured prominently in The Economic Times, establishing Utsav as India's leading independent Pegasus forensic authority.
📰 Economic Times Coverage · NSO Group Spyware
Cybercrime · Law Enforcement
CHIPS Raipur Cybercrime Investigation
Lead cyber security expert on the landmark CHIPS (Cyber Help & Intelligence for Police Services) initiative in Raipur, Chhattisgarh. Provided technical investigation, evidence collection, and forensic support for complex cybercrime cases involving organised criminal networks.
👮 Chhattisgarh Police · State Govt.
Intelligence Tool · USA
Filehound — 300+ US Law Enforcement Agencies
Developed and deployed Filehound, a digital intelligence and evidence management platform subsequently adopted by over 300 US law enforcement agencies. Represents Xiarch's international reach and technical product leadership in the forensic intelligence space.
🇺🇸 300+ US Law Enforcement Agencies
Defence · National Security
Indian Navy IFR-2017 Cyber Security
Appointed as Cyber Security Consultant for the Indian Navy's International Fleet Review (IFR) 2017, one of the largest naval exercises in the Indo-Pacific region. Secured critical communications and operational technology infrastructure for the event.
Indian Navy · Ministry of Defence
SOC · International
EY Gulf Region G-SOC Setup
Designed, architected, and operationalised Ernst & Young's Gulf Cooperation Council (GCC) Security Operations Centre (G-SOC). Established monitoring capabilities, playbooks, and incident response processes for EY's Middle East client base.
🏢 Ernst & Young · Gulf Cooperation Council
Critical Infrastructure
SCADA Audit — India's Largest Power Company
Conducted India's first comprehensive SCADA/ICS security audit for the country's largest power generation company. Identified critical vulnerabilities in operational technology networks and delivered a remediation roadmap that has since become a sector benchmark.
India's Largest Power Utility · SCADA/ICS
Speaker Profile

Keynotes, Conferences
& Executive Briefings

Utsav brings complex cyber security topics to life for boards, policymakers, law enforcement, and technical audiences at national and international forums.

🔒
Cyber Security & Digital Forensics
From first principles to cutting-edge investigation methodologies. Covers crime scene digital evidence, chain of custody, malware attribution, and the evolution of cyber threats in the Indian and global context.
Critical Infrastructure Protection
Nation-state threats to power grids, water systems, financial markets, and transportation networks. Draws on direct experience auditing India's power sector SCADA systems and international threat intelligence.
⚖️
Cyber Law, Policy & Governance
The evolving Indian and international cyber legal framework — IT Act, PDPB, cross-border evidence, jurisdictional challenges, and the role of techno-legal experts in courts and regulatory proceedings.
🤖
AI & LLM Security Risks
Adversarial machine learning, prompt injection, data poisoning, model theft, and the emerging threat landscape for AI-powered enterprise systems. Practical guidance for boards and CISOs on governing AI securely.
⚛️
Signature Keynote
Quantum Cryptography: The Coming Security Revolution
A deep technical and policy exploration of how quantum computing will break current encryption standards and how organisations and governments must prepare. Covers post-quantum cryptography standards (NIST PQC), quantum key distribution (QKD), harvest-now-decrypt-later attacks, and India's quantum readiness. One of the very few experts in India offering both technical depth and policy context on this subject.
Research & Thought Leadership

Advancing the Frontiers
of Cyber Security Knowledge

Active researcher and policy contributor, with publications through ORF and engagements with CERT-In, MeitY, and international cyber security bodies.

🏭
Critical Infrastructure Protection
Research on securing SCADA/ICS/OT environments, smart grid vulnerabilities, cross-sector cascading failure risks, and national cyber resilience frameworks for essential services.
SCADAPower GridSmart GridOT Security
🤖
AI / LLM Security
Investigating adversarial attacks on large language models, generative AI risks in enterprise environments, AI-driven threat detection evasion, and governance frameworks for responsible AI deployment.
Adversarial MLPrompt InjectionAI Governance
⚛️
Quantum Cryptography
Post-quantum cryptography migration strategies, quantum key distribution implementation challenges, and policy recommendations for India's preparedness against quantum-capable adversaries.
Post-QuantumQKDNIST PQC
📡
GSM & Wireless Security
Vulnerabilities in GSM/4G/5G mobile networks, IMSI catchers, SS7 protocol weaknesses, and the security implications for national telecommunications infrastructure and law enforcement.
GSMSS75G SecurityIMSI
🏛️
Cyber Public Policy
Policy research and contributions on India's national cyber security strategy, digital sovereignty, international cyber norms, PDPB implementation, and the regulation of surveillance technologies like Pegasus.
ORFPDPBCyber NormsPolicy
⚖️
Digital Forensics & Cyber Jurisprudence
Advancing the admissibility of digital evidence in Indian courts, standardisation of forensic methodologies, and the development of techno-legal frameworks for emerging cyber crimes including deepfakes and AI-generated content.
Evidence LawDeepfakesJurisprudence
"
Where technology meets law —
truth is proven in bytes.
"
— Utsav Mittal, CEO & Founder, Xiarch Bharat
Proven Impact

Numbers That Define
a Career of Excellence

18+
Years of Excellence
Active since 2006
3,000+
Investigations & Cases
Forensic & cyber incidents
300+
US Law Enforcement Agencies
Filehound platform
12
Countries Served
5 Continents · 4 Offices
Clients & Partners

Trusted by Governments,
Banks & Global Enterprises

Banking & Financial Services
Bank of Baroda Bank of Baroda
Canara Bank Canara Bank
Yes Bank Yes Bank
PhonePe PhonePe
Government, Defence & Law Enforcement
Indian Army Indian Army
Indian Navy Indian Navy
Indian Air Force Indian Air Force
DRDO DRDO
Delhi Police Delhi Police
Energy & Infrastructure
GAIL GAIL India
NTPC NTPC Limited
Schneider Electric Schneider Electric
Professional Services & Technology
Ernst & Young Ernst & Young
Deloitte Deloitte
PwC PricewaterhouseCoopers
Tally Solutions Tally Solutions
Airtel Bharti Airtel
Press & Media

Featured In & Cited By

Recognised as India's foremost independent authority on Pegasus spyware, quantum cryptography, and critical infrastructure security — cited and engaged by national and international media, government bodies, and institutions.

The Economic Times
Pegasus Expert Analysis
Observer Research Foundation
Cyber Policy Author
CERT-In / MeitY
Government Empanelled
Ministry of Defence
Indian Navy IFR-2017
Ernst & Young
Gulf G-SOC Architecture
"
Utsav Mittal's forensic analysis of the Pegasus spyware infections stands as the most technically rigorous independent investigation conducted in India. His findings provided the definitive technical evidence base, establishing him as the nation's leading independent authority on mobile spyware forensics.
The Economic Times
Pegasus Spyware Investigation Coverage · National Media
"
As a contributor to ORF's cyber policy discourse, Utsav brings a rare combination of deep technical expertise and policy acumen. His research on quantum cryptography preparedness and critical infrastructure protection has been widely cited in government advisory circles and international forums.
Observer Research Foundation (ORF)
Cyber Policy & Research Contributions · Think Tank
Education & Credentials

Academic Excellence at
the World's Best Institutions

P PURDUE UNIVERSITY
Master of Science · Information Security
Purdue University · CERIAS
Center for Education and Research in Information Assurance and Security — one of the world's foremost cyber security research institutions, founded by Prof. Eugene Spafford (White House Cybersecurity Advisory Committee). Conducted research in network forensics, malware analysis, and critical infrastructure protection.
2008 – 2010 · West Lafayette, USA
🏛️
Executive Programme · Strategic Management
IIT Delhi · SIMAP
Strategic Information Management and Policy (SIMAP) executive programme at the Indian Institute of Technology Delhi — India's premier technology institution. Focused on cyber policy, strategic leadership, and the governance of technology in national security contexts.
Executive Programme · New Delhi
💻
Bachelor of Engineering · Computer Science
Apeejay College of Engineering
Foundation in computer science, networking, and software engineering. Built core technical competencies that formed the basis of a career in offensive security and digital forensics. Achieved CISSP certification at age 21 while establishing early-career expertise.
B.E. CSE · Gurgaon
Professional Memberships

Leadership in the
Global Security Community

🏆
(ISC)² New Delhi Chapter
Founder — 2,000+ Members
🎓
Purdue CERIAS
Alumni — MS InfoSec
🇮🇳
CERT-In
Empanelled Security Auditor
📡
MeitY
Empanelled Organisation
📊
DSCI
Data Security Council of India
💻
NASSCOM
Member Organisation
🔓
OWASP
Active Contributor
🎯
ACM SIGSAC
Special Interest Group — Security
📰
Observer Research Foundation
Policy Author & Contributor
🏭
CII
Confederation of Indian Industry
🌐
FICCI
Technology Committee
⚖️
Techno-Legal Expert
Court-Appointed Expert Witness
Why Xiarch

The Standard Others
Are Measured Against

🏛️
Government Empanelled
CERT-In and MeitY empanelment means Xiarch meets India's highest government standards for cyber security — mandatory for regulated sectors.
🔬
Research-Led Practice
Rooted in Purdue CERIAS research methodology, every engagement is driven by deep technical intelligence rather than checkbox compliance.
⚖️
Techno-Legal Expertise
Rare combination of deep technical capability and legal expertise — our evidence holds up in court, our reports stand scrutiny by regulators.
🌍
International Track Record
EY Gulf G-SOC, Filehound (USA), Indian Navy IFR, and a global client base. Xiarch's standards are tested internationally, not just domestically.
🎯
Sector Depth
18+ years across banking, defence, telecom, power, healthcare, and government means we understand sector-specific risk unlike generalist firms.
🚨
Crisis-Tested
Pegasus, CHIPS Raipur, Indian Navy — when critical incidents happen at the highest levels, Utsav is the expert called upon.
📡
Threat Intelligence
Continuous threat intelligence from 18+ years of investigations, government relationships, CERT-In network, and international partnerships.
🤝
Community Leadership
Founder of India's largest ISC² chapter (2,000+ members). Active in DSCI, NASSCOM, CII, and FICCI — giving clients access to the wider security ecosystem.
Client Testimonials

What India's Leaders
Say About Utsav Mittal

Trusted by CISOs, government officials, senior editors, and conference chairs — hear from those who have engaged Utsav and Xiarch directly.

"
Utsav Mittal's team at Xiarch conducted the most thorough penetration testing we have ever commissioned. Their CERT-In empanelled status gave us full regulatory confidence, and the depth of findings exceeded every previous assessment. Within six months of remediation, we passed our RBI audit without a single critical observation.
🏦
CISO, Leading Private Sector Bank
Mumbai, India · Banking & Financial Services
"
When the Pegasus incident required independent forensic validation, there was only one name — Utsav Mittal. His technical rigour, chain of custody expertise, and ability to communicate complex findings clearly to non-technical leadership made him the ideal expert. His integrity is unimpeachable.
📰
Senior Editor, National Publication
New Delhi · Investigative Journalism
"
Xiarch's SCADA security assessment revealed critical vulnerabilities in our OT infrastructure that no previous auditor had identified. Utsav's understanding of operational technology environments — power grids, SCADA protocols, IT/OT convergence risks — is genuinely world-class. Our remediation roadmap has since been adopted as a sector benchmark.
Head of IT Security, Power Utility
India · Energy & Critical Infrastructure
"
Utsav's keynote on quantum cryptography at our annual CISO summit was unlike any presentation I have witnessed. He made post-quantum migration tangible and urgent for a room of 200 senior executives. Several CISOs told me it was the single most valuable session in four years. He is a genuinely rare talent in India.
🎤
Conference Chair, Major Cyber Security Forum
India · Professional Events & Leadership
Global Reach

Delivering Cyber Security
Across 12 Countries

From India's defence establishments to US law enforcement, Gulf SOCs to Asia-Pacific — Xiarch's expertise transcends borders.

Canada United States Italy UAE India ★ Bangladesh Africa Singapore Indonesia Fiji Australia New Zealand
HQ / Primary
Major Presence
Active Engagement
12
Countries
5
Continents
4
Offices
300+
US Agencies (Filehound)
Noida · Delhi
Mumbai · Chicago
Office Locations
Get in Touch

Engage Utsav Mittal
& Xiarch Solutions

📞
Phone / WhatsApp
+91-98108-74431
📠
Fax
0124-4293675
✉️
Email
utsav@xiarch.com
 🌐
Company Website
www.xiarch.com
📍
Registered Office
A 403/404, Squaredge, Sohna Road, Sec-47, Gurgaon 122018
🏢
Offices
Noida  ·  Delhi  ·  Mumbai  ·  Chicago (USA)
💼
LinkedIn
linkedin.com/in/utsavmittal
 🐦
Twitter / X
@utsav_mittal
Ready to Secure Your Organisation?
Whether you need a VAPT, a forensic investigation, a regulatory compliance audit, incident response, or a keynote speaker on cyber security — Utsav Mittal and Xiarch Solutions are ready to engage. Trusted by India's largest banks, defence establishments, and government bodies.
CERT-In Empanelled MeitY Empanelled CISSP · CEH · CISA Purdue CERIAS IIT Delhi 3,000+ Cases
Send an Enquiry →
Send a Direct Enquiry
Fill in the form below and we'll respond within 24 hours. For urgent matters, call +91-98108-74431.
✅  Thank you! Your enquiry has been received. We will respond within 24 hours. For urgent matters, call +91-98108-74431 or email utsav@xiarch.com.
🤖 Ask about Utsav Mittal
Hi! I'm an AI assistant. Ask me anything about Utsav Mittal — his experience, notable cases, certifications, services, or how to get in touch.
🔇 Click for ambient music