About me

Hi, I am Swetha, a cybersecurity engineer. I spend my days weaving together penetration testing, red teaming, cloud security, and IAM design. For me, every log feels like a clue, every vulnerability a plot twist, and every solution a way to close the story with a stronger, smarter ending.

I see cybersecurity as a story,once I step into it with every engagement, starting with reconnaissance, tracing the outlines of a system like the opening chapter of a mystery. Scanning follows, the plot thickening as hidden entry points reveal themselves. Then comes exploitation and post-exploitation, where theory meets action and each move rewrites the narrative. Finally, reporting closes the loop, turning raw findings into a roadmap for stronger defenses.

Somewhere in between the lines, you will usually find me with a cup of coffee in hand, chasing focus. And when the story winds down, biryani is home; it is the comfort that reminds me why I do what I do.

What i'm doing

  • Penetration Testing

    Full-Cycle Assessments • Exploit Chains • Vulnerability Scoping • Actionable Reporting

  • Red Teaming

    Adversary Emulation • Attack Simulation • Defense Evasion • Security Posture Validation

  • Cloud Security & IAM

    Secure Architecture • IAM Policy Design • Cloud Hardening • Access Governance

  • Incident Response

    Log Analysis • Threat Containment • Root Cause Analysis • Strategic Mitigation

Currently Hacking

HackTheBox

Pwning boxes & sharpening offensive skills

OSEP Prep

Advanced evasion techniques & C2 frameworks

Cloud Pentesting

AWS/Azure attack paths & misconfigurations

Malware Analysis

Reverse engineering & threat research

🛠️ Tools Arsenal

Burp Suite
Metasploit
Nmap
Wireshark
Nessus
Splunk
Cobalt Strike
BloodHound
Ghidra
AWS
Docker
Kali Linux

📚 Recommended Resources

Book

The Web Application Hacker's Handbook

Dafydd Stuttard & Marcus Pinto

The bible for web app pentesting. Still relevant after all these years.

Book

Red Team Field Manual (RTFM)

Ben Clark

Essential quick reference for commands and techniques during engagements.

Course

PEN-200 (OSCP)

Offensive Security

The gold standard for proving hands-on pentesting skills. Worth every hour.

Platform

HackTheBox

hackthebox.com

Best platform for practicing real-world attack scenarios. Pro Labs are amazing.

Book

Practical Malware Analysis

Michael Sikorski & Andrew Honig

Essential for understanding how malware works. Great for blue & red teamers.

Course

AWS Security Specialty

Amazon Web Services

Deep dive into cloud security. A must for anyone doing cloud pentesting.

Resume

Education

  1. University of Maryland, College Park

    August 2023 — May 2025

    Master of Engineering in Cybersecurity [Minor: Cloud Engineering]

Experience

  1. Cybersecurity Analyst, Community Dreams Foundation

    September 2025 - Present
    • Executed web application penetration tests (Burp Suite, Nessus), identifying and documenting complex exploit chains for SQLi and XSS vulnerabilities
    • Conducted post-breach analysis from an offensive perspective, re-creating attacker exploit chains to identify failed security controls and gaps in WAF/IDS configurations
    • Executed penetration tests based on ISO 27001 & PCI-DSS control families, demonstrating real-world exploitability of access control gaps

  2. Security Operations Center Analyst, University of Maryland Police Department

    December 2024 - May 2025
    • Validated and improved SIEM detection logic by 30% by executing known TTPs using Metasploit and PowerSploit against a live lab to test Active Directory lateral movement detection
    • Authored adversary emulation plans based on MITRE ATT&CK to test SOC response and Tines (SOAR) playbook effectiveness
    • Collaborated with SOC analysts to hunt for APTs, applying an attacker's perspective to log correlation (Active Directory, Wireshark) to uncover hidden attack chains

  3. Project Engineer – Cybersecurity Specialist, Wipro Technologies

    September 2022 - August 2023
    • Simulated adversary activity against AWS cloud infrastructure (targeting GuardDuty, Security Hub) to validate cloud detection capabilities
    • Conducted penetration tests on live AWS environments, identifying critical data exposure risks via misconfigured S3 buckets and EC2 instances

  4. Security Engineer, Ignited Sparks

    July 2020 - December 2021
    • Executed web application penetration tests (Burp Suite, Nessus), documenting complex exploit chains for SQLi and XSS
    • Conducted post-breach analysis, re-creating attacker exploit chains to identify failed security controls and WAF/IDS rule gaps
    • Executed penetration tests based on ISO 27001 & PCI-DSS control families

Skills

Languages & Scripting

Python Bash SQL JavaScript PowerShell

Security Tools

Burp Suite Metasploit Nessus Wireshark Splunk Nmap

Security Domains

Penetration Testing Red Teaming Incident Response Threat Intelligence Network Security Cloud Security

Cloud & Infrastructure

AWS IAM Docker Kubernetes Active Directory

Platforms & Tools

Linux Windows SIEM SOAR Git VS Code

Certifications & Achievements

Writeups & Research

More writeups in progress. Follow my journey on GitHub for updates.