About me

Every system has a story!

I am a cybersecurity engineer who turns obstacles into opportunities. My days are spent weaving together penetration testing, red teaming, cloud security, and IAM design. For me, every log is a clue, every vulnerability a plot twist, and every solution a way to close the story with stronger, smarter defenses.

I see cybersecurity as a story, one I step into with every engagement, starting with reconnaissance, tracing the outlines of a system like the opening chapter of a mystery. Scanning follows, the plot thickening as hidden entry points reveal themselves. Then comes exploitation and post-exploitation, where theory meets action and each move rewrites the narrative. Finally, reporting closes the loop, turning raw findings into a roadmap for stronger defenses.

Somewhere between the lines, you'll usually find me with a cup of coffee in hand, chasing focus. And when the mission's accomplished, biryani is home, the comfort that reminds me why I do what I do.

What I'm Doing

  • Penetration Testing

    Full-Cycle Assessments • Exploit Chains • Vulnerability Scoping • Actionable Reporting

  • Red Teaming

    Adversary Emulation • Attack Simulation • Defense Evasion • Security Posture Validation

  • Cloud Security & IAM

    Secure Architecture • IAM Policy Design • Cloud Hardening • Access Governance

  • Incident Response

    Log Analysis • Threat Containment • Root Cause Analysis • Strategic Mitigation

Ready to Deliver (Day 1)

Web App Pentesting

Burp Suite • OWASP Top 10 • API Security

IAM & SSO Solutions

Okta • Workflow Automations • Access Reviews

Endpoint Security

CrowdStrike • Jamf • Addigy • MDM

Compliance Support

SOC 2 • ISO 27001 • GRC Operations

Active Directory Security

Attack Simulations • Hardening • BloodHound

Cloud Security

AWS/Azure Pentesting • IAM Design

Currently Hacking

HackTheBox

Pwning boxes & sharpening offensive skills

OSEP Prep

Advanced evasion techniques & C2 frameworks

Cloud Pentesting

AWS/Azure attack paths & misconfigurations

Malware Analysis

Reverse engineering & threat research

🛠️ Tools Arsenal

Burp Suite
Metasploit
Nmap
Wireshark
Nessus
Splunk
Cobalt Strike
BloodHound
Ghidra
AWS
Docker
Kali Linux

Resume

Education

  1. University of Maryland, College Park

    August 2023 — May 2025

    Master of Engineering in Cybersecurity [Minor: Cloud Engineering]

Experience

  1. Security Engineer, YSecurity.io

    February 2026 — Present
    • Architected and deployed enterprise identity and access management solutions using Okta SSO integrations, designing Okta Workflows for automated user provisioning, access reviews, and security policy enforcement across multi-client SaaS environments
    • Implemented endpoint security and device management infrastructure using CrowdStrike Falcon for threat detection, Traceforce for compliance automation, and MDM platforms (Jamf, Addigy) for macOS fleet management and security posture hardening
    • Execute penetration testing and security assessments across multi-client environments including network pentesting, Active Directory exploitation, and threat hunting while supporting SOC 2 and ISO 27001 compliance through vulnerability management and GRC operations
    • Integrate security into client DevSecOps pipelines through SAST/DAST tool deployment, CI/CD security scanning, and risk-based vulnerability prioritization using CVSS and threat intelligence feeds

  2. Cybersecurity Analyst, Community Dreams Foundation

    September 2025 — Present
    • Execute hands-on web application penetration tests using Burp Suite and OWASP ZAP, discovering and chaining SQLi, XSS, IDOR, and authentication bypass vulnerabilities to demonstrate real-world exploit scenarios for non-profit organizations
    • Perform post-breach forensic analysis and incident reconstruction, reverse-engineering attacker TTPs to identify security control failures, WAF/IDS evasion techniques, and lateral movement paths used in actual compromise scenarios
    • Conduct compliance-driven penetration testing aligned with PCI-DSS requirements and ISO 27001 control families, validating access control implementations, network segmentation, and data protection mechanisms through offensive testing methodologies

  3. Security Operations Center Analyst, University of Maryland Police Department

    December 2024 — May 2025
    • Validated and improved SIEM detection logic by 30% by executing known TTPs using Metasploit and PowerSploit against a live lab to test Active Directory lateral movement detection
    • Authored adversary emulation plans based on MITRE ATT&CK to test SOC response and Tines (SOAR) playbook effectiveness
    • Collaborated with SOC analysts to hunt for APTs, applying an attacker's perspective to log correlation (Active Directory, Wireshark) to uncover hidden attack chains

  4. Project Engineer — Cybersecurity Specialist, Wipro Technologies

    September 2022 — August 2023
    • Simulated adversary activity against AWS cloud infrastructure (targeting GuardDuty, Security Hub) to validate cloud detection capabilities
    • Conducted penetration tests on live AWS environments, identifying critical data exposure risks via misconfigured S3 buckets and EC2 instances

  5. Security Engineer, Ignited Sparks

    July 2020 — December 2021
    • Executed web application penetration tests (Burp Suite, Nessus), documenting complex exploit chains for SQLi and XSS
    • Conducted post-breach analysis, re-creating attacker exploit chains to identify failed security controls and WAF/IDS rule gaps
    • Executed penetration tests based on ISO 27001 & PCI-DSS control families

Skills

Languages & Scripting

Python Bash SQL JavaScript PowerShell

Security Tools

Burp Suite Metasploit Nessus Wireshark Splunk Nmap

Security Domains

Penetration Testing Red Teaming Incident Response Threat Intelligence Network Security Cloud Security

Cloud & Infrastructure

AWS IAM Docker Kubernetes Active Directory

Platforms & Tools

Linux Windows SIEM SOAR Git VS Code

Certifications & Achievements

Writeups & Research

More writeups in progress. Follow my journey on GitHub for updates.