About me

Every system has a story!

I am a cybersecurity engineer who turns obstacles into opportunities. My days are spent weaving together penetration testing, red teaming, cloud security, and IAM design. For me, every log is a clue, every vulnerability a plot twist, and every solution a way to close the story with stronger, smarter defenses.

I see cybersecurity as a story, one I step into with every engagement, starting with reconnaissance, tracing the outlines of a system like the opening chapter of a mystery. Scanning follows, the plot thickening as hidden entry points reveal themselves. Then comes exploitation and post-exploitation, where theory meets action and each move rewrites the narrative. Finally, reporting closes the loop, turning raw findings into a roadmap for stronger defenses.

Somewhere between the lines, you'll usually find me with a cup of coffee in hand, chasing focus. And when the mission's accomplished, biryani is home, the comfort that reminds me why I do what I do.

What I'm Doing

  • Penetration Testing

    Full-Cycle Assessments • Exploit Chains • Vulnerability Scoping • Actionable Reporting

  • Red Teaming

    Adversary Emulation • Attack Simulation • Defense Evasion • Security Posture Validation

  • Cloud Security & IAM

    Secure Architecture • IAM Policy Design • Cloud Hardening • Access Governance

  • Incident Response

    Log Analysis • Threat Containment • Root Cause Analysis • Strategic Mitigation

Currently Hacking

HackTheBox

Pwning boxes & sharpening offensive skills

OSEP Prep

Advanced evasion techniques & C2 frameworks

Cloud Pentesting

AWS/Azure attack paths & misconfigurations

Malware Analysis

Reverse engineering & threat research

🛠️ Tools Arsenal

Burp Suite
Metasploit
Nmap
Wireshark
Nessus
Splunk
Cobalt Strike
BloodHound
Ghidra
AWS
Docker
Kali Linux

Resume

Education

  1. University of Maryland, College Park

    August 2023 — May 2025

    Master of Engineering in Cybersecurity [Minor: Cloud Engineering]

Experience

  1. Offensive Security Engineer, YSecurity.io

    February 2026 — Present
    • Execute enterprise penetration testing and offensive security assessments for Augment Code's AI-powered development platform, identifying critical vulnerabilities in API security, authentication mechanisms, cloud infrastructure, and AI model endpoints through threat modeling and exploitation techniques
    • Conduct comprehensive security assessments across multi-client environments including network penetration testing, Active Directory exploitation, threat hunting, and incident response while supporting SOC 2 and ISO 27001 compliance through vulnerability management and GRC platform operations
    • Integrate security into client DevSecOps pipelines through SAST/DAST tool deployment, CI/CD security scanning, secure code reviews, and risk-based vulnerability prioritization using CVSS, EPSS, and threat intelligence feeds

  2. Cybersecurity Analyst, Community Dreams Foundation

    September 2025 — Present
    • Execute hands-on web application penetration tests using Burp Suite and OWASP ZAP, discovering and chaining SQLi, XSS, IDOR, and authentication bypass vulnerabilities to demonstrate real-world exploit scenarios for non-profit organizations
    • Perform post-breach forensic analysis and incident reconstruction, reverse-engineering attacker TTPs to identify security control failures, WAF/IDS evasion techniques, and lateral movement paths used in actual compromise scenarios
    • Conduct compliance-driven penetration testing aligned with PCI-DSS requirements and ISO 27001 control families, validating access control implementations, network segmentation, and data protection mechanisms through offensive testing methodologies

  3. Security Operations Center Analyst, University of Maryland Police Department

    December 2024 — May 2025
    • Validated and improved SIEM detection logic by 30% by executing known TTPs using Metasploit and PowerSploit against a live lab to test Active Directory lateral movement detection
    • Authored adversary emulation plans based on MITRE ATT&CK to test SOC response and Tines (SOAR) playbook effectiveness
    • Collaborated with SOC analysts to hunt for APTs, applying an attacker's perspective to log correlation (Active Directory, Wireshark) to uncover hidden attack chains

  4. Project Engineer — Cybersecurity Specialist, Wipro Technologies

    September 2022 — August 2023
    • Simulated adversary activity against AWS cloud infrastructure (targeting GuardDuty, Security Hub) to validate cloud detection capabilities
    • Conducted penetration tests on live AWS environments, identifying critical data exposure risks via misconfigured S3 buckets and EC2 instances

  5. Security Engineer, Ignited Sparks

    July 2020 — December 2021
    • Executed web application penetration tests (Burp Suite, Nessus), documenting complex exploit chains for SQLi and XSS
    • Conducted post-breach analysis, re-creating attacker exploit chains to identify failed security controls and WAF/IDS rule gaps
    • Executed penetration tests based on ISO 27001 & PCI-DSS control families

Skills

Languages & Scripting

Python Bash SQL JavaScript PowerShell

Security Tools

Burp Suite Metasploit Nessus Wireshark Splunk Nmap

Security Domains

Penetration Testing Red Teaming Incident Response Threat Intelligence Network Security Cloud Security

Cloud & Infrastructure

AWS IAM Docker Kubernetes Active Directory

Platforms & Tools

Linux Windows SIEM SOAR Git VS Code

Certifications & Achievements

Writeups & Research

More writeups in progress. Follow my journey on GitHub for updates.