Resume

MS, Security Informatics

BE, Computer Science and Engineering

• Implemented a comprehensive Security Maturity Framework, enabling unified visibility into the security posture through streamlined controls and intuitive dashboards; significantly enhanced overall security oversight and operational efficiency
• Executed a strategic risk reduction initiative through meticulous planning and cross-functional collaboration across multiple organizations; achieved in a 75% reduction in AWS accounts in just 2 months with zero service interruptions
• Conducted thorough security assessments of new AI products; uncovered and addressed critical flaws in prompt handling and data protection
• Owned secret scanning initiatives across various pipelines; managed incident response for security events affecting multiple services, coordinating rapid mitigation efforts across team
• Enhanced vulnerability management through innovative dependency tracking, dynamically managing projects and procedural enhancements; resulted in higher patching rates and improved security hygiene

• Led Safety by Design initiative, conducting over 50 reviews in 5 months and uncovering several critical vulnerabilities through rigorous threat modeling and code review
• Designed and implemented metrics and dashboards for real-time visibility into security scanning pipelines; identified and addressed friction points, resulting in a 30% speed up in scan times and accurate reporting
• Enhanced security scanning tools by optimizing CI efficiency, expanding repository coverage, and implementing additional security controls, resulting in substantial improvements to overall security posture

• Held office hours and assisted with grading for Object Oriented Software Engineering
• Setup assignment rubrics and managed work among other assistants
• Advised students on a semester-long software project
• Improved processes to minimize grading feedback time

• Collaborated with engineering teams to determine critical components; performed infrastructure security assessments and design reviews to identify and minimize risks through security controls
• Discovered and investigated a critical bug in an internal security tool; documented a detailed report and proposed a redesign of the algorithm resulting in a 90% reduction in potential security vulnerabilities
• trengthened cloud security measures by implementing additional checks into existing security assurance tools for AWS infrastructure; resulted in improved security management and informed decision-making
• Executed code refactoring efforts to enhance user experience, reduce bugs, and drive higher usage by teams
• Enhanced the AWS Infrastructure by introducing a feature to monitor security posture over time, enabling comprehensive historical analysis and visibility into changes

• Held office hours and assisted with grading

• Advised students on a semester-long software project, held office hours and assisted with grading

• Researched cyber threat intelligence; designed and implemented microservices to integrate threat feeds for live threat monitoring
• Streamlined the real-time configuration pipeline for enhanced reliability, minimizing failures and reducing downtime
• Spearheaded and formulated strategies to achieve a 60% reduction in CI costs through the utilization of custom Docker images and faster build times
• Hardened IAM architecture by developing highly configurable API integration and redefined workflows for better user experience
• Executed in-depth vulnerability assessments on the product API and enforced strict access control policies to proactively reduce security risks
• Established standards for simplifying and maintaining critical scripts; refactored code to support custom logging and improve readability

• Conducted manual code reviews; identified and fixed high-risk security bugs in the e-ticketing services
• Coordinated communications between the design and development teams for migrating to Android 10

• Ideated and led a 3-member team to develop a tool for detecting package typosquatting in package registries
• Integrated open source tools to provide critical detection mechanisms based on static and dynamic analysis; lead to detection of malicious packages in PyPI

• Extending features and bug fixes to a credential scanning tool

• Led a 6-member team to perform cybersecurity risk assessments for a fictitious health organization
• Proposed a budgeting plan and timeline for setting up a fictitious SOC for the organization
• Carried out a mock HIPAA Audit to identify missing security controls and recommended technical safeguard for the same
• Analyzed critical assets and formulated an Incident Response Plan for ransomware attack

• Basic automation script for docker forensics
• Search for a specific term in a given docker image by looking at metadata, history and layers

• Reviewed a client-server application with weak cryptography based on the Noise Protocol Framework and implemented a man-in-the-middle attack to break communications

• Studied and implemented a hill-climbing attack on an M4 Enigma Machine provided with partial configuration
• Optimized the search space statistically to perform the attack under 70 seconds

• Developed a configurable Discord bot to check the health of hosted CTF challenges
• This removes the burden on CTF organizers to answer infrastructure-health-related questions by providing a direct interface for participants to interact with

• Led a 3-member team to develop the backend RESTful API for a book exchange application
• Integrated CI/CD pipelines using GitHub Actions, AWS CodeDeploy, S3 and EC2
• Incorporated shift-left principle by enforcing strict test coverage; resulted in uncovering bugs sooner
• Drafted Swagger API documentation and designed Figma prototypes for web application

• Developed a Golang application that aggregates GitHub contributions from multiple accounts and produces a contribution graph
• Deployed on AWS Lambda using Serverless for easy integration (removed)

• Created a tool to address the issue of weak passwords; suggested passwords are based on the idea of passphrases
• Dropbox's zxcvbn password strength estimator is used to evaluate the strength of the suggested passwords

• Developed a transaction system to authenticate payments using images sent over the network
• Steganography, visual cryptography, two-factor authentication were combined to enhance the overall security of the system
• Performed vulnerability assessment and penetration testing on the system to identify and fix security-related bugs

• Developed a tool to automatically detect and remove sensor dust spots from an image
• Solved a major problem in images taken using a particular setting, thus saving a significant amount of time during post-processing

Golang, Python, C++, Bash, JavaScript, Bazel, gRPC

Git, GitHub Actions, Docker, Kubernetes, AWS

Burp Suite, NMap, Wireshark, Metasploit, Semgrep, OWASP Top 10, IAM, Secure coding, Design review, Manual code review, Threat modeling, SSDLC Security automation, Risk management, Security tooling, SAST, SCA, Web Security, Cloud security, Penetration testing, Cryptography