• tl;dr

all things security: OffSec, InfraSec, AppSec/ProdSec, CloudSec, etc. i’m also into reverse engineering, malware analysis/development, AI-boosted pentesting, and pretty much all kinds of tech mischief i can integrate into my professional career.

  • experience

  • [2024 - present]

senior security engineer @ Numerator

focal point between SecOps, DevOps, IT, Platform, and Data teams.

scouring and securing engineering architecture and infrastructure: cross-stack vulnerability management (discovery, triage, reporting, remediation, tracking), identity + access management, API security, Terraform guardrails, container + cluster security, incident response.

  • [2021 - 2024]

software security engineer + researcher @ Trustwave SpiderLabs

investigated attacks and vulnerabilities for key clients in telecommunications, energy, and national security.

lots of deep research and red teaming (offensive security), specifically around database security, to build up threat intelligence.

built sensors based on collected intelligence (attacker + malware behaviour, OSINT, dark net markets, shadow channels, etc) to keep clients up-to-date and protected.

  • [2018 - 2021]

lead database developer @ Veryon

entry-level software + database development.

data warehousing, ETL, automations, etc.

  • education

bachelor of engineering @ Western U

majored in electrical and computer engineering, with a specialization in information theory and wireless transmission. graduated in 2018.

  • languages

english: native

hindi: native

urdu: native

french: intermediate

arabic: intermediate

mandarin: rudimentary

  • interests

homelab

philosophy

reading

photography

dancing

basketball

  • tech + skills

frontend: React • Angular • Vue.js • JavaScript • TypeScript

backend: Java • Python • C/C++/C# • Node.js • Ruby • Go • Ruby on Rails • .NET • Express.js • Flask • Django • Spring Boot • RESTful + GraphQL APIs • Docker • Kubernetes • gRPC

databases: PostgreSQL • MySQL • MS SQL Server Oracle • MongoDB • Cassandra • Redis • Elasticsearch • Snowflake

devops + infra: AWS • Azure • Jenkins • GitLab CI • GitHub Actions • Docker • Kubernetes • OpenShift • Ansible • Terraform • Puppet • Chef

AI/ML + data: TensorFlow • PyTorch • Pandas • NumPy • Matplotlib • Tableau • Deep Learning (RNN/CNN) • ETL

insights: Prometheus • Grafana • Datadog • ELK • Splunk • Git • Jira • Confluence

penetration testing: Metasploit • Burp Suite • nmap • Nessus • ZAP

network security: ASA/Palo Alto • Snort/Suricata• VPN • NAC • SSL/TLS • TCP/IP/UDP • SSH

application security: Snyk • Semgrep • Socket • Burp Suite • OWASP Top 10 • CIS Controls • NIST SP 800-53 • Vanta • GitHub Advanced Security (CodeQL) • JupiterOne

IAM + cryptography: Okta • Auth0 • AD • AWS IAM • OAuth2.0 • OIDC • SAML • AES • RSA • ECC • SHA-256 • MD5 • OpenSSL

reverse engineering: IDA Pro • Ghidra • Immunity Debugger • Decompilation • GDB • WinDBG • x64dbg • gdbExtract