Hi ! I am Aseem. I completed my higher education from DPS RKP and then graduated in CS from IIIT Allahabad. While in college, I've been the coordinator for cybersecurity wing and our college CTF team participated and won many of the national and international CTFs. Apart from CTFs, I also reported some critical bugs to governments and organisations one of which has been covered in Economic Times in September this year. Recently I've started teaching about cybersecurity on my youtube channel HackingSimplified. I love to run ( hope to run a marathon some day ) and read books.

Skills

WebApp Security

Master
  • OWASP Top 10
  • recon automation

Infra Security

Intermediate
  • AWS
  • GCP
  • vault
  • sonarqube
  • terraform

Work Experience (2)

Senior Information Security Engineer
GoJek
Feb 2021 - Current
https://gojek.com/

Working in the ProdSec team. Driving Shift Left culture at GoJek.

  • CIS Benchmark Auto Remediation in Google Cloud using Cloud Functions

Security Engineer
Grofers
Apr 2019 - Jan 2021
http://www.grofers.com

Just after college have joined this as the 2nd member of the security team, just after it's creation a month earlier. The team and manager are awesome here. I've been working on a lot of interesting projects here. Some of the highlights are :

  • DNS-As-Code : Created from scratch an automated pipeline using terraform to create DNS entries in cloudflare as well as Route53 with failover option for easy switching to either of the DNS providers

    Built Using : terraform

  • G-Shield Security Bot : Created from scratch a github bot with the intention of shift-left, bringing security closer to the developer workflow. It scans each PR for common security issues like hardcoded secrets, code smells, vulnerable docker images, sensitive mount point etc. The code is modular and thus new modules have been easily added to it by other team members.

    Built Using : python, celery and github APIs

  • Temporary credentials for DB : Integrated vault with DBs and github so that users can generate temp credentials for database based on their github team

  • Cognito Integration : Worked with multiple teams to integrate AWS cognito in legacy APIs to provide better authentication workflows like social oauth ( such as google auth ) and OTP based workflow

  • OauthProxy : Integrated oauthproxy for gsuite authentication and compliance to some of our internal applications

Education (3)

B Tech.
Information Technology
IIIT Allahabad
2015 - 2019
Grade: 7.7
Higher Secondary
DPS R K Puram, New Delhi
2012 - 2014
Grade: 89%
Secondary
VVRS, Purnea, Bihar
2005 - 2012
Grade: 10

Awards

HackIM CTF - 1st ( India ), 8th ( World Rank ) - 2018
NullCon - Walmart & VirtualBox
Found IDOR Bug in Digilocker ( GoI Initiative ) - Hall of Fame - 2017
Govt of India
Reported bugs to Google, Myntra, MakeMyTrip, Zoho, IBM, Sony, GM etc
1st in Terminal Tragedy CTF, NIT Trichy - 2017
NIT Trichy
DRDO CTF - Top 20 - 2017
DRDO

Languages

Hindi

Native Speaker

English

Fluent

Interests

CyberSecurity 🖥️

  • web app pentesting
  • reverse engineering

Reading Books 📚

  • goodreads-97128738-aseem

Creating Stuff 💡

Running 🏃

  • garmin forerunner45
  • strava-47262934

Swimming 🏊