Hi 👋
Myself, Aseem. I am the founder of SecureMyOrg, where we offer VAPT, Cloud security audit and remote security engineers as a service. In my free time, I explore the cybersecurity space for interesting problems to solve. I've worked as a freelance cybersecurity consultant, contracting my services at a few organisations in US, EU and India. Currently working with clients in the PST timezone.

My usual work week involves :

  • Automating SecOps : Building automation using Golang or Python to effectively manage infrastructure security at scale.
  • Code Review : Review PR changes for any security issues.
  • Threat Modelling New Products : I consult young startups for helping them threat model their new, to-be launch product.
  • Pentesting : I do web and mobile app pentest for my clients. Still learning the ropes of blockchain security.
  • Security Education : I teach my clients on secure coding and secure cloud deploying practices.

In the past, I worked in awesome security teams at Rippling, Gojek and Blinkit.
In my free time, I teach about cybersecurity on my youtube channel HackingSimplified, develop security projects in python, tinker with IoT security, read books 📚, play games 🎮, run 🏃‍♂️ and bicycle 🚴‍♂️.

Skills

Cloud & k8s Security

Advanced
  • AWS
  • GCP
  • Kubernetes
  • Guard Duty
  • Macie
  • Trusted Advisor
  • Cognito

App Pentesting

Master
  • OWASP Top 10
  • Recon automation
  • Android

Python

Master
  • flask
  • django
  • requests

Golang

Intermediate

Researching

Intermediate
  • ctfs
  • malware
  • IDA
  • r2

Work Experience (5)

Founder
AssetSentinel.io
Oct 2023 - Current
https://assetsentinel.io/

Building something around Asset Inventory and automating security.

Security Engineer ( Contractor )
Yahoo
Aug 2023 - Dec 2023
https://www.yahoo.com/

Working in the Security Engineering and Automation team of the Paranoids ( Yahoo Security Collective ).

  • SEA Team: Built some automation to improve the current security systems.

Security Engineer
Rippling
Feb 2022 - Sep 2023
https://www.rippling.com/

Working in the SecInfra team. Automating security through code.

  • InfraSec Team : Building automation around Vulnerability Management System ( VMS ). Also automated a few security processes for sec infra.

  • Assurance Team : Part of this team to build automation for product security. Helped in doing automated dynamic application security testing ( DAST ).

  • ProdSec Team : Got started working with this team, doing threat modelling, code reviews etc.

Senior Information Security Engineer
GoJek
Feb 2021 - Feb 2022
https://gojek.com/

Working in the ProdSec team. Driving Shift Left culture at GoJek.

  • Compliance As Code : CIS Benchmark auto remediation in Google Cloud using Google Cloud Run.

  • Web App & Android Pentesting : Pentesting for any feature release in the GoJek web API backend and GoJek Android application.

  • Red Teaming : Found critcal vulnerabilities and escalated privileges to gain admin access to almost all of the GoJek Infrastructure.

  • Code Reviews : Code reviews for any feature release in the GoJek API or mobile application.

  • GoSecCon : Organised the first ever security conference of GoJek, which included a CTF competition + external and internal speaker talks over a span of 2 days.

Security Engineer
Blinkit ( formerly Grofers )
Apr 2019 - Jan 2021
http://www.grofers.com

Just after college have joined this as the 2nd member of the security team, just after it's creation a month earlier. The team and manager are awesome here. I've been working on a lot of interesting projects here. Some of the highlights are :

  • DNS-As-Code : Created from scratch an automated pipeline using terraform to create DNS entries in cloudflare as well as Route53 with failover option for easy switching to either of the DNS providers

    Built Using : terraform

  • G-Shield Security Bot : Created from scratch a github bot with the intention of shift-left, bringing security closer to the developer workflow. It scans each PR for common security issues like hardcoded secrets, code smells, vulnerable docker images, sensitive mount point etc. The code is modular and thus new modules have been easily added to it by other team members.

    Built Using : python, celery and github APIs

  • Temporary credentials for DB : Integrated vault with DBs and github so that users can generate temp credentials for database based on their github team

  • Cognito Integration : Worked with multiple teams to integrate AWS cognito in legacy APIs to provide better authentication workflows like social oauth ( such as google auth ) and OTP based workflow

  • OauthProxy : Integrated oauthproxy for gsuite authentication and compliance to some of our internal applications

Awards

HackIM CTF - 1st ( India ), 8th ( World Rank ) - 2018
NullCon - Walmart & VirtualBox
Found IDOR Bug in Digilocker ( GoI Initiative ) - Hall of Fame - 2017
Govt of India
Reported bugs to Google, Myntra, MakeMyTrip, Zoho, IBM, Sony, GM etc
1st in Terminal Tragedy CTF, NIT Trichy - 2017
NIT Trichy
DRDO CTF - Top 20 - 2017
DRDO

References

“ I worked with Aseem in the Security Team as his manager and what I really liked about him is his all-around skill. He never backs down from any challenge or new learning thrown at him and made sure he stepped out of the comfort zone to achieve the feat. He has got experience working as Developer and Secops - Jack of all trades. He also impressed everyone with his sheer dedication to work. Apart from professional development, he has done some fantastic work in his personal skill development. One thing really impressed me how he was able to adapt himself to the new work environment and quickly start initiating projects. His knowledge in network and application level security is quite impressive. He is definitely a quick learner and with the skillset that he poses, he is really a good security engineer. ”
- Avinash Jain, Security at Microsoft (Identity Platform)

“ I have worked with Aseem for a year. He has a great technical skillset combined with being an excellent problem solver which has helped a lot to solve the Security challenge in the organization. One of the great impressions that has always been shown constantly is the calmness, and creativity that is reflected in every challenge. Happy to work with him and looking forward to future collaboration again! ”
- Kenny Gotama, Security Manager at GoJek

Education (3)

B Tech.
Information Technology
IIIT Allahabad
2015 - 2019
Grade: 7.95

Completed my bachelors of technology, with a few electives in cybersecurity. Had been the CyberSecurity Wing Coordintor and the elected member of Student Gymkhana, student body.

Higher Secondary
DPS R K Puram, New Delhi
2012 - 2014
Grade: 89%
Secondary
VVRS, Purnea, Bihar
2005 - 2012
Grade: 10

Languages

Hindi

Native Speaker

English

Fluent

Interests

CyberSecurity 🖥️

  • web app pentesting
  • reverse engineering

Reading Books 📚

  • goodreads-97128738-aseem

Creating Stuff 💡

Running 🏃

  • garmin forerunner45
  • strava-47262934

Swimming 🏊