Professional Documents
Culture Documents
Asdasdasdasdasdsad
Asdasdasdasdasdsad
com
BANGALORE, INDIA
linkedin.com/in/ayush-guha-693a4a210
“We are only as strong as our weakest link”. As a security engineer and an IT grad my interest lies in finding the weakest link in
a system and securing it. I program security tools , automate security scans and tests and I have experience securing one of
the fastest growing unicorn startups in India from ground-up which gave me the chance to wear different hats and hone my
cloudsec and appsec skills. I also have participated in multiple CTF events (TyphoonCon, Google, eHaCon) and am a bit of a
documentation freak who likes sharing those write-ups with the larger tech community!
Experience
SKLLS
1. Python, C, Bash, PowerShell, XML, YAML, JSON
2. Data structures and OOPS
3. KQL, SQL (MySQL, PostgreSQL)
4. Linux (Ubuntu and Kali) [from kernel to shell and beyond].
5. Azure (Defender, Sentinel, Logic apps, Virtual Networks, functions etc).
6. GCP (Cloud storage, cloud Armor, IAM, VPC network & firewalls, GCR, beyondcorp,
compute engine, SCC, Bigquery etc)
7. Network security & analysis of network protocols - Wireshark, tcpdump, Cisco packet
tracer.
8. Network troubleshooting (DNS server, Firewall, IDS/IPS, network configuration, Routing)
9. Wireless security (802.11a/b/g/n/ac, 802.1x)
10. Incident investigation and remediation
11. Microsoft defender suite including Defender for endpoint, defender for office 365, cloud
app security, etc.
12. WAF – Reblaze, GCA, Azure Firewall, IPtables and windows adv firewall
13. Implementation of OAuth2 flows and JWT and API testing
14. Manual security code review.
15. Infrastructure as a code (IAC) – Nginx, HCL and docker
16. Automation using Jenkins and Zapier
17. Container security
18. Well-versed in security compliance/regulation frameworks like ISO/IEC, SOX, PCI DSS, CIA
triads, HIPAA.
19. Implementing email authentication (DMARC, DKIM & SPF)
20. Calculation of vulnerability scores (CVSS 3.1).
21. Social engineering and OSINT
22. Webapp attacks (SQLi, LFI, RFI, RCE, XSS, Tabnabbing, Rate limit bypass, SSRF etc)
23. VAPT using tools like MSF, Burp suite, HashCat, NMAP, Aircrack-ng suite etc.
24. Memory analysis (volatility)
25. Git, Bitbucket
26. Agile project development and scrum methodologies (Jira, Jira service desk, confluence)
27. Reverse engineering & binary exploitation (x86), Basic Cryptography.
CERTIFICATIONS
PROJECTS ( https://github.com/HelloGit-ty)
1. Secure_Wrike_using_Azure_Sentinel – Azure sentinel solution for Wrike PMS (Python, JSON, Azure, KQL)
2. Log4j-scan – Contributed WAF bypass rules and features to the tool for discovery of log4shell on remote
hosts.(python)
3. 3Bucket-eer – Tool to scan for public buckets in an unauthenticated manner as well as enumerate info on
buckets and objects on GCP in an authenticated & fully automated manner and send alerts over slack if a
blacklisted bucket is found exposed (python).
4. Security On-call- Automation script to rotate on-call security Engineers in a slack usergroup using non-
consecutive repetition (python)
5. Rate limit metric automation – Ingesting WAF and LB level logs into a Bigquery dataset and using python to
fetch and report metrics in slack related to rate-limits.
6. Shell Manager - Multi-client reverse Shell (Python).
7. DeviceFinder - ARP SCANNER (Python).
8. A$$etH0und - (Python) Asset tracking tool for red teaming.
9. Backstory App - An app and a web app for reading and submitting short stories and poetry.
ACHIEVEMENTS
1. 2021 - Received the most popular project award and the top 10 eligible project awards by Microsoft in
the Azure sentinel hackathon. Our project was also featured in the Microsoft blog post and received
praise from the CEO of SOC prime & inventor of Uncoder.IO, Andrii Bezverkhyi.
2. 2021- My project has been recognized and praised by the associate director of KPMG India and by their GSOC team
as well.
3. 2021- Received Hacktoberfest swags for successfully completing 10 PRs to various open source projects.
4. 2019 - Came 2nd in ICELTS for developing the Backstory app.
EDUCATION
COLLEGE/UNIVERSITY
Institute of Engineering and management (IEM), Salt Lake.
DEGREE
B.tech in IT 2018-2022 (CGPA – 8.67/10)