ASHWIN K
0%
About Skills Experience Projects Terminal Contact ↓ Resume
Cyber Security Analyst · Penetration Tester · GRC

ASHWIN
K.

Finding what shouldn't be found — vulnerabilities in systems organisations trust with their most sensitive data. 2.5+ years. 50+ validated findings. Based in Kerala, India.

Get in touch Try the terminal ↓
50+
Vulns found
30+
Apps assessed
30%
FP reduction
Scroll
VAPTPENETRATION TESTINGGRC COMPLIANCEOWASP TOP 10SIEM OPERATIONSCLOUD SECURITYINCIDENT RESPONSEMITRE ATT&CKISO 27001VAPTPENETRATION TESTINGGRC COMPLIANCEOWASP TOP 10SIEM OPERATIONSCLOUD SECURITYINCIDENT RESPONSEMITRE ATT&CKISO 27001
01
About
THE OPERATOR

I find what shouldn't be found — vulnerabilities in systems that organisations trust with their most sensitive data. Before the adversaries do.

My path into cybersecurity is unconventional — a BBA graduate who self-taught penetration testing from scratch through Brototype, then applied those skills across 2.5+ years of real-world engagements at Dinoct Solutions. Over 30 applications assessed. Over 50 vulnerabilities validated. A 30% reduction in false positives through rigorous manual validation.

My work spans the full security lifecycle: offensive VAPT across web apps, APIs, networks and cloud; defensive SIEM monitoring with Wazuh and Elastic Stack; and GRC compliance across NIST, SOC 2, CIS, and HIPAA frameworks.

OWASP Top 10MITRE ATT&CKBurp SuiteMetasploitWazuh SIEMElastic StackGCP SecurityAWSNmap NSENessusKali LinuxPythonISO 27001SOC 2Sigma Rules
01
Professional Cloud Security Engineer
Google Cloud Platform
GCP-certified cloud security professional — IAM hardening, VPC threat modeling, cloud-native detection across Google Cloud environments.
02
ISO/IEC 27001:2022 Lead Auditor
Mastermind Assurance
Qualified to plan, conduct and follow up ISMS audits — gap analysis, control validation, evidence collection across enterprise security frameworks.
03
API Penetration Testing
APISec University
Specialised API security testing — IDOR, auth bypass, JWT attacks, broken object-level authorisation, and REST/GraphQL vulnerability chains.
04
BBA — University of Calicut
2017 – 2020 · Don Bosco College
Non-traditional path into cybersecurity — proving determination and self-teaching can outperform pedigree in technical security roles.
SQLiXSSIDORSSRFAuth BypassJWT AttacksXXERCEPrivilege EscalationCloud MisconfigurationC2 DetectionLateral MovementSQLiXSSIDORSSRFAuth BypassJWT AttacksXXE
02
Capabilities
SKILL MATRIX
Penetration Testing (Web/API)90%
SIEM & Threat Detection82%
GRC & Compliance (NIST/SOC2)85%
Cloud Security (GCP/AWS)78%
Network Security & VAPT80%
Python & Bash Scripting75%
Offensive
Burp Suite ProMetasploit FrameworkNmap / NSE ScriptsNessus · NiktoSQLMap · Hydra
Defensive
Wazuh SIEMElastic StackKibana DashboardsCustom Sigma RulesIDS / IPS
GRC
ISO 27001 (LA Cert)NIST CSFCIS ControlsSOC 2 · HIPAAGap Analysis
Cloud & Dev
GCP SecurityAWS SecurityPython (security)Bash AutomationOSINT Scripting
03
History
ENGAGEMENT LOG
  • Conducted VAPT across 30+ web apps, APIs, networks, and cloud environments — identifying and prioritising critical risk chains
  • Discovered and validated 50+ vulnerabilities including SQLi, XSS, IDOR, SSRF, auth bypass, and cloud misconfigs — each with exploitation proof and remediation roadmap
  • Manual validation of automated scans reduced false positives by 30%, dramatically improving report quality and client confidence
  • Supported compliance audits across NIST, CIS, SOC 2, and HIPAA — evidence collection, control validation, gap analysis reporting
  • SIEM monitoring via Wazuh + Elastic Stack — custom detection rules, threat investigation, incident response operations
Burp SuiteNmap NSENessusMetasploitKali LinuxWazuhElastic StackPythonAWSGCP
  • Practical exposure to vulnerability assessment across systems, networks, and web applications — building offensive security foundations from scratch
  • Learned offensive security tools and manual testing techniques for OWASP Top 10 vulnerability classes
  • Authored security assessment reports — developing technical writing and client communication skills
Kali LinuxOWASP Top 10NiktoManual TestingReport Writing
04
Portfolio
OPERATIONS
01
Offensive Security · Web & API
VAPT Pipeline
50+ vulns validated · 30+ targets assessed
Burp SuiteNmapPythonBash
02
Defensive Security · SIEM
Threat Detection Platform
Custom Sigma rules · C2 beacon detection · faster triage
WazuhElasticKibanaSigma
03
Governance · Compliance
GRC Automation Engine
Multi-framework gap analysis · automated evidence collection
PythonBashNISTSOC 2
04
Continuous Training · Red Team
Adversary Simulation Labs
Active on HackTheBox & TryHackMe · MITRE-aligned TTPs
HTBTHMAD Attacks
Operation Details
05
Interactive
TERMINAL

You're in. This is a real shell — well, almost. Type commands and interrogate my system. Try whoami, or just type help if you're lost like a script kiddie.

whoami ls cat about.txt cat skills.txt cat certs.txt cat experience.txt nmap -sV ashwin.local cat fun_facts.txt sudo hire ashwin history uname -a ps aux
ashwin@kali — bash — 80×24
ashwin@kali:~$
06
Reach out
LET'S WORK
READY
TO SECURE
YOUR STACK?

Available for VAPT engagements, GRC consulting, threat detection, and full-time roles. Let's talk about what's at risk.

Emailashwink99333@gmail.com LinkedInashwin-suresh-6555581a1 GitHubgithub.com/Ashwin998
Phone+91 7025992562
LocationKerala, India
SEND A MESSAGE
# the vulnerabilities existed before I arrived.
# I just made sure you knew about them.

ashwin@kali:~$ exit
logout · session closed ·