📍 India
🔐 Security Engineer | 🛡️ Cloud security | ⚙️ Backend & Systems Builder

I break systems deliberately —
so they fail safely in the real world.

I’m a security-first engineer with a strong backend and systems foundation.
I don’t believe in checkbox security. I believe in attack-aware engineering.

My approach is simple but strict:

If a system can be abused, it will be.
So design it assuming an intelligent adversary.

I actively work across:

• Offensive security (how systems break)
• Defensive engineering (how systems survive)
• Backend & infrastructure (where attacks actually land)

• 🔐 Security is not a layer, it’s a baseline
• 🧠 Threat models matter more than tools
• 🧪 Proof-of-concept is useless without mitigation
• 🏗️ Systems should fail safely, not silently
• 🤖 AI without security is technical debt at scale

Defensive security tooling & automation for modern threats
Focus areas:

• Threat detection logic
• Secure automation
• Practical defense workflows

🔗 https://github.com/sumansingh20/CyberShield

A privacy-first, security-centric email system
Designed with:

• Zero-trust mindset
• Attack surface minimization
• Secure auth & storage principles

🔗 https://github.com/sumansingh20/BharatMail

Hands-on repository covering:

• Real-world vulnerabilities
• Exploitation techniques
• Secure-by-design fixes

🔗 https://github.com/sumansingh20/Penetration-testers-and-secure-modern-web-apps

• Web, Network & System Penetration Testing
• Threat Modeling & Risk Analysis
• OWASP Top 10 (Web, API)
• Linux Hardening & Secure Configurations
• Docker & Kubernetes Security
• CI/CD Security Pipelines
• Cloud Security Fundamentals

Tools: Nmap · Burp Suite · Metasploit · Wireshark · Linux

• Secure REST API design
• Authentication & Authorization models
• Role-based & policy-based access control
• Secure data handling & validation
• Microservices security concerns
• High-risk input & boundary defense

Languages: Python · Java · Node.js · Go · C / C++ · Bash

• Cloud threat models (AWS / Azure / GCP)
• IAM & permission boundaries
• Secure storage & secrets handling

Databases: PostgreSQL · MySQL · MongoDB · Redis

• ML-assisted malware detection concepts
• Adversarial attack surfaces in AI systems
• Securing AI pipelines & data flows
• Understanding how AI changes threat models

Libraries: TensorFlow · PyTorch · Scikit-learn · Pandas · NumPy

• Advanced penetration testing methodologies
• Malware behavior & analysis fundamentals
• Secure system design under adversarial conditions
• AI + Cybersecurity intersections
• Turning exploits into engineering rules

• Cybersecurity fundamentals
• Exploit breakdowns
• Secure architecture concepts
• AI security risks & design lessons

(Actively expanding technical writing)

• 📫 Email → sumantech07@gmail.com
• 💼 LinkedIn → https://www.linkedin.com/in/sumankumar-/
• 🧠 GitHub → https://github.com/sumansingh20
• 🧩 LeetCode → https://www.leetcode.com/sumansingh20

Attackers think in possibilities.
Defenders think in guarantees.
I train myself to think like both.

Secure systems aren’t built by fear —
they’re built by understanding failure.