Suraj Kumar — Cybersecurity Portfolio

Hi, I'm Suraj, a
cybersecurity engineer.

/* Building automation pipelines, internal security tooling,
and penetration testing — one exploit at a time. */

Featured Works

// Craft at the intersection of security and code

IMAGE COMING SOON

SECURITY AUTOMATION PIPELINE

Python · SAST · CI/CD

[AUTOMATION] [PYTHON] [SAST]

Security Automation Pipeline

Streamlined security review processes with Python; integrated SAST tooling into CI/CD workflows

IMAGE COMING SOON

GRAYHAT WORKSHOP

Bug Bounty · HackerOne · IoT Lab

[COMMUNITY] [BUG BOUNTY] [HACKERONE]

Grayhat Bug Bounty Workshop

Co-organized a hands-on bug bounty workshop for the IoT Lab cybersecurity team in partnership with HackerOne

IMAGE COMING SOON

CYBER SECURITY VIRTUAL LAB

OPNsense · Active Directory · Elastic SIEM

[HOMELAB] [SIEM] [ACTIVE DIRECTORY]

Cyber Security Virtual Lab

Full fictional enterprise network with hardened firewall, DNS, AD, file sharing, and Elastic Stack threat monitoring

IMAGE COMING SOON

INTERNAL SCAN TOOLS

Static Analysis · CI/CD · SAST

[TOOLING] [SCANNING] [CI/CD]

Internal Security Scan Tools

Built internal tools for scanning and static analysis with hands-on exposure to SAST pipeline integration

All Projects

// Things built, broken, and rebuilt for fun and for security

Python · Socket · Threading — May 2024

Python Port Scanner ↗

Multi-threaded port scanner with up to 300% performance improvement via concurrency. Robust error handling and logging.

↑ Faster network reconnaissance. Multi-threading cuts scan time dramatically across wide port ranges.

Python · Socket Programming — May 2024

CypherC2: C2 Framework ↗

Basic C2 system demonstrating secure TCP communication. Server-client architecture with command transmission.

↑ Demonstrates real-world C2 architecture for educational and red-team research contexts.

OPNsense · Ubuntu · VMware — June 2024

Cyber Security Virtual Lab

Hardened OPNsense firewall, enterprise network with DNS, Active Directory, file sharing + Elastic Stack SIEM.

↑ End-to-end threat monitoring from firewall rules to Elastic Stack dashboards — all in a local homelab.

Python · CI/CD · SAST — Ongoing

Security Automation Pipeline

Python pipelines that streamline security review processes and improve team efficiency. Integrated with SAST tooling.

↑ Built for real team use — cuts manual review time and surfaces issues earlier in the dev cycle.

Bash · Python · Internal Tooling

Internal Scan & Analysis Tools

Internal tools for scanning and static analysis. Hands-on exposure to CI/CD pipeline integration and SAST rule authoring.

↑ From writing scan rules to plugging results into the pipeline — full ownership of the tooling lifecycle.

TryHackMe — Ongoing

CTF & Lab Practice

Active on TryHackMe — ranked top 10% globally. Regular CTF practice covering web, network, and privilege escalation challenges.

↑ Top 10% globally out of millions of users. Consistent practice across offensive and defensive tracks.

~/whoami

▶ whoami cybersec_engineer ▶ cat profile.json { "role" : "Cybersec Software Engineer", "exp" : "~1 year", "thm" : "Top 10% Globally", "certs" : ["eJPT (in-progress)", "RH124", "AWS Cloud Arch.", "Deloitte Cyber Sim."], "skills" : ["Python", "Bash", "SAST", "Pentesting", "CI/CD"], "status" : "open_to_work" } ▶

Hi, I am a cybersecurity-focused software engineer with a year of experience in secure application development, automation, and penetration testing.

// I rank in the top 10% of TryHackMe users globally, build Python pipelines that security teams actually ship, and I haven't found a network I couldn't scan — legally.

[EXPERIENCE]

Cybersecurity Software Engineer

~1 year building secure applications and automation tooling. Created Python pipelines to streamline security review processes and improve team efficiency.

Security Tooling & CI/CD

Built internal tools for scanning and static analysis. Hands-on exposure to CI/CD pipelines and SAST — from writing rules to integrating findings into developer workflows.

Member, Cybersecurity Team — IoT Lab

Participated in practice sessions, shared resources, and reviewed solutions to build foundational skills. Contributed to organizing Grayhat — a hands-on bug bounty workshop with HackerOne.

Certifications & Credentials

CISCO
JR CYBERSECURITY ANALYST

[CISCO]

[1] Junior Cybersecurity Analyst Career Path ↗

Credential verified on Credly.

CISCO
CYBER THREAT MGMT

[CISCO]

[2] Cyber Threat Management ↗

Credential verified on Credly.

AWS ACADEMY
CLOUD ARCHITECTING

[AWS ACADEMY]

[3] AWS Academy Graduate — Cloud Architecting ↗

Credential verified on Credly.

RED HAT
RH124 / RHA

[RED HAT]

[4] Red Hat System Administration I (RH124 – RHA), Version 9.3 ↗

Credential verified on Credly.

DELOITTE
CYBER JOB SIMULATION

[DELOITTE]

[5] Deloitte Cyber Job Simulation ↗

Credential verified on Forage.

Things I've built...

Python · Socket · Threading — May 2024

Python Port Scanner ↗

Multi-threaded port scanner with up to 300% performance improvement via concurrency. Integrated robust error handling and logging.

↑ Supports faster network reconnaissance. Multi-threading cuts scan time dramatically across wide ranges.

Python · Socket Programming — May 2024

CypherC2: C2 Framework ↗

Basic C2 system demonstrating secure TCP communication. Server-client architecture with command transmission over the wire.

↑ Designed to demonstrate real-world C2 architecture for educational and red-team research contexts.

OPNsense · Ubuntu · VMware — June 2024

Cyber Security Virtual Lab

Hardened OPNsense firewall, full enterprise network with DNS, Active Directory, file sharing + Elastic Stack for SIEM.

Hi, I'm Suraj, acybersecurity engineer.

Featured Works

Security Automation Pipeline

Grayhat Bug Bounty Workshop

Cyber Security Virtual Lab

Internal Security Scan Tools

All Projects

↑ Faster network reconnaissance. Multi-threading cuts scan time dramatically across wide port ranges.

↑ Demonstrates real-world C2 architecture for educational and red-team research contexts.

↑ End-to-end threat monitoring from firewall rules to Elastic Stack dashboards — all in a local homelab.

↑ Built for real team use — cuts manual review time and surfaces issues earlier in the dev cycle.

↑ From writing scan rules to plugging results into the pipeline — full ownership of the tooling lifecycle.

↑ Top 10% globally out of millions of users. Consistent practice across offensive and defensive tracks.

Hi, I am a cybersecurity-focused software engineer with a year of experience in secure application development, automation, and penetration testing.

~1 year building secure applications and automation tooling. Created Python pipelines to streamline security review processes and improve team efficiency.

Built internal tools for scanning and static analysis. Hands-on exposure to CI/CD pipelines and SAST — from writing rules to integrating findings into developer workflows.

Participated in practice sessions, shared resources, and reviewed solutions to build foundational skills. Contributed to organizing Grayhat — a hands-on bug bounty workshop with HackerOne.

Certifications & Credentials

[CISCO]

Credential verified on Credly.

[CISCO]

Credential verified on Credly.

[AWS ACADEMY]

Credential verified on Credly.

[RED HAT]

Credential verified on Credly.

[DELOITTE]

Credential verified on Forage.

Things I've built...

↑ Supports faster network reconnaissance. Multi-threading cuts scan time dramatically across wide ranges.

↑ Designed to demonstrate real-world C2 architecture for educational and red-team research contexts.

↑ End-to-end threat monitoring from firewall rules to Elastic Stack dashboards — all in a local homelab.

Securing systems, one commit at a time.

Hi, I'm Suraj, a
cybersecurity engineer.