Skip to main content
Susovan Garai

Skills

Capability matrix across the six pillars — frameworks, methodologies, and tooling categories. Vendor-anonymous categories. Every entry traces to the resume or the detailed technical profile.

01 / 06 — AI / AGENTIC SECURITY

Adversarial testing for LLMs and agents.

  • OWASP LLM Top 10
  • MAESTRO Threat Modeling
  • MCP Security
  • Prompt Injection Testing
  • Indirect Prompt Injection
  • RAG Pipeline Security
  • Model Abuse Testing
  • Agentic Threat Modeling
  • Tool-Use Risk Analysis
  • Confused Deputy Patterns
  • AI Posture Management
  • AI Security in CI/CD

Source: R, TP §3.3, TP §6.5

02 / 06 — DEVSECOPS + INFRASTRUCTURE AS CODE

Security checks where code lives.

  • SAST
  • SCA
  • Secret Scanning
  • AI Security in CI
  • CI/CD Security Integration
  • Shift-Left Security
  • Secure SDLC (SSDLC)
  • Paved Security Standards
  • Pipeline Hardening
  • GitHub Actions
  • Jenkins
  • Security Automation

Source: R, TP §3.2, TP §6.2, TP §6.8

03 / 06 — APPLICATION SECURITY

Manual + automated. Web, API, mobile.

  • Web Application Pentest
  • API Security Testing
  • Mobile Pentest (Android/iOS)
  • Internal VAPT
  • OWASP Top 10
  • OWASP API Security Top 10
  • ASVS
  • Secure Code Review
  • PoC Exploit Development
  • Business Logic Testing
  • WebSocket Security
  • Webhook Security
  • JWT / OAuth2 / OIDC Attack Patterns
  • Authentication + Authorization Testing
  • Manual Vulnerability Validation

Source: R, TP §6.1

04 / 06 — CLOUD SECURITY

Cloud-native + WAF + CNAPP. Findings validated.

  • AWS Security Services
  • IAM Privilege Escalation
  • S3 Misconfiguration Analysis
  • Cloud-Native Security Monitoring
  • Threat Detection
  • Cloud Security Posture Management
  • CNAPP
  • WAF / Edge Security
  • WAF Vendor Evaluation
  • EKS Hardening
  • Kubernetes Security
  • Container Security
  • Container Escape Techniques
  • Supply Chain Security / SBOM
  • Secrets Management
  • Certificate Management

Source: R, TP §3.4, TP §6.3, TP §6.4, TP §6.6

05 / 06 — VULNERABILITY MANAGEMENT + RISK

From scanner output to risk-ranked action.

  • CVSS-Based Prioritization
  • Risk-Based Triage
  • False-Positive Reduction
  • Multi-Source Triage
  • Internal VAPT
  • Risk Assessment
  • Remediation Tracking
  • PoC Evidence
  • Compliance Evidence Collection
  • SOC 2
  • ISO 27001
  • HIPAA
  • HITRUST
  • GRC Support

Source: R, TP §3.6, TP §3.7, TP §6.7, TP §9, TP §10

06 / 06 — THREAT MODELING

STRIDE for systems. MAESTRO for agents.

  • STRIDE
  • MAESTRO
  • Architecture Review
  • FSD Review
  • Secure-by-Design
  • Defense-in-Depth
  • Data Flow Diagram
  • Trust Boundary Analysis
  • Attack Surface Analysis

Source: R, TP §3.3