yashinfosec.com

Explore Security In-depth

Portfolio

About Me

Hello, I’m Yaswanth Surya Chalamalasetty — a cybersecurity professional with hands-on experience across Security Operations (SOC), Vulnerability Assessment & Penetration Testing (VAPT), Web & API Security, and Red/Purple Team support.

I have worked across banking, enterprise IT, and regulated environments, delivering end-to-end security assessments covering web applications, APIs, internal and external infrastructure, Active Directory, cloud environments, and wireless networks. My approach is strongly lab-driven and practical, focused on reproducing real-world attack scenarios and validating security controls rather than relying on theoretical checklists.

I am currently pursuing a Master’s degree in Cyber Security at Coventry University (UK), while continuing limited advisory and consulting work and actively building CortexLab, my personal security research and testing environment.

Professional Summary

  • Cybersecurity professional with experience in SOC operations, VAPT, and adversary simulation

  • Strong expertise in web application and API security testing, aligned with OWASP Top 10

  • Hands-on exposure to Active Directory attacks, cloud security reviews, and infrastructure assessments

  • Experience delivering security audits and consulting services for cooperative banks and enterprises

  • Proven ability to communicate technical risk clearly through executive and technical reporting

  • Trainer and speaker with experience delivering workshops, FDPs, and guest lectures

Education

Master of Science (MSc) in Cyber Security
Coventry University, UK (Pursuing)

Bachelor of Technology (B.Tech) – Computer Science
ISBM University, India

Certifications

  • Certified Ethical Hacker (CEH) – EC-Council

  • Certified Network Defender (CND) – EC-Council

  • EC-Council Certified Security Analyst (ECSA)

  • Computer Hacking Forensic Investigator (CHFI)

  • Certified SOC Analyst (CSA)

  • Certified Secure Computer User (CSCU)

Core Technical Skills
Web & API Penetration Testing

  • OWASP Top 10 testing and validation

  • Authentication & authorization testing (IDOR, role abuse, privilege escalation)

  • Session management flaws, JWT/OAuth abuse

  • Business logic and workflow vulnerabilities

  • API security testing (REST, GraphQL)

  • Manual testing using Burp Suite Pro

Network & Infrastructure Security

  • External and internal infrastructure penetration testing

  • Service enumeration and attack surface mapping

  • Network segmentation and firewall security reviews

  • VPN and VLAN security testing

  • Lateral movement analysis and exposure validation

Active Directory Security

  • AD enumeration and attack-path analysis

  • Kerberoasting and AS-REP roasting

  • Pass-the-Hash / Pass-the-Ticket

  • NTLM relay and delegation abuse

  • Privilege escalation and post-exploitation

  • BloodHound-driven attack path analysis

Cloud & Mobile Security

  • AWS security configuration reviews and IAM analysis

  • Cloud misconfiguration and exposure testing

  • Android and iOS application security testing (assessment level)

  • Insecure storage and API interaction testing

  • Certificate pinning bypass (assessment scenarios)

Wireless, Endpoint & Adversary Simulation

  • Wi-Fi penetration testing (WPA2/WPA3, Evil Twin scenarios)

  • Endpoint exposure and credential capture scenarios

  • Red and Purple Team engagement support

  • Assume-breach assessments

  • Phishing and social engineering simulations

  • Blue team detection and response validation

Security Operations & Detection

  • SIEM-based alert triage and investigation (Splunk)

  • EDR exposure analysis

  • Log analysis across firewalls, WAFs, IDS/IPS, servers, and endpoints

  • Incident response support and escalation

  • Detection gap identification and tuning recommendations

Professional Experience
Independent Cybersecurity Consultant

Cybershields and IT Solutions | Jan 2024 – Aug 2025

  • Led and executed VAPT and information security audits for cooperative banks including
    Bharatiya Sahakara Niyamitha Bank, Muslim Cooperative Bank, Merchant Cooperative Bank, and Mysore Urban Cooperative Bank

  • Delivered SOC monitoring and security operations support for banking and enterprise environments

  • Conducted enterprise security assessments for organizations such as Jaguar Tech Park and Vegolutions India Pvt Ltd

  • Delivered guest lectures, workshops, and FDPs at institutions including VIT, Christ University, Hindustan University, and others

  • Currently engaged in a limited advisory capacity alongside academic commitments

Vulnerability Assessment & Penetration Tester

Technomold IT Solutions Pvt Ltd | Mar 2024 – Jan 2025

  • Conducted VAPT across web applications, APIs, internal networks, and infrastructure

  • Performed manual and automated testing using Burp Suite, Nessus, Nmap, and custom techniques

  • Identified OWASP Top 10 vulnerabilities, misconfigurations, and business logic flaws

  • Delivered detailed technical and executive reports with CVSS scoring and remediation guidance

  • Supported compliance-driven assessments aligned with PCI-DSS and NIST

  • Collaborated with SOC teams to map vulnerabilities to detection gaps

SOC Analyst

Technomold IT Solutions Pvt Ltd | Mar 2022 – Mar 2024

  • Monitored and triaged alerts using Splunk SIEM, CrowdStrike EDR, and Microsoft 365 Defender

  • Investigated phishing attacks and email-borne threats

  • Analyzed logs from firewalls, WAFs, IDS/IPS, web servers, databases, and endpoints

  • Supported incident response, containment coordination, and post-incident reporting

  • Conducted basic malware analysis using Cuckoo Sandbox and VirusTotal

  • Assisted with SIEM tuning and SOC documentation

Current Focus

  • Advanced Web Application & API Pentesting

  • Authentication, authorization, and access control testing

  • Mapping vulnerabilities to OWASP Top 10

  • SOC + AppSec crossover skills

  • Publishing technical blogs and building lab-based research