A
Ayyappan

Ayyappan

Offensive Security Engineer

Delivering impactful security solutions through advanced penetration testing, vulnerability research, and innovative security frameworks that protect critical infrastructure and emerging technologies.

Get in TouchView Projects
Scroll Down

My Story

I'm an Offensive Security Engineer with a passion for delivering impactful security solutions that protect critical infrastructure and emerging technologies.

With experience in penetration testing, red teaming, and security research, I specialize in identifying and mitigating vulnerabilities in complex systems. My work spans across various domains including automotive security, IoT devices, cellular networks, and cloud infrastructure.

Get in Touch
Ayyappan profile photo

Projects

Showcasing 3 of 4 security research projects

Wireless Security : CVE-2022-27254 - Discovered and published a critical vulnerability in Honda vehicles' remote keyless system that allows replay attacks.

Wireless Security : CVE-2022-27254

Discovered and published a critical vulnerability in Honda vehicles' remote keyless system that allows replay attacks.

Learn More
IoT Security : CVE-2023-22906 - Discovered a critical vulnerability in a widely used smart home device that allowed root access without authentication.

IoT Security : CVE-2023-22906

Discovered a critical vulnerability in a widely used smart home device that allowed root access without authentication.

Learn More
IoT Security : CVE-2023-41442 - Discovered a critical security flaw in Tor.AI (formerly Kloudq) Tor Loco platform enabling tracking and unauthorized code execution.

IoT Security : CVE-2023-41442

Discovered a critical security flaw in Tor.AI (formerly Kloudq) Tor Loco platform enabling tracking and unauthorized code execution.

Learn More

Additional security research and CVE discoveries

Experience

A distinguished career in cybersecurity, spanning offensive security engineering, red team operations, and advanced research. Specializing in automotive security, cloud infrastructure, and IoT systems, with a proven track record of delivering impactful security solutions.

Download Resume

Offensive Security Engineer

Block Harbor Cybersecurity
Detroit, MI
July 2024 - Present

Leading comprehensive penetration testing and security assessments for connected vehicles, web/mobile apps, EV chargers, and automotive IoT systems. Specializing in automotive security and connected vehicle ecosystems.

  • Conducted over 100 comprehensive penetration tests for Fortune 500 automotive clients, delivering actionable security insights and remediation strategies
  • Pioneered automated penetration testing methodologies for cellular security assessments (GSM to 5G), reducing assessment time by 40%
  • Performed mobile application security, API testing, and source code review for enterprise clients
  • Developed custom security assessment frameworks for connected vehicle systems and EV charging infrastructure

Red Team Engineer, Intern

ZScaler
Boston, MA
Feb 2024 - May 2024

Participated in offensive security operations and physical security assessments across cloud environments, internal products, and corporate facilities. Focused on advanced threat simulation and security posture improvement.

  • Assisted in red team operations targeting cloud infrastructure, internal products (ZIA, ZPA, CASB), and corporate facilities
  • Developed custom offensive security tools for reconnaissance, intrusion, and physical security assessments
  • Created automated frameworks for employee data analysis to enhance spear phishing and social engineering operations
  • Contributed to executive-level security reports with actionable insights on security observability and detection engineering

Cybersecurity Engineer, Intern

Cybastion Technologies
Washington, DC
May 2023 - August 2023

Contributed to cybersecurity initiatives for government clients, specializing in forensics, border surveillance, and critical infrastructure protection. Focused on developing comprehensive security solutions for West African governments.

  • Assisted in developing and implementing test plans for cybersecurity, forensics, and border surveillance solutions
  • Conducted security assessments of critical infrastructure systems and provided strategic recommendations
  • Collaborated with international government agencies to enhance their security posture and incident response capabilities
  • Helped develop and document security best practices for government systems and critical infrastructure

Undergraduate Research Assistant

Northeastern SIGINT Lab
Boston, MA
May 2023 - August 2023

Contributed to research in aviation security, focusing on GPS spoofing detection and counter-UAS technologies. Worked under Dr. Aanjhan Ranganathan on cutting-edge security research.

  • Assisted in research on GPS spoofing detection and mitigation techniques, developing novel approaches to secure navigation systems
  • Participated in counter-UAS (C-UAS) research, focusing on advanced drone detection and neutralization methods
  • Developed and implemented wireless security tools and training exercises for cybersecurity Masters students
  • Contributed to research papers on aviation security and navigation system vulnerabilities

Cyber R&D Intern

NCIIPC, Govt. of India
India
Sept 2020 - August 2021

Led solo development of security solutions for government systems, with focus on air-gapped environments and critical infrastructure protection.

  • Led development of a comprehensive security toolkit for Linux in air-gapped environments, reducing system hardening time by 30%
  • Developed automated security assessment tools for government systems and critical infrastructure
  • Implemented security controls and compliance measures for secure networks
  • Created documentation and materials for security tool deployment and maintenance

Skills & Expertise

A comprehensive set of technical skills and domain expertise in cybersecurity, software development, and system architecture.

Professional Certifications

  • OSCP+ (Offensive Security Certified Professional Plus)
  • OSCP (Offensive Security Certified Professional)
  • CompTIA Security+
  • ISC2 Certified in Cybersecurity (CC)
  • Java Certification
  • C++ Certification
  • C# Certification
  • Objective-C Certification
  • Python Certification
  • Node.js Certification

Offensive Security

  • Penetration Testing
  • Red Team Operations
  • Vulnerability Assessment
  • Exploit Development
  • AI System Penetration Testing
  • LLM Security & Prompt Engineering
  • AI Model Security
  • AI Security Research & Development
  • Social Engineering
  • Physical Security Assessment
  • Wireless Security Testing
  • Mobile Application Security

Professional Skills

  • Public Speaking & Presentations
  • Technical Consulting
  • Security Training & Education
  • Executive Reporting
  • Cross-functional Collaboration
  • Project Management
  • Client Relationship Management
  • Technical Writing & Documentation

Development & Tools

  • Python
  • C/C++
  • Java
  • Git
  • Docker
  • Linux/Unix
  • Bash Scripting

Security Research

  • Reverse Engineering
  • Firmware Analysis
  • Protocol Analysis
  • Vulnerability Research
  • Exploit Development
  • Security Tool Development
  • IoT Security Research
  • Wireless Security Research

Infrastructure & Cloud

  • Cloud Security (AWS/Azure)
  • Network Security
  • System Hardening
  • Security Architecture
  • Container Security
  • Infrastructure as Code
  • Security Automation

Presentations & Articles

Sharing knowledge and insights through presentations, talks, and workshops at industry conferences and events.

Oberserver Researcher Foundation : Raisina Debates

Online
Expanding National Security Risks from Foreign-Manufactured Hardware

Published an article on the growing national security risks posed by foreign-manufactured hardware for the Observer Research Foundation (ORF).

Ahead of the Breach Podcast

Online
Advanced RF Exploitation Techniques for Automotive Systems

Featured guest on Sprocket Security's Ahead of the Breach podcast, discussing automotive security, real-world hacking, and career insights.

Black Hat MEA

Riyadh, Saudi Arabia
Remote & Wireless Exploitation: Unveiling Critical Flaws in the Automotive Ecosystem

Showcased critical vulnerabilities in modern vehicles, focusing on remote and wireless attack surfaces. Demonstrated real-world exploitation scenarios and emphasized the need for robust automotive security.

Get in Touch

Let's connect and discuss how we can work together on your next project or security challenge.

GithubLinkedInEmailX

Email: contact@ayyappan.me

Location: Detroit, MI

Download Resume