Hi, I'm Suman Kumar 👋

📍 India
🔐 Security Engineer | 🛡️ Cloud security | ⚙️ Backend & Systems Builder

I break systems deliberately —
so they fail safely in the real world.

---

🧠 Who I Am

I’m a security-first engineer with a strong backend and systems foundation.
I don’t believe in checkbox security. I believe in attack-aware engineering.

My approach is simple but strict:

If a system can be abused, it will be.
So design it assuming an intelligent adversary.

I actively work across:

• Offensive security (how systems break)
• Defensive engineering (how systems survive)
• Backend & infrastructure (where attacks actually land)

---

🧭 Engineering Mindset

• 🔐 Security is not a layer, it’s a baseline
• 🧠 Threat models matter more than tools
• 🧪 Proof-of-concept is useless without mitigation
• 🏗️ Systems should fail safely, not silently
• 🤖 AI without security is technical debt at scale

---

🚀 Current & Ongoing Projects

🛡️ CyberShield Defend

Defensive security tooling & automation for modern threats
Focus areas:

• Threat detection logic
• Secure automation
• Practical defense workflows

🔗 https://github.com/sumansingh20/CyberShield

---

📬 BharatMail — Secure Email Platform

A privacy-first, security-centric email system
Designed with:

• Zero-trust mindset
• Attack surface minimization
• Secure auth & storage principles

🔗 https://github.com/sumansingh20/BharatMail

---

🔐 Penetration Testers & Secure Modern Web Apps

Hands-on repository covering:

• Real-world vulnerabilities
• Exploitation techniques
• Secure-by-design fixes

🔗 https://github.com/sumansingh20/Penetration-testers-and-secure-modern-web-apps

---

🧰 Technical Expertise

🔐 Security & DevSecOps

• Web, Network & System Penetration Testing
• Threat Modeling & Risk Analysis
• OWASP Top 10 (Web, API)
• Linux Hardening & Secure Configurations
• Docker & Kubernetes Security
• CI/CD Security Pipelines
• Cloud Security Fundamentals

Tools: Nmap · Burp Suite · Metasploit · Wireshark · Linux

---

🖥️ Backend & Systems

• Secure REST API design
• Authentication & Authorization models
• Role-based & policy-based access control
• Secure data handling & validation
• Microservices security concerns
• High-risk input & boundary defense

Languages: Python · Java · Node.js · Go · C / C++ · Bash

---

☁️ Cloud & Databases

• Cloud threat models (AWS / Azure / GCP)
• IAM & permission boundaries
• Secure storage & secrets handling

Databases: PostgreSQL · MySQL · MongoDB · Redis

---

🤖 AI & Security

• ML-assisted malware detection concepts
• Adversarial attack surfaces in AI systems
• Securing AI pipelines & data flows
• Understanding how AI changes threat models

Libraries: TensorFlow · PyTorch · Scikit-learn · Pandas · NumPy

---

🔍 What I’m Actively Working On

• Advanced penetration testing methodologies
• Malware behavior & analysis fundamentals
• Secure system design under adversarial conditions
• AI + Cybersecurity intersections
• Turning exploits into engineering rules

---

📊 GitHub Activity

---

📈 GitHub Contribution Graph

---

🐍 Contribution Activity

---

🌐 Writing & Knowledge Sharing

• Cybersecurity fundamentals
• Exploit breakdowns
• Secure architecture concepts
• AI security risks & design lessons

(Actively expanding technical writing)

---

🔗 Connect With Me

• 📫 Email → sumantech07@gmail.com
• 💼 LinkedIn → https://www.linkedin.com/in/sumankumar-/
• 🧠 GitHub → https://github.com/sumansingh20
• 🧩 LeetCode → https://www.leetcode.com/sumansingh20

---

🧠 Philosophy

Attackers think in possibilities.
Defenders think in guarantees.
I train myself to think like both.

Secure systems aren’t built by fear —
they’re built by understanding failure.