VISHALRAAVI
M.Eng. Cybersecurity at UMD. I've spent 2+ years building production systems at CALCE — and breaking them to make them stronger.
Engineering at the intersection of System Design & Security
I'm a Master's student in Cybersecurity at the University of Maryland, with a background in Computer Science from GITAM University. For the past 2+ years, I've been building production systems at the Center for Advanced Life Cycle Engineering (CALCE) — full-stack web platforms, containerized microservices, REST APIs, and data visualization tools used by researchers daily.
What sets me apart is the combination: I don't just build systems — I attack them too. I've executed full offensive kill chains in isolated CTF environments: black-box reconnaissance, SQL injection exploitation, webshell deployment, privilege escalation, and data exfiltration. That attacker's perspective directly informs how I write and review code.
I'm actively pursuing the Burp Suite Certified Practitioner (BSCP) certification and targeting roles at the intersection of secure software engineering and information security — where building and breaking converge.
How I Think
Every system I build starts with one question: “How would I break this?” That attacker's lens — built through real offensive security labs — shapes how I architect, review, and harden every system I ship.
What I've Built
MOSTCOOL Reliability Web Platform
I rebuilt a legacy Windows-only desktop tool into a containerized web platform — one command deploys it anywhere, on any machine.
Challenge
Researchers at CALCE were locked into a Windows-only desktop app with no web access, no API, and no scalability. I needed to rebuild the entire system as a modern, deployable web platform.
What I Built
- →Built a microservice-decoupled React.js + Flask architecture with 8 REST endpoints
- →Designed a React Flow graph editor with 7 custom node types, 14 action types, 6 parallel Map collections
- →Implemented brute-force DFS state enumeration (Python + NetworkX) — 2ᴺ states, capped at N=22 (4.2M evaluations)
- →Engineered multi-sheet Excel round-trip serialization via SheetJS (5 worksheets, full backward compat)
- →Wrote cross-platform Bash automation for Docker orchestration across ARM64 + x86_64
Impact
MOSTCOOL Research Platform
I built the entire public web presence for a federally funded research lab from scratch — automated software distribution, OWASP-hardened, serving 850+ downloads.
Challenge
The lab had no public web presence, no way to distribute software to researchers, and no support infrastructure. I designed and built the full platform from zero.
What I Built
- →Designed a 10+ page responsive MPA: modal modules directory, team directory, timeline news feed
- →Built a Flask REST API integrated with GitHub Issues API for automated support ticketing
- →Engineered a gated ZIP download pipeline with GitHub Actions CI/CD + Gunicorn WSGI deployment
- →Remediated OWASP Top 10 vulnerabilities (XSS, Insecure Design) — input validation + CORS whitelisting cut production bugs by 50%
Impact
Scalable & Secure E-Commerce Platform on AWS
I designed and deployed a production-grade AWS architecture with defense-in-depth security at every layer — zero single points of failure, end-to-end encrypted.
Challenge
I set out to build a production e-commerce system on AWS from scratch — handling variable load, eliminating single points of failure, and embedding security at every layer rather than bolting it on after.
What I Built
- →Architected a multi-tier HA system: ALB → EC2 Auto Scaling Group → Multi-AZ RDS (MySQL)
- →Configured AWS WAF with custom rule sets blocking SQL injection and XSS at the edge
- →Set up ACM for end-to-end TLS/HTTPS and KMS customer-managed keys (AES-256 at rest)
- →Deployed CloudFront CDN with custom cache behaviors for global content delivery
- →Designed a private VPC with public/private subnet segmentation, NAT Gateway, and Security Groups
- →Built full observability: CloudWatch dashboards + CloudTrail immutable API audit logs
Impact
Where I've Worked
Center for Advanced Life Cycle Engineering (CALCE) · University of Maryland
Software Developer — General Assistant
CALCE · University of Maryland · College Park, MD
- →Sole architect of the MOSTCOOL Reliability Web Platform — enterprise-grade R(t)/A(t) analysis tool packaged as a Docker image with microservice-decoupled React.js + Flask architecture and 8 REST endpoints
- →Designed and delivered the MOSTCOOL public web application — 10+ page MPA for a federally funded research initiative; built the software distribution platform that has served 850+ downloads across MOSTCOOL modules; integrated Google Analytics 4
- →Engineered a Flask REST API with GitHub Issues API integration for automated support ticketing + secure gated ZIP download pipeline deployed via GitHub Actions CI/CD
- →Refactored platform codebase to remediate OWASP Top 10 vulnerabilities (XSS, Insecure Design) — cut production bugs by 50% through input validation and CORS whitelisting
Software Developer — Graduate Research Assistant
CALCE · University of Maryland · College Park, MD
- →Designed 5 physics-based degradation model UIs with bidirectional parameter binding to a 200+ component thermal-hydraulic JSON model
- →Implemented brute-force state enumeration (Python, NetworkX) — evaluates all 2ᴺ system states via DFS; capped at N=22 (4.2M evaluations) with minimal cut-set approximation
- →Engineered multi-sheet Excel round-trip serialization (SheetJS, 5 worksheets) with full backward compatibility and orphaned-node cleanup
- →Reduced API latency by 30% through optimized serialization and request validation to prevent injection attacks
- →Architected cross-platform Bash/Shell automation suite for Docker orchestration across ARM64 and x86_64
Software Developer
CALCE · University of Maryland · College Park, MD
- →Built a cross-platform reliability modeling desktop tool (Python Tkinter, NumPy) — improved user modeling efficiency by 60% and optimized performance for large datasets across Windows and macOS
- →Developed a responsive website (HTML, CSS, JavaScript) — reduced load times by 40%; integrated Google Sheets API as a lightweight serverless backend for research data
Academic Background
Master of Engineering — Cybersecurity
+ Graduate Certificate in Cloud Engineering
University of Maryland · College Park, MD
B.Tech — Computer Science
GITAM University · Bangalore, India
Offensive Security Practice
Documented attack chains & security research from isolated lab environments
Burp Suite Certified Practitioner (BSCP)
Certification In Progress · PortSwigger
Solo CTF — 6-Flag Full-Chain Exploitation
Full Kill Chain · RootENPM634 · University of Maryland
Attack Chain
Penetration Testing — CTF VM Exploitation
Black-Box PentestENPM634 · University of Maryland
- →Nmap enumeration (SSH/22, HTTP/80, SMB/139, SMB/445)
- →Wireshark credential capture — plaintext HTTP traffic exploitation
- →Hydra brute-force + lateral movement via SSH
- →Hex dump + CyberChef data exfiltration
Cloud Security Assessment — AWS
AWS · NIST CSF · CISENPM665 · University of Maryland
- →IAM trust relationship enumeration + audit
- →EC2 hardening: chmod -R 755 exposing .env + API keys, absent patch management
- →Missing iptables/nftables firewall + no IDS/IPS (Snort/Suricata)
- →SELinux in permissive mode (sestatus: Current mode: permissive)
- →Synthesized 6-domain risk report aligned to NIST CSF + CIS Benchmarks
Enterprise Security Assessment — Threat Modeling
STRIDE · DREAD · ISO 27001ENPM686 · University of Maryland
- →STRIDE threat modeling — mapped 16 vulnerabilities across 6 threat categories
- →DREAD scoring across 12 scenarios: DoS (7.8), Phishing (7.8), Credential Theft (7.6)
- →65+ workstations/servers assessed (Ubuntu 22.04, Windows 10, macOS)
- →$250,400/year remediation roadmap: Cloudflare WAF, Okta IAM, Splunk, HashiCorp Vault
- →Compliance gap analysis: NIST CSF, ISO 27001, PCI DSS, GDPR
Linux Infrastructure & SIEM
EK Stack · 17.4M+ LogsENPM818P · University of Maryland
- →2-tier LAMP stack (www-vm + db-vm): Apache2, PHP, MySQL, phpMyAdmin, WordPress
- →Least-privilege RBAC with ACLs + UFW firewall (SSH restricted to VM host IP)
- →EK Stack (Elasticsearch + Kibana) — 17.4M+ log entries indexed and queryable in real-time
- →MySQL port 3306 locked to www-vm IP only (network segmentation)
LET'SCONNECT.
Open to full-time roles in Software Engineering, Security Engineering, and Cloud Security.