home@gauravsuryawanshi: ~$

Gaurav Suryawanshi // Cybersecurity @ Duke University '26

gms72@duke.eduLinkedInGitHub

Member + Volunteer @ OWASP Global, BlackHat, nullCon India, bSidesRDU, Cloud Security Alliance Triangle security chapters

Contributing to OWASP Certified Secure Developer certification's working project group

$ cat about.txt

As a growing information security professional and a life-long security practitioner, Gaurav led the penetration tests and proactive security initiatives for major PwC and TATA group's accounts and customers in the private sector, before pursuing his Master's of Cybersecurity Engineering at Duke University.

Gaurav's recent professional experience includes an incredible summer internship with Unit 42 by Palo Alto Networks, where he honed his expertise in AI Security assessments, Table Top Exercises, Attack Surface assessments, Zero Trust Architecture reviews, NIST/ISO Cyber Readiness assessments and Red Teaming engagements. Adept as a technical lead and an individual contributor both, he has a proven track record of leading multiple projects, mentoring team members, and exceeding objectives.

Gaurav is proficient in conducting extensive penetration testing assessments across a range of technologies, such as Websites, Thick Clients, Networks, APIs, Active Directory, and Cloud (AWS, Azure Infrastructure, Office365, and Azure AD). He's gained offensive and defensive security skills simulating sophisticated adversary TTPs, organized with the MITRE ATT&CK framework, while building pro-active defenses against them.

Gaurav holds multiple certifications, including the INE fka eLearnSecurity Junior Penetration Tester (eJPT), Certified AppSec Pentester (CAPen) and is working towards his Offensive Security Certified Professional (OSCP) certification, which underpin his technical competencies. Notably, he has played a pivotal role in identifying and remedying critical vulnerabilities, considerably improving organizational security postures. His strong communication skills have been key to conveying complex security challenges and plans effectively to stakeholders and partners. He is always curious to connect with industry peers and leaders as we all navigate the evolving information security landscape.

$ cat /education

Master of Engineering in Cybersecurity

Duke University|Durham, North Carolina, United States of America

August 2024 - May 2026GPA: 3.825/4

Relevant Coursework:

Cyber Risk Management, Security Incident Detection, Response, and Resilience, Advanced Concepts in Cloud Security, Management of High-Tech Industries, Identity and Access Management, Business Fundamentals for Engineers, Cyber Law/Policy

Affiliations:

Duke Cyber and CTF Club (Technical Track Member), Duke Gaming Club, Duke Aviators Club

Bachelor of Science in Computer Science

Dr. Vishwanath Karad MIT World Peace University|Pune, India

August 2018 - October 2021GPA: 3.92/4

Relevant Coursework:

System Analysis and Design, Number Theory & Calculus, Correlation, Regression & Analysis, Advanced Digital Electronics, Data Structures & Algorithms, Object Oriented Programming (OOPs), Computer Architecture, Computer Organization, Data Communication & Networking, UNIX & Shell Scripting

Affiliations:

MIT Cricket Club

$ grep -i experience resume.txt

Graduate Research and Teaching Assistant

Duke University|Durham, North Carolina

September 2024 - May 2026Student on-campus employment, Part-time
  • Contributing to the university's cybersecurity research and excellence initiatives supporting efforts to attain the NSA's AI security designation status.
  • Assisting Prof. Schnell in grading, curriculum improvement and co-teaching with faculty director Art Ehuan while incorporating industry-relevant security topics, labs for 3 graduate-level courses.
  • Providing technology, IT and hardware replacement support for Duke University Office of Information Technology's ePrint stations across the beautiful West campuses, leading to an average footfall of ~15,000 steps daily.

Intern - Unit 42 (Cyber Risk Management)

Palo Alto Networks|Reston, VA

May 2025 - August 2025Professional employment, Full-time
  • Architected centralized threat intelligence repository by partnering with 7+ SMEs across Europe and North America to track global threat actor TTPs and IOCs, reducing intelligence gathering time by 65% across 50+ active client engagements now leveraging the automation framework firm wide.
  • Supported the internal service offering team for a Zero Trust Architecture assessment benchmarking ZScaler, Cisco, Cloudflare, and Palo Alto ZTNA platforms against NIST SP 800-207 and Zero Trust Maturity Model frameworks, delivering technical matrix covering 45+ capabilities that informed strategic vendor selection.
  • Automated Unit 42 OffSec team's PlexTrac-Nessus reporting workflow using 4 Python scripts with API integrations to extract and correlate plugin IDs, reducing complex search and reporting time by 68% and reducing 15+ billable hours weekly.

Associate (Risk Advisory – Cybersecurity SBU)

PricewaterhouseCoopers Services LLP (PwC India)|Mumbai, India

July 2023 - June 2024Professional employment, Full-time
  • Partnered with clientele's senior leadership to create strategic roadmaps, aligning security programs with NIST and ISO frameworks to achieve "to be" control target states.
  • Engineered an automated audit and hardening solution that streamlined compliance by 55%, providing consistent metrics on security hardening and saving over $15,000 monthly.
  • Led research on GenAI attack vectors with the 'One Cyber' team to proactively develop defense strategies, informing the firm's cyber defense posture against emerging threats.
  • Mentored a team of 9+ junior analysts, developing their technical proficiency and our IT security team's collective outcomes.

Asst. Systems Engineer (Senior Security Analyst – Cyber Security Practice)

TATA Consultancy Services Limited|Pune, India

June 2021 - June 2023Professional employment, Full-time
  • Leveraged the MITRE ATT&CK framework to develop comprehensive threat models, creating key performance indicators that led to a significant reduction in the enterprise attack surface.
  • Authored and implemented new incident response playbooks that established performance baselines and key metrics, decreasing average triage and response time by 54%.
  • Integrated automated SAST/DAST vulnerability scanning (SonarQube) into GitLab CI/CD pipelines and gates aligned to OWASP Top 10 standards, accelerating secure product release cycles by 45%.

$ ls -l /skills

Technical Skills

  • Offensive Security
  • Red Teaming
  • Vulnerability Assessment, Management and Penetration Testing (Websites, APIs, Active Directory, Networks, Thin/Thick-clients, Android/iOS, SAP systems, Citrix VDIs)
  • Exploitation techniques
  • DevSecOps
  • Social engineering
  • Advanced threat emulation
  • Physical security testing (ATMs, RFID and IoT devices)
  • Adversary tactics, techniques, procedures (TTPs)

Defensive Security

  • Blue Teaming
  • Security Operations Center (SOC)
  • Security Information and Event Management (SIEM)
  • Log analysis and monitoring
  • Cyber threat intelligence and threat detection
  • Security controls implementation
  • Incident Response & Digital Forensics (DFIR)
  • Incident management lifecycle, Incident Response Planning

Risk Management and Compliance

  • Risk Assessment
  • Threat modeling
  • Risk analysis methodologies
  • Security assessment frameworks (ISO 27001, NIST, CIS)
  • Compliance
  • Regulatory standards (GDPR, HIPAA, PCI-DSS)
  • Audit procedures and controls
  • Data protection & privacy regulations
  • Governance
  • Drafting security policies, procedures and SOPS

Leadership and Business acumen

  • Technical writing
  • Liaising with non-technical stakeholders, teams
  • Presentations & documentation
  • Communication
  • Problem-solving & Analytical Thinking
  • Root cause analysis
  • Critical thinking and troubleshooting
  • Collaboration & Teamwork
  • Cross-functional team collaboration
  • Stakeholder management
  • Continuous learning

$ ls /certifications/

INE fka eLearn Security Junior Penetration Tester [eJPTv2]

Verify

Offensive Security Certified Professional [OSCP]

Expected by December, 2025

$ cat achievements.log

CTF Standings

NokodSecurity CTF (2025)

Secured 2nd position for the low-code, no-code automation challenges to win a Buggati LEGO set at the OWASP Global AppSec 2025 conference in Washington D.C.

2025

Duke x HackTheBox CTF (2025)

Secured 1st Place and a $3,000 grand prize, competing against leading university hacking teams and clubs including NCSU's WSPR and HackPack.

2025

Raymond James CTF (2025)

Placed 4th out of 15 premier U.S. East Coast teams and won a most efficient exploit award, resulting in a direct expression of interest for a cybersecurity role from Raymond James.

2025

nullCon Goa (2023)

Runner-up of the CTF and gamified hiring events hosted by TESCO, VISA, HackerOne, BugCrowd, Stryker.

2023

McKesson ISRM CyberCup (2022)

Led and mentored a team of senior security analysts from Tata Consultancy Services to achieve 2nd Place in the annual CyberCup held by McKesson Corporation in Irving, Texas.

2022

TCS HackQuest Season 5 (2021)

Secured 7th rank among 22,000+ participants; subsequently hired by TATA Group's Cybersecurity Center of Excellence for outstanding performance in this Capture the Flag competition.

2021

HackerEarth Bruteforce 3.0 (2021)

Achieved a Top 100 position among 5,000+ participants in the cybersecurity hackathon and Capture the Flag event organized by HackerEarth.

2021

Awards

NetDiligence Cyber Risk Summit (2024)

Represented Duke University's Master of Cybersecurity Engineering program as a graduate student ambassador at the annual Cyber Risk summit in Philadelphia, Pennsylvania.

2024

Duke University Cybersecurity Graduate Scholar (2024)

Awarded a merit-based competitive scholarship towards pursuing a Master's in Cybersecurity Engineering at Pratt School of Engineering, Duke University, by faculty director Professor Arturo Ehuan.

2024

J.N. Tata Scholar (Batch of '24)

Recipient of the prestigious scholarship established in 1892 by Jamsetji Nusserwanjee Tata, awarded annually to the top 50 brightest Indian students from STEM and Law disciplines for overseas higher education.

2024

$ tail -5 blogs.log

View all
6 min read

The Double-Edged Sword: What I Learned About ML in Cybersecurity and the Rise of AI Defense

Exploring the duality of AI in cybersecurity - how machine learning strengthens defense while simultaneously introducing new attack surfaces. Key insights from HiddenLayer on securing AI systems against adversarial attacks, data poisoning, and model extraction.

#Machine Learning#AI Security#Cybersecurity#Adversarial ML#HiddenLayer#Data Poisoning#Model Extraction#MLOps#AI Defense#Secure AI#LLM Security
2 min read

AI, Security & Responsibility: Leadership Takeaways from Duke Cybersec's Friday Seminar

Key insights from a Duke Cybersecurity seminar on the intersection of AI, security, and responsibility - covering model signing in healthcare, AI leadership, safety interventions, resource constraints, and the importance of privacy and transparency in modern LLMs.

#AI#Security#Leadership#Privacy#Machine Learning#Cybersecurity
4 min read

The Marriage of AI and Cybersecurity — From Network Detection to SOC Automation

Exploring Vectra AI's approach to blending machine learning, LLMs, and symbolic reasoning for advanced threat detection and SOC automation. Learn how AI amplifies security analysts rather than replacing them.

#AI#Artificial Intelligence#Cybersecurity#Machine Learning#SOC#Security Operations#LLM#Threat Detection#Vectra AI#Network Security#Automation
5 min read

TCS HackQuest Season 5: Round 1 Writeup

My journey and detailed solutions for TCS HackQuest Season 5 Round 1, where I solved 4 challenges earning 700 points. Learn about OSINT, digital certificates, PHP regex, and API security through practical CTF challenges.

#CTF#Capture The Flag#TCS#HackQuest#Writeup#Cybersecurity#Web Security#OSINT#Cryptography#API Security

$ ls -al /worksamples

Web application penetration test report

An actual redacted pentest report prepared by me as a part of independent security consulting for a UAE based customer dated September 2023.

View PDF

PDF preview unavailable.

Download instead

Cyber Threat Intelligence Report - Analysis on "DopplePaymer" ransomware group

Published a comprehensive CTI report, as a part of my own interest and mid-term examination for CYBERSEC 510 coursework under Prof. Arturo Ehuan.

View PDF

PDF preview unavailable.

Download instead

Case Study - CapitalOne AWS Data breach

Published an in-depth case study, as a part of my mid-term examination for CYBERSEC 590 coursework under Prof. David Faraone.

View PDF

PDF preview unavailable.

Download instead

HSE Ransomware Play Book

Prepared a ransomware playbook, as a part of my final examination for CYBERSEC 510 coursework under Prof. Arturo Ehuan.

View PDF

PDF preview unavailable.

Download instead

HSE Incident Response Plan

Prepared an end-to-end IRP (Incident Response Plan), as a part of my final examination for CYBERSEC 510 coursework under Prof. Arturo Ehuan.

View PDF

PDF preview unavailable.

Download instead

HSE Incident Response Policy

Prepared a IR (Incident Response) Policy, as a part of my final examination for CYBERSEC 510 coursework under Prof. Arturo Ehuan.

View PDF

PDF preview unavailable.

Download instead

$ netcat -lv contact