ABOUT ME

// ACCESS LEVEL: AUTHORIZED
OPERATIVE ID: RV-2025

PROFILE

I'm Rokkam Vamshi (iamaangx028), a security researcher focused on offensive security. I enjoy pulling web apps, APIs, and networks apart to understand how they actually fail, chaining findings into real-world exploitation paths, and writing the automation that makes the hunt repeatable. I also document what I learn as weekly security writeups.

PROFESSIONAL HISTORY

FireCompass

1 yr 9 mos

NOV 2025 - PRESENT

Security Analyst

Leading continuous attack surface discovery and CVE research, I turn findings into validated, real-world exploitation paths. I build automation to scale reconnaissance, drive proactive red-teaming simulations of adversarial behavior, and own the mapping and monitoring of exposed assets across enterprise environments.

OCT 2024 - NOV 2025

Security Research Intern

Supported the team's attack surface monitoring and vulnerability research — writing automation scripts, validating findings, and studying real-world exploitation techniques. This hands-on foundation is what I now build on in my analyst role.

CybersmithSECURE

7 mos

FEB 2024 - SEP 2024

InfoSec Intern

My first hands-on security role. Alongside the team I ran 30+ web, network, and API pentests under tight timelines, often with custom tooling — surfacing 50+ critical/high-severity issues including SQL injection, IDORs, account takeovers, unauthorized admin access, PII leaks, and business-logic flaws.

EDUCATION

2021 - 2025

B.Tech in Computer Science and Cybersecurity

Sree Vidyanikethan Engineering College - Notable coursework in Computer Science & Cybersecurity

PRIMARY EXPERTISE:
WebApp Security API Testing Network Pentesting Android Pentesting Cloud Pentesting Python Scripting Breach and Attack Simulation

RESUME

DOWNLOAD RESUME

Access my Resume here

PDF Document 85KB • Optimized for Viewing
DOCX Document Editable Format

PROJECTS

ASM Tool

COMPLETED
ASM Tool dashboard showing subdomain enumeration and Nuclei scan results
ASM TOOL v1.0
CLASSIFICATION: PUBLIC

Domain-based recon engine with subdomain enumeration, deduplication, Nuclei scanning, and results in user friendly dashboard.

TECHNICAL SPECIFICATIONS:
Python | Nuclei | Subfinder | Django

JSRadar

ONGOING
JSRadar JavaScript enumeration tool preview
JSRADAR v1.2
CLASSIFICATION: PRIVATE REPO

A powerful JavaScript enumeration and analysis tool for security researchers and penetration testers. Will make it Public once I complete working on it!

TECHNICAL SPECIFICATIONS:
Python | HTML

Personal Password Vault

COMPLETED
Personal Password Vault terminal password manager screenshot
VAULT v1.2
CLASSIFICATION: PUBLIC

Lightweight terminal-based password manager with encryption for personal use.

TECHNICAL SPECIFICATIONS:
Python

Burp Traffic Highlighter

COMPLETED
Burp Traffic Highlighter Burp Suite extension screenshot
HIGHLIGHTER v1.0
CLASSIFICATION: PUBLIC

A Burpsuite extension that is used to automatically highlight Burp HTTP history with different colors.

TECHNICAL SPECIFICATIONS:
Python | Mod Header Extension

SKILLS

PENETRATION TESTING

Web Application Testing PROFICIENT
85%
API Security Testing ADVANCED
90%
Network Penetration INTERMEDIATE
75%
Android Pentesting INTERMEDIATE
70%

TOOLS MASTERY

90%
Burp Suite
85%
Nmap
80%
Metasploit
85%
Wireshark
88%
Nuclei

CREDENTIALS

ACTIVE CERTIFICATIONS

eJPT
ID: RV-CERT-001
CLEARANCE: LEVEL 3

eJPTv2 - Junior Penetration Tester

eLearnSecurity ISSUED: OCT.2023 STATUS: ACTIVE

Practical certification demonstrating hands-on penetration testing skills and methodology. Covers network attacks, web application testing, and system exploitation.

API
ID: RV-CERT-002
CLEARANCE: LEVEL 2

API Security Fundamentals

APIsec University ISSUED: DEC.2023 STATUS: ACTIVE

Specialized training in API security testing, vulnerability assessment, and remediation strategies. Focuses on OWASP API Top 10 security risks.

API
ID: RV-CERT-003
CLEARANCE: LEVEL 2

PT1

TryHackMe ISSUED: Aug.2025 STATUS: ACTIVE

A deep dive into WebApp, Network and AD security testing and remediation. It was a 100% hands-on practical exam based certification with custom report template. It covers various penetration testing methodologies and real-world scenarios.

WALL OF FAME

STATS

80+
ORGANIZATIONS
VERIFIED
30+
VAPTs (During Internship)
TOP 100
NCIIPC-AICTE PENTATHON

ORGANIZATIONS SECURED

ACCENTURE
CISCO
SONY
PANASONIC
XTRM
U.K. MINISTRY OF DEFENSE
U.S. DEPARTMENT OF EDUCATION
UNI-MARBURG
JIO
PAYTM
TATAPLAY
GEA
DUTCH RESEARCH COUNCIL
GEEKSFORGEEKS
ACHMEA
DECKO

LETTERS OF APPRECIATION

Letter of Appreciation from Axway
A

Axway

ISSUED: JUL.2023 JENKINS SERVER

Thank you for responsibly disclosing the information leakage finding on one of our Jenkins servers. We appreciate the professional manner in which the issue was reported.

Sandy Blackwell Global Director Software Security
Letter of Appreciation from US Department of Education
U

US Department of Education

ISSUED: MAR.2023 WEB PORTAL

We extend our gratitude for your responsible disclosure of critical security vulnerabilities in our web portal. Your expertise helped protect sensitive educational data.

Security Response Team US Department of Education
Letter of Appreciation from Philipps-Universität Marburg
U

Uni-Marburg

ISSUED: SEP.2023 AUTH BYPASS

Thank you for identifying and reporting the authentication bypass vulnerability in our research portal. Your contribution has significantly improved our security posture.

IT Security Department Philipps-Universität Marburg
Letter of Appreciation from Panasonic
P

Panasonic

ISSUED: JAN.2024 SSRF VULN

We appreciate your responsible disclosure of the SSRF vulnerability in our internal API. Your detailed report allowed us to quickly remediate the issue.

Security Operations Center Panasonic Corporation
Letter of Appreciation from GEEKSFORGEEKS
D

GEEKSFORGEEKS

ISSUED: Mar.2025 Blind XSS in Support Portal

Thank you for your diligent effort in identifying and responsibly reporting the Blind XSS vulnerability in our Support Portal.

Vulnerability Disclosure Program GEEKSFORGEEKS
Letter of Appreciation from RUS-CERT
C

RUS-CERT

ISSUED: Jul.2023 Blind XSS in Support Form

You helped us in improving IT security at our University

IT Security Team University Stuttgart RUS-CERT
Axway Letter Thumbnail
AXWAY
US Dept of Education Letter Thumbnail
US DEPT EDU
Uni-Marburg Letter Thumbnail
UNI-MARBURG
Panasonic Letter Thumbnail
PANASONIC
US DoD Letter Thumbnail
US DOD
Cisco Letter Thumbnail
CISCO

BLOGS

INTERACTIVE CYBER INTELLIGENCE HUB

Explore my comprehensive weekly cybersecurity learning journey. Every writeup lives on a dedicated, interactive node-based map — read them in order or jump to whatever topic you need.

20
WEEKLY BLOGS
SELF PACED
MODE
INTELLIGENCE HUB 🚀
CLEARANCE LEVEL: INTERACTIVE-MODE | LEARN AT YOUR OWN PACE

EVENTS & CONFERENCES

2024

NCIIPC AICTE Pentathon 2024

New Delhi

NCIIPC AICTE Pentathon 2024 Finalist. Attended my first ever offline CTF challenge. It was a fun and great learning experience.

Web Security CTF Top 100
2024

BSides Ahmedabad

Ahmedabad

Got a chance to meet the great minds of Cybersecurity. Thanks to Yassine Aboukir 🐐 for the entry Pass.

Bug Bounty Events Networking
2025

BSides Vizag

Vizag, AP

Attended BSides Vizag to connect with the local security community and learn from talks and hands-on sessions led by researchers across India.

Bug Bounty Events Networking

CONTACT

GET IN TOUCH WITH ME