Profile Photo
Portrait of Simran Khirbat

Simran Khirbat

Offensive Security • AppSec • Cloud

Cybersecurity (3+ years) - Penetration Testing, AppSec, and Cloud Security.
Master’s in Cybersecurity at University of Delaware.

Web • API • Mobile PentestCloud Security (GCP • AWS • Azure)Automation (Python)
See My Journey Get In Touch Newark, DE
250+
Vulnerabilities
40%
Risk ↓
35%
Misconfig ↓
Simran Khirbat portrait large

About Me

I'm a Cybersecurity Professional with 3+ years in Offensive Testing, Cloud Security, AI Security, and Automation. I bridge Red and Blue by breaking systems to expose weaknesses, then building guardrails to keep them secure. With team leadership and mentoring experience, I deliver practical, measurable risk reduction.

  • Penetration testing across Web, API, Mobile, and Network applications with OWASP ASVS alignment and Secure SDLC integration.
  • Cloud security across GCP and AWS with hardening guidelines, CIS/NIST alignment, and Security Command Center integration.
  • Python automation for vulnerability scanning, data processing, and report generation to reduce manual assessment effort.
  • Purple teaming with OWASP Top 10 attack simulation, Suricata IDS/IPS detection, and ELK-based log correlation.
  • AI-driven security engineering with LLM-based orchestration, adaptive testing workflows, vulnerability triage, and secure multi-agent generative AI platform design.
3+ years in CybersecurityWeb • API • Mobile PentestCloud SecurityAI SecurityLeadershipAutomationPurple Teaming
Primary Tools
Burp • Nmap • OWASP ZAP • Metasploit • SQLMap
+ Nessus • Wireshark • WhatWeb • MobSF • ELK • Suricata
Methodologies & Frameworks
OWASP Top 10 • NIST • CIS • MITRE ATT&CK
Cloud Platforms
GCP • AWS • Azure
Languages
Python • Java • C/C++ • JS • Shell
Operating Systems
Kali Linux • Ubuntu • Unix • Debian • Windows
Community
WiCyS • BSides Delaware • CTFs

Work Experience

System Engineer - Software Security Assurance | Tata Consultancy Services
May 2023 – July 2024 • Team Lead

Led 6-member PenTest team; Executive Reporting and Mentoring.

  • Led penetration testing projects across Web, API, Mobile, and Network applications.
  • Executive-level reports & presentations → drove ~20% posture improvement.
  • Mentored juniors; organized CTFs/workshops to increase team proficiency.
  • GCP guidelines aligned to OWASP, CIS, NIST; SCC integration → ~35% fewer misconfigurations.
  • Performed PenTest across applications following OWASP ASVS.
  • Identified 250+ vulnerabilities; ~40% reduction in exploitable risk.
  • 25+ critical vulns (SQLi, XSS, IDOR, privilege escalation).
  • Automated Nmap/Core Impact → ~50% faster scans.
  • Reduced recurring issues by 35% via code & architecture reviews.
  • Designed CTF challenges for organization-wide competition.
Dec 2021 – April 2023 • Penetration Tester

Web, mobile, API, and network security testing; Secure SDLC integration.

July 2021 – Nov 2021 • Trainee

Penetration testing fundamentals & initial assessments.

  • Built fundamentals using OWASP guidelines and PortSwigger labs.
  • Performed and reported initial web & network tests with remediation guidance.
Astro Club - Bhilai Institute of Technology, Durg
  • Collaborated with ISRO on the Vikram Sarabhai Centenary Program.
  • Created & curated astronomy education content; ran awareness sessions to dispel myths.
  • Coordinated stargazing nights, Messier Marathons, and guest lectures by scientists.
Sept 2017 – Feb 2020 • Content Head

Led outreach and content for the student astronomy community; coordinated large-format public events.

Education

UD
Master’s in Cybersecurity
University of Delaware • Aug 2024 - Feb 2026 • GPA 3.8/4.0
Courses: System Hardening & Protection, Web Application Security, Cloud Computing & Security, Reverse Engineering & Penetration Testing, Ethical Hacking, Advanced Cybersecurity.
Activities: Member - Cybersecurity Club & Women In Cybersecurity, Volunteer - BSides Delaware & Secure Delaware Conference
BIT
B.Tech, Information Technology
Bhilai Institute of Technology, Durg • 2017 – 2021 • GPA 9.05/10
Courses: Computer Organisation & Architecture, Operating Systems, Data Structure & Algorithms, Computer Networks, Cybersecurity, Unix & Shell Programming, Database Management Systems.
Activities: The Astro Club - Content Head & Active Member, Participant of Smart India Hackathon & Technical Fest at BIT, Durg & NIT Raipur.

Projects

Agentic AIState-Driven Security

Agentic AI PenTest Copilot

Adaptive LLM-driven security co-pilot that orchestrates OWASP ZAP, WhatWeb, and testssl.sh in a state-driven Observe-Decide-Act loop. Implements structured CVSS v4.0 triage and auto-generates OWASP Top 10-mapped security reports.

Autonomous Testing EngineCVSS v4.0 TriageAgent Memory DesignSecure Tool GatewayOWASP Top 10 Reporting
Attack ↔ DefenseLab • Virtualized

Purple Team Lab

Engineered a segmented Purple Team lab to execute OWASP Top 10 attacks on Juice Shop and validate detection visibility using Suricata IDS and ELK telemetry.

OWASP Top 10 ExploitationDetection EngineeringSuricata IDS/IPSELK Log CorrelationVLAN Segmentation (pfSense)
AutomationFlask • Python

Vulnerability Scanner Automation

Designed an automated vulnerability assessment workflow integrating Nmap, SQLmap, and Nessus API to centralize scanning, correlate findings, and generate structured security reports.

Scan OrchestrationNessus API IntegrationSQLi AutomationNmap NSE EnumerationSecurity Report Generation
Generative AISecure Multi-Agent SaaS

BotBuddy - Secure AI Chat Platform

Production-ready generative AI chat platform built on a modular multi-agent architecture, leveraging Hugging Face LLMs for real-time token streaming, enterprise-grade security controls, and resilient cloud-backed persistence.

LLM IntegrationReal-Time StreamingEnterprise AuthenticationOWASP-Aligned SecurityCloud Persistence
Visit site
Deep-Dive

Purple Team Lab

Engineered a segmented Purple Team environment to simulate OWASP Top 10 attack scenarios and validate defensive telemetry across isolated VLAN networks.
The lab bridges offensive exploitation with detection engineering, demonstrating how real attack techniques translate into IDS alerts, log correlation, and actionable security visibility.
This project showcases end-to-end attack → detection → investigation lifecycle across a controlled, enterprise-style network topology.

50+
Validated Alerts
Real-Time
Telemetry Pipeline
End-to-End
Purple Team Workflow
Architecture

Segmented network using pfSense with attacker, target, and monitoring zones:

  • VLAN 10: Red Team (Kali Attacker)
  • VLAN 20: Target Application (OWASP Juice Shop)
  • VLAN 30: Blue Team Monitoring (Suricata IDS + ELK)
            Kali (Attacker VM - VLAN 10: 192.168.10.x)
                │
                ▼
          pfSense (Firewall + VLAN Segmentation + Traffic Control)
                │
                ├──▶ Ubuntu App (OWASP Juice Shop - VLAN 20: 192.168.20.x)
                │
                └──▶ Ubuntu IDS (Suricata - Traffic Mirror/SPAN)
                               │
                               ▼
                        EVE JSON Logs
                               │
                               ▼
                      Logstash (Parsing & Enrichment)
                               │
                               ▼
                     Elasticsearch (Indexed Security Telemetry)
                               │
                               ▼
                        Kibana (Dashboards & Alert Analysis)

Suricata alerts exported via EVE JSON and ingested into ELK for structured analysis, categorization, and investigation.

Implementation Highlights
Offensive Simulation
  • Executed OWASP Top 10 attack scenarios (SQLi, XSS, Command Injection, Brute Force).
  • Demonstrated authentication bypass and payload injection exploitation.
  • Validated exploit execution across segmented VLAN boundaries.
  • Mapped attack techniques to observable IDS telemetry.
Detection Engineering
  • Integrated Emerging Threats ruleset into Suricata.
  • Developed custom OWASP-focused detection rules.
  • Tuned alert thresholds to reduce noise and improve signal quality.
  • Correlated IDS alerts with executed payloads to validate rule accuracy.
  • Classified events by severity and attack category for structured visibility.
Purple Team Integration
  • Validated control effectiveness through attacker-driven testing.
  • Demonstrated bidirectional learning between attack patterns and detection refinement.
  • Showcased full attack → detection → analysis workflow for portfolio demonstrations.
Key Results
Red Team Outcomes
  • Successfully executed OWASP Top 10 exploitation scenarios.
  • Validated vulnerable endpoints within segmented environment.
  • Demonstrated real-world attack behavior under controlled firewall policies.
Blue Team Outcomes
  • Captured 50+ validated security alerts across attack categories.
  • Achieved real-time threat visibility via ELK dashboards.
  • Reduced false positives through rule tuning and severity classification.
  • Enabled rapid pivot from alert to contextual log analysis.
Purple Team Outcome

Demonstrated cohesive offensive and defensive security workflow, validating how exploitation techniques inform detection engineering and security control tuning.

Tech Stack & Competencies
Technologies
VMwarepfSenseKali LinuxBurp SuiteNmapMetasploitSQLmapSuricataELK StackLogstashElasticsearchKibanaOWASP Juice Shop
Key Competencies
Purple TeamOffensive SecurityOWASP Top 10 ExploitationWeb Application SecurityThreat Detection EngineeringIDS/IPSAlert Tuning & ClassificationCustom Rule DevelopmentVLAN SegmentationNetwork Policy EnforcementMonitoring & SIEMLog CorrelationIncident Response
Deep-Dive

Vulnerability Scanner Automation

To eliminate repetitive manual testing workflows, this platform orchestrates Nmap, SQLmap, and Nessus API scans within a unified Flask-based controller, centralizing findings into structured dashboards and automated PDF reports.
The automation reduces manual assessment effort by 60% while improving consistency and reporting quality.

60%
Manual Effort Reduced
API-Driven
Scan Orchestration
Automated
SQLi & Port Testing
Structured
PDF Reporting
Architecture
            Input (Targets)
                │
                ▼
          Flask Controller (Scan Orchestration Layer)
                ├──▶ Nmap (Port Discovery + NSE Vulnerability Scripts)
                ├──▶ SQLmap (Automated SQL Injection Testing)
                └──▶ Nessus API (Enterprise Vulnerability Scans + CVE Mapping)
        
          Results Aggregation Layer
                │
                ├──▶ Web Dashboard (Real-Time Scan Status & Findings)
                └──▶ PDF Report Generator (Structured Executive + Technical Output)
Features
  • Automated port and service enumeration using Nmap with NSE-based vulnerability scripts.
  • Integrated SQL injection testing pipeline leveraging SQLmap automation.
  • API-driven Nessus orchestration for scan execution, status monitoring, and CVE correlation.
  • Consolidated findings into structured PDF reports with severity classification and remediation guidance.
Key Results
  • Validated scanner effectiveness against intentionally vulnerable environments (DVWA, OWASP Juice Shop).
  • Detected high-severity vulnerabilities including SQL injection, XSS, weak SSL/TLS configurations, and exposed services.
  • Identified 20+ open ports and mapped associated CVEs via Nessus API integration.
  • Generated automated PDF deliverables aligned with professional penetration testing report standards.
Tech Stack & Competencies
Technologies
Python 3FlaskJinja2Nmap (NSE)SQLmapNessus REST APIFPDF2
Key Competencies
Scan OrchestrationMulti-Tool IntegrationAPI-Driven Vulnerability ManagementAutomated Security ReportingWorkflow AutomationCVE Correlation & Severity Mapping
Deep-Dive

Agentic AI PenTest Copilot

This project implements an adaptive LLM-driven security co-pilot that autonomously coordinates web security tools within a structured Observe-Decide-Act loop .
Instead of executing a fixed scan sequence, the system evaluates current findings, scope constraints, and stored agent state to determine the next testing action. This enables dynamic vulnerability discovery, structured CVSS v4.0 triage, and automated OWASP Top 10-mapped reporting.
The system reduced web assessment effort by 45% by eliminating static workflows and introducing state-aware decision logic.

CVSS v4.0
Triage
OWASP Top 10
Mapped Reports
Agent Memory
Multi-Layer Design
Architecture

The copilot runs as a controlled Observe-Decide-Act loop. Instead of a fixed scan sequence, the LLM selects the next action based on current findings and persisted state. All tool execution flows through a Secure Tool Gateway that enforces scope boundaries and execution budgets, while results are stored for structured triage and reporting. 

          Target URL(s) + Scope/Budget
                │
                ▼
        Agentic AI PenTest Copilot (FastAPI Controller)
                │
                ▼
      Observe (collect context)  [http_fetch + WhatWeb]
                │
                ▼
  Decide (LLM Decision Engine - Gemini)  [select next action based on state + findings]
                │
                ▼
  Validate (Secure Tool Gateway)  [scope allowlist • time/depth/rate budgets • tool allowlist]
                │
                ▼
     Execute Tools (as chosen)
          ├──▶ OWASP ZAP        [crawl + active scan]
          ├──▶ testssl.sh       [TLS/SSL checks]
          ├──▶ CVE Enrichment   [tech → CVE context]
          └──▶ Nmap             [ports/services if in-scope]
                │
                ▼
    Analyze + Triage  [normalize findings • dedupe • CVSS v4.0 scoring]
                │
                ▼
     Store State + Evidence (SQLite + artifacts)  [decisions • outputs • traceability]
                │
                ▼
      Report Generator  [OWASP Top 10-mapped executive + technical report]
                │
                └──────────────▶ Repeat Loop  [next action chosen from updated state]
Implementation Highlights
  • State-driven decision loop: Observe-Decide-Act execution model with no fixed scan sequence; next actions determined from persisted findings and contextual state.
  • Structured decision schema: LLM outputs constrained to tool + parameters + rationale format to ensure deterministic execution and auditability.
  • Secure tool gateway: Centralized execution layer enforcing scope boundaries, execution budgets (time/depth/rate), and strict tool allowlists.
  • Multi-layer agent memory: Working, semantic, and episodic memory layers used to avoid redundant actions and refine decisions across iterations.
  • Normalized findings pipeline: Consolidates raw tool outputs into structured findings with deduplication and standardized severity classification.
  • CVSS v4.0 triage integration: Applies structured scoring to prioritize vulnerabilities and reduce false positives.
  • Automated OWASP Top 10 reporting: Generates consistent executive + technical reports with remediation guidance and reproducible evidence.
  • Persistent execution trace (SQLite): Stores state transitions, tool invocations, and artifacts for reproducibility and audit traceability.
Key Results
  • Improved assessment efficiency by 45% by replacing static scan sequences with a state-aware Observe-Decide-Act execution loop.
  • Reduced false positives and duplicate findings through normalized output handling and structured CVSS v4.0 triage across tools.
  • Increased consistency of reporting by auto-generating OWASP Top 10-mapped executive + technical deliverables with remediation guidance.
  • Strengthened control and safety via a secure tool gateway enforcing scope boundaries, execution budgets, and tool allowlists.
  • Enabled auditability and reproducibility by persisting decisions, tool outputs, and evidence artifacts in SQLite for end-to-end traceability.
Tech Stack & Competencies
Technologies
Python 3FastAPIGemini AIOWASP ZAPWhatWebtestssl.shDockerSQLitePydantic
Key Competencies
Agentic AIObserve-Decide-Act ArchitectureLLM-Driven Decision SystemsSecure Tool Gateway DesignCVSS v4.0 TriageMulti-Layer Agent MemoryNormalized Findings PipelineOWASP Top 10 Mapped ReportingExecution TraceabilityState Persistence
Deep-Dive

BotBuddy - Secure AI Chat Platform

BotBuddy is a production-ready generative AI chat platform built on a modular multi-agent architecture. The system integrates Hugging Face LLMs to deliver real-time, token-by-token streaming responses over WebSocket connections.
Designed with a security-first mindset, the platform implements enterprise-grade authentication, OWASP-aligned hardening, rate limiting, and resilient state replication to support secure, scalable deployment.
The result is a secure, multi-agent generative AI system capable of handling persistent sessions and real-time inference in a production SaaS environment.

Live Application: https://botbuddy-x9k4.onrender.com/
Multi-Agent
AI Systems
Real-Time
WebSocket Streaming
OWASP-Aligned
Security Controls
Architecture

FastAPI backend with WebSocket support, AI adapter pattern for multiple providers, and persistent database with cloud replication. 

            Users (Browser)
                │
                ▼
        Frontend (Angular SPA)
                │
                ├──▶ HTTPS REST (Auth, Sessions, History)
                └──▶ WSS Websocket(Real-Time Chat Streaming)
                │
                ▼
        Backend Service (FastAPI - Dockerized)
           ├──▶ Security Layer
           │    • JWT Auth + Argon2
           │    • CSRF + CAPTCHA + Rate Limits
           │    • OWASP Headers + CORS
           │
           ├──▶ Multi-Agent Router
           │    ├─ General Assistant
           │    ├─ Code Expert
           │    ├─ Creative Writer
           │    └─ Data Analyst
           │
           │    (Agent-specific system prompts + temperature + configs)
           │
           ├──▶ AI Adapter Layer
           │    • Hugging Face Inference
           │    • Streaming response handler
           │
           └──▶ Persistence Layer
                • SQLite (sessions + messages)
                • Litestream → Cloudflare R2
Implementation Highlights
  • Role-based multi-agent design: Implemented four specialized agents (General Assistant, Code Expert, Creative Writer, Data Analyst) using isolated system prompts and per-agent generation settings (e.g., temperature / max tokens) for consistent task behavior.
  • Real-time token streaming: Built a WebSocket streaming pipeline to deliver token-by-token responses with connection lifecycle handling (auth handshake, reconnect-safe session flow, timeouts).
  • Hugging Face inference integration: Integrated Hugging Face LLM inference behind an adapter layer so models/providers can be swapped without changing core chat logic.
  • Secure session + auth model: Implemented JWT access/refresh tokens with secure password storage (Argon2) and session management for persistent chat history.
  • Abuse & request controls: Added CSRF protection, CAPTCHA on login, and IP-based rate limiting to reduce automated abuse and protect authentication endpoints.
  • OWASP-aligned hardening: Enforced security headers (CSP, HSTS, X-Frame-Options), strict CORS allowlisting, and input validation/sanitization to mitigate XSS and injection risks.
  • Production-grade persistence: Persisted users/sessions/messages in SQLite and implemented Litestream replication to Cloudflare R2 for durability, backup, and recovery.
  • Deployment readiness: Containerized the application with Docker and added environment-based configuration patterns to support consistent production deployment.
Key Results
  • Successfully deployed a production-ready generative AI platform with multi-agent routing and secure real-time streaming.
  • Implemented enterprise-grade authentication & authorization using JWT (access/refresh), Argon2 password hashing, and secure session isolation.
  • Built a token-by-token WebSocket streaming engine, delivering responsive real-time LLM output to the client.
  • Designed a role-based multi-agent architecture supporting 4 specialized AI agents with isolated prompts and configurable inference settings.
  • Achieved OWASP-aligned security posture, mitigating common web risks (XSS, CSRF, injection, abuse) through layered controls.
  • Ensured durable data persistence via SQLite with Litestream replication to Cloudflare R2 for backup and recovery.
Tech Stack & Competencies
Technologies
PythonFastAPIWebSocketJWTSQLAlchemySQLiteHugging Face AIDockerLitestreamSQLiteCloudflare R2Argon2PydanticAlembic
Key Competencies
Multi-Agent AI ArchitectureGenerative AI IntegrationReal-Time Streaming SystemsSecure Authentication & AuthorizationOWASP-Aligned Application SecurityAPI Design & Middleware HardeningProvider Abstraction (LLM Adapter Pattern)Database Persistence & ReplicationProduction Deployment & Containerization

Licenses & Certifications

  • Advance Executive Program in Cybersecurity
    IIIT Bangalore • Issued Sep 2023
  • Cybersecurity Virtual Internship
    National Payments Corporation of India (NPCI) • Issued Sep 2023
  • Ethical Hacking and VAPT
    IIIT Bangalore & Simplilearn • Issued Sep 2023
  • Application and Web Application Security
    IIIT Bangalore & Simplilearn • Issued Jul 2023
  • Ransomware and Malware Analysis
    IIIT Bangalore & Simplilearn • Issued Jul 2023
  • Enterprise Infrastructure Security
    IIIT Bangalore & Simplilearn • Issued May 2023
  • Induction for Advanced Executive Program in Cybersecurity
    IIIT Bangalore & Simplilearn • Issued Apr 2023
  • Python for Everybody
    University of Michigan & Coursera • Issued May 2020

Tip: scroll horizontally to see more certificates →

Outside Work

Stargazing night
Aurora Lights
Northern lights glowing across the sky
Times Square
Time Square
Exploring the lights of New York City
Messier marathon
Messier Marathon
Moonlit deep-sky astronomy hunt
ISRO Vikram Sarabhai centenary program
Astro Club • ISRO Program
Space outreach & coordination event
Photography
One Piece
Anime & Manga fan showcase
Hiking
Hiking & Trails
Cave exploration in the hills

Get In Touch