$ whoami --verbose

Cybersecurity consultant & PhD scholar.

I help enterprises find the holes before someone else does. 5+ years running penetration tests, vulnerability assessments, and DevSecOps engagements — currently researching threat mitigation at IIT Bhilai.

CEH Master OSCP Security+ BlackDuck SCA API Security Associate
Request engagement View services
── current roles ──
role · 01
Cyber Security Consultant
Central Business Solutions Inc.
role · 02
PhD Student
IIT Bhilai · CSE
— bash — 80×24 — type 'help'
shubham@goodhacker:~$ whoami
shubham kumar — security consultant, phd @ iit bhilai
shubham@goodhacker:~$ cat creds.txt
role Independent Cybersecurity Consultant
org IIT Bhilai (PhD, CSE)
based Durg, Chhattisgarh, India
languages en · hi · cg
shubham@goodhacker:~$ scan --target ./portfolio
scanning sections… [ok]
indexed 7 sections — type a command or use the menu above.
$
02

$ cat about.md

~/portfolio/about

Your dedicated cybersecurity partner

I'm an independent security consultant with 5+ years hands-on experience securing enterprises — 132+ clients and 140+ projects across penetration testing, application security, DevSecOps and GRC. I run engagements end-to-end, from scoping through executive readout.

On the academic side I'm a PhD scholar at IIT Bhilai, researching threat mitigation in cloud-native environments. The research informs the consulting and vice-versa — clients get the rigour of academic methodology with the velocity of an indie operator.

Independent means flexibility, direct senior attention, and pricing that actually makes sense for your budget — no agency overhead.

  • Penetration testing & red team
  • Vulnerability assessment (VAPT)
  • Application security · SAST/DAST
  • DevSecOps pipeline integration
  • Cloud security & threat modeling
  • ISO 27001 / SOC 2 / HIPAA
  • Source code & SCA review
  • Audit prep & remediation support
02 · a

$ cat resume.md

Shubham Kumar Sahu

Cyber Security Consultant and Ph.D. researcher with 5+ years spanning technical implementation, compliance, and international client engagement. Hands-on with Kali Linux, Nessus, Burp Suite, Checkmarx, OWASP ZAP, HCL AppScan, BlackDuck, Acunetix, and Sumo Logic. Experienced in GRC across SOC 1 / SOC 2 / ISO 27001 / HIPAA, and in supporting business development through international RFPs and client acquisition.

Professional Experience

Nov 2022 – Present Cyber Security Consultant Central Business Solutions Inc. (Aviru IT Systems)
  • Reduced VA false positives by 30% via tool integration
  • Led pentests for 15+ clients · 200+ critical findings
  • Improved compliance audit scores by 20%
  • Zero Trust & DevSecOps workflow consulting
  • Supported international RFPs & client acquisition
  • SOC 1 / SOC 2 / ISO 27001 / HIPAA alignment
  • Audit liaison: documentation, gap remediation
  • HCL AppScan · BlackDuck · Acunetix in CI/CD
Nov 2020 – Oct 2022 Cyber Security Analyst Central Business Solutions Inc. (Aviru IT Systems)
  • SAST / DAST & pentesting across enterprise systems
  • Tooling integration into client workflows
  • Kali · Nessus · Burp · Checkmarx · ZAP · Sumo Logic
  • −40% log analysis time via automation
  • VAPT delivery for ISO 27001 audit readiness
2015 – 2017 Founder & Manager Inspire Academy · Govt. registered startup
  • Built & managed tuition company · 200+ students
  • Operations · marketing · financial management

Education

2023–28 Ph.D. CSE (Cyber Security)
IIT Bhilai · pursuing
2018–21 M.Tech Cyber Forensics & InfoSec (Honors)
CSVTU, Bhilai
2018 Diploma in Cyber Law
Govt. Law College, Mumbai
2014–18 B.E. Information Technology
CSVTU, Bhilai
2014 12th · PCM
CBSE · Krishna Public School, Raipur

Certifications

Apr 2026 EC-Council Certified Security Analyst (ECSA)
Feb 2026 API Security Certified Associate · Wallarm
Dec 2025 BlackDuck Certified SCA Analyst
2020, 2022 CEH v10 Master (Practical) · EC-Council
2017 Industrial Training · BSP, Bhilai
2017 Software Testing · Smartpath, Bhilai
2016 Adv. Telecom & Cyber Sec. · ALTTC, BSNL Ghaziabad
2015 Ethical Hacking & InfoSec L1 · Blue Banyan
2015 CEHE Level 1.0 · Techdefence

Leadership & Achievements

  • Winner · Model Competition · INSPIRE DST Camp (2013)
  • Internship Camp · INSPIRE DST (2014)
  • Semi-finalist · IT Olympiad (2015)
  • NSS B & C Certificate Holder (2015–18)
03

$ Cybersecurity Services

Penetration Testing · VAPT · Application Security · DevSecOps
SVC.01

Penetration Testing & Red Team Exercises

online

End-to-end penetration testing against web applications, APIs, networks and cloud infrastructure. 15+ successful engagements with 200+ vulnerabilities identified and remediated.

  • Web application pentesting (Burp Suite, manual)
  • Network & infrastructure assessment
  • API security & auth flow testing
  • Executive summary + technical findings
  • Remediation roadmap & retest
duration: 2–4 weeks model: project-based
SVC.02

Vulnerability Assessment & VAPT Services

online

Automated + manual VAPT using enterprise tooling, with strategic integration that cut false positives by 30% on past engagements.

  • Automated scanning · Nessus, OpenVAS, Acunetix
  • Manual verification · false-positive triage
  • CVSS scoring & risk prioritisation
  • Remediation roadmap with timelines
  • Ongoing remediation support
duration: 1–3 weeks result: −30% false positives
SVC.03

Application Security & DevSecOps Pipeline Integration

online

Build security into your delivery pipeline. SAST, DAST, SCA, and CI/CD security wired into how your team already ships.

  • SAST · Checkmarx, source code review
  • DAST · Burp, HCL AppScan
  • SCA · BlackDuck, dependency hygiene
  • GitHub / CI-CD pipeline hardening
  • Developer training & secure SDLC
duration: 3–6 wk + ongoing model: retainer
SVC.04

GRC & Compliance (ISO 27001, SOC 2, HIPAA, GDPR)

online

Audit-ready in months, not years. Past clients saw ~20% improvement in audit scores through targeted control implementation and documentation.

  • ISO 27001 gap analysis & certification
  • SOC 1 / SOC 2 / SOC 3 audit support
  • HIPAA · PCI-DSS · GDPR readiness
  • Control implementation & evidence
  • Auditor liaison & follow-through
duration: project / ongoing result: +20% audit score
M.01

Project-based

Fixed scope, fixed timeline, fixed deliverables. Best for one-shot assessments and audit prep.

M.02

Time & materials

Hourly consulting for advisory, code review, threat modeling sessions, or developer training.

M.03

Retainer

Continuous support: monthly assessments, on-call advisory, security ownership for teams without a CISO.

04

$ grep -r "publications" ./research/

IIT Bhilai · CSE
affiliation
IIT Bhilai
CSE · PhD scholar
citations
10
8 since 2021
h-index
1
Google Scholar
focus areas
5
cyber · cloud · appsec · crypto · nlp
2020
DDoS Attacks & Mitigation Techniques in Cloud Computing Environments
SK Sahu, RK Khare
GEDRAG & ORGANISATIE REVIEW · 33 (02), 2426–2435
8 cit.
2018
Survey on Cryptocurrency Technology
SK Sahu, K Spurjeon, A Dutta
Int. Journal of Advanced Mgmt., Tech. and Engineering
1 cit.
2019
Survey on Web-based Operating Systems
DR K Shubham Kumar Sahu
Journal of Emerging Tech. and Innovative Research · 6 (6), 414–419
·
2018
Designing & Implementing Hindi-to-Chhattisgarhi Machine Translation
SK Sahu
Chhattisgarh Swami Vivekanand Technical University
·
2018
Parts-of-Speech Tagging for Chhattisgarhi Language
S Ther, SK Sahu, MK Sinha
IJCRT · 6 (1)
·
2018
Hindi-to-Chhattisgarhi Translator
A Dutta, SK Sahu, MK Sinha, S Ther
IJCRT · 6 (1)
·
— end of publication list — view full list on google scholar →
05

$ uname -s --stack

tooling proficiency
security testing
Burp Suite
Nessus / OpenVAS / Acunetix
HCL AppScan
Kali · Metasploit
Nikto · OWASP ZAP
devsecops & platforms
Python · Shell
GitHub CI/CD security
Checkmarx (SAST)
BlackDuck (SCA)
Docker · K8s · cloud
grc & compliance
ISO 27001 · SOC 1/2/3
OWASP · threat modeling
HIPAA · PCI-DSS · GDPR
Splunk · QRadar (SIEM)
Incident response · IR
06

$ git log --oneline ./career

most recent first
Apr 2026Earned ECSA — EC-Council Certified Security Analyst3f9a1c
Feb 2026Earned API Security Associate (Wallarm)7b2d4e
Dec 2025Certified BlackDuck SCA Analysta01ee2
Dec 2023Began PhD at IIT Bhilai CSE · cybersecurity researchc4d018
Nov 2022Promoted to Cyber Security Consultant Central Business Solutions9911af
Aug 2022Passed CEH Master practical examb6e7c0
Apr 2021Completed M.Tech in Cybersecurity (with Honours)5520d4
Nov 2020Started career as Cybersecurity Analyst11a7b2
Aug 2020Certified Ethical Hacker · CEH v1029ff3a
Jul 2019Diploma in Cyber Law6d0e8c
Aug 2018B.E. in Information Technologyd3f199
Jun 2015Founded "Inspire Academy" community ed.07cc5a
07

$ open ./contact

response within 24h
▮ ready · all fields encrypted in transit