Aagam Shah

About Me

I am highly motivated to pursue a career in cybersecurity and leverage my skills and knowledge to optimize the efficiency and effectiveness of assigned tasks. I am passionate about contributing to the cybersecurity community by developing open-source security tools and sharing my learnings through detailed write-ups on various security techniques.

Work Experience

Jun 2024 – Present

ABB

Cyber Security Technical Lead

Bengaluru, Karnataka, India · Hybrid

Penetration Testing: Expert in comprehensive testing across embedded devices, cloud, APIs, mobile apps, and thick clients.
Threat Modelling: Lead thorough threat modelling for products in the design phase.
Vulnerability Research: Specialise in ICS protocol vulnerability research.
Subject Matter Expert: Serve as a Cybersecurity SME and mentor emerging talent.
Scrum Master: Manage team planning and effort monitoring duties.
Compliance & Audit: Drove successful audits for ISO 27001:2013 and IEC 62443-4-1:2018 certifications.
Innovation: Explore AI applications in cybersecurity and identify zero-day vulnerabilities in third-party products.

Nov 2021 – Jun 2024

ABB

Senior Cyber Security Engineer

Firmware Analysis & Threat Modelling
Penetration Testing
Security Proof of Concepts
Handling Scrum Activities

June 2020 – Oct 2021

ABB

Cyber Security Engineer

Threat modelling
Penetration testing of ICS systems
DevSecOps

June 2019 – May 2020

ABB

Cyber Security Intern

Penetration testing of Embedded Systems
Fuzzing protocols

Jan 2019 – March 2019

Cyber Cell Ahmedabad

Intern

Worked on multiple ongoing cases.
Helped with OSINT activities.

Tech Skills

Python & Scripting (C, Bash, PHP)
Linux & RTOS
VAPT & Tools (Burp, MSF)
ICS Security
Cloud/DevOps (Azure, Docker)

Soft Skills

Leadship
Project Management
DevOps
Public Speaking

Projects

Devicestats (Drozer Module)

Drozer module to extract device information (Repo: github.com/neutrinoguy/devicestats)

Awesome-ICS-Writeups

Collection of ICS/SCADA security writeups.

Honeypot over Cloud (ELK)

Implemented Cowrie and adbhoney over GCP with analytics.

Sinkhole using Raspberry Pi

Custom DNS setup to block ads & malware domains in LAN.

Drixler: Number Plate Extraction

Used Python, OpenCV, and Tesseract to extract number plates from images.

Education

M-Tech Cyber Security & Incident Response

Gujarat Forensic Sciences University (NFSU)

2018 - 2020
B.Tech Computer Engineering

Gujarat Technological University (GTU)

2014 - 2018

Certifications

ISA/IEC 62443 Cybersecurity Expert

All four certifications completed
CEH (Certified Ethical Hacker) v13
Docker Certified Associate
AZ-900: Azure Fundamentals
Achilles Certified Tester

Achievements

Reported multiple CVEs

CVE-2022-22987, CVE-2023-24181/24182
Acknowledgements

Honeywell, Sony, Sophos, Alibaba, AlienVault, NCIIPC, Dutch Government
Multiple Awards

X-Tra Miler and Star Performer at ABB
Top 50 - Nullcon HackIM CTF 2019
Top 3 India - Pragyan CTF 2017

Open Source Contributions

Content Contributor to MITRE ATT&CK for ICS (Technique T0891)
Contributor to CVSS 4.0 SIG & MITRE ICS/OT SIG
Added CSAF feeds to Vulnerability Lookup Project by CIRCL
Open Source Contributor (EMBA, Photon, Reconnoitre)

aka (neutrinoguy)