About Experience Skills Certifications Projects Blog
Get in Touch
Rakesh Elamaran

AppSec and Penetration Testing specialist. Former Comcast & Temenos. Open to full-time roles in the UK and remote globally.

View My Work Get in Touch LinkedIn ↗
Currently
Penetration Tester
OTShield · UK
MSc Cyber Security Engineering
University of Warwick · Graduated 2025
At a Glance
4+
Years in AppSec
40+
Assessments
50+
Security Sessions
6+
Certifications
Latest Article
ICS/OT Security: What It Is and Why It Matters
6 min read · Mar 2026
Read Article →
Rakesh Elamaran

About Rakesh

I work at the intersection of application security and offensive security, understanding how systems are built and how they break. Over the past 4+ years I've worked across enterprise, fintech, and OT/IoT-aligned environments, identifying real-world risks in web, APIs, and beyond.

My approach goes beyond reports. I focus on secure code reviews, threat modelling, and practical exploitation, working closely with development teams to make security part of the engineering process, not an afterthought.

MSc in Cyber Security Engineering, University of Warwick (NCSC-certified). Licensed Penetration Tester (LPT). Currently open to roles in Application Security, Product Security, or Offensive Security across the UK.

Experience

Career Timeline

4+ years securing applications at enterprise scale across telecoms, fintech, and security consulting. Now based in the UK.

Feb 2026 – Present
Penetration Tester (Freelance)
OTShield
Remote, United Kingdom · ICS/OT Security
  • Executed targeted security testing across web and ICS-exposed services, uncovering exploitable vulnerabilities using Burp Suite and manual techniques.
  • Mapped communication flows between ICS components and connected systems to reveal input validation weaknesses and control gaps exploitable in practical attack scenarios.
  • Documented findings with clear attack paths and risk-based remediation guidance, supporting engineering teams in prioritising and resolving high-risk weaknesses.
ICS/OTIoT SecurityPen TestingProduct Security
Dec 2022 – Sep 2024
Security Engineer II
Comcast India Engineering Center
Chennai, India · Telecommunications / Media
  • Built and integrated SAST, SCA, DAST, and container scanning (Trivy) into CI/CD pipelines, using Python and Bash automation to enforce security gates, reducing remediation timelines by 30%.
  • Developed Python-based tooling to automate security testing, including reconnaissance, vulnerability validation, and proof-of-concept development, integrated into team build workflows.
  • Executed application security testing across web and API services, surfacing high-risk vulnerabilities through manual testing and targeted analysis, triaged and escalated critical findings to engineering leads.
  • Tested authentication, authorisation, and API logic to uncover access control and request handling flaws, strengthening security across 20+ microservices.
  • Performed threat modelling and secure design reviews using STRIDE, flagging attack surfaces early and sharing remediation guidance with engineering teams ahead of release.
  • Evaluated AWS environments for misconfigurations and privilege escalation paths, analysing IAM roles, policies, S3 bucket configurations, CloudTrail logs, and access controls across cloud-native systems.
SAST/SCAThreat ModellingDevSecOpsMicroservices
Oct 2021 – Dec 2022
Product Security Analyst
Temenos AG
Chennai, India · FinTech / Banking
  • Led incident response for Log4j across 30+ banking services, tracing vulnerable components, confirming exploitability, and coordinating remediation across release cycles.
  • Reviewed static analysis findings using Checkmarx by examining code paths and sinks, eliminating false positives and enabling accurate mitigation decisions in secure release workflows.
  • Shared recurring Checkmarx findings with development teams, translating common vulnerability patterns into practical secure coding guidance to reduce recurrence across release cycles.
PCI-DSSVuln TriageAppSec Governance
Jul 2020 – Sep 2021
Security Associate
ByteBlanket
Remote, UAE · Security Consulting
  • Discovered and exploited web application vulnerabilities aligned with OWASP Top 10, documenting clear attack paths and security impact.
  • Produced detailed security reports with reproducible steps and risk-based remediation guidance, presenting findings directly to clients to support efficient resolution.
Pen TestingOWASPConsulting
Education

Academic Background

Formal grounding in cybersecurity engineering and computer science.

MSc Cyber Security Engineering
University of Warwick
Oct 2024 – Oct 2025
🏛 NCSC Certified★ Warwick Award
Relevant Modules
Penetration TestingAutomotive CyberSecurityGovernance, Risk and Compliance

Dissertation: Designed and evaluated a hybrid intrusion detection framework incorporating structured threat modelling, attack simulation, and risk-based security evaluation.

Bachelor of Engineering in Computer Science
Anna University
Aug 2016 – Apr 2020

Foundation in computer science, algorithms, and software engineering principles that underpin current security engineering practice.

Arsenal

Skills & Expertise

What I do and the tools I use to do it, across offensive security, application security, and engineering.

Application Security Penetration Testing API Security Red Teaming DevSecOps

Offensive & Red Team

Burp Suite Metasploit Nmap ffuf SQLmap Nuclei C2 Frameworks Lateral Movement Privilege Escalation Payload Crafting OSINT OT/IoT Security ICS Pentesting

AppSec & API

OWASP Top 10 OWASP API Top 10 SAST / DAST / SCA Checkmarx Semgrep Mend (WhiteSource) JWT Attacks GraphQL Security SSRF IDOR Secure Code Review

Governance & Standards

ISO 27001 NIST CSF PCI-DSS STRIDE CVSS PTES OWASP ASVS Threat Modelling

Languages & Cloud

Python Bash JavaScript Java AWS Security Container Security CI/CD Security
Credentials

Certifications

Industry-recognised certifications demonstrating hands-on offensive and defensive security capability.

CREST Practitioner Security Analyst (CPSA)
CREST International
In Progress
HTB Certified Penetration Testing Specialist (CPTS)
Hack The Box
In Progress
Certified Multi-Cloud Red Team Analyst (MCRTA)
CyberWarFare Labs
Certified Red Team Analyst (CRTA)
CyberWarFare Labs
Open Source

Projects

Security research and engineering projects, built in public and shared with the community.

Hybrid IDS for CAN Bus Networks

A lightweight hybrid intrusion detection system for connected vehicles. Simulates five real-world CAN bus attacks, comparing rule-based and machine learning approaches. Achieves 98% accuracy with 2.1ms detection latency.

Python · ML
View on GitHub →
Secure Network Design

Designed and implemented a secure corporate network for Tech Zolutions Inc. Covers VLANs, OSPF routing, ZPF firewall, extended ACLs, site-to-site IPsec VPN and TACACS+ AAA. Simulated in Cisco Packet Tracer.

Python
View on GitHub →
Pentest Automation Toolkit

A practical toolkit to automate reconnaissance and basic web security testing. Includes subdomain enumeration, port scanning, directory brute forcing, JavaScript analysis, and automated report generation. Designed to streamline repetitive tasks during security assessments.

Python · Bash
View on GitHub →
Leadership

Community & Influence

Building security knowledge and culture beyond the day job, through community, mentorship, and open-source contribution.

Community Founder · Rootecstak

Founder and lead of Rootecstak, a 500+ member cybersecurity community organising hands-on workshops, CTF events, and technical seminars. Actively mentor beginners and early-career professionals in building practical security skills and launching cybersecurity careers.

Explore the Community →
Public Speaker

Delivered 50+ security talks and hands-on workshops covering application security, threat modelling, and DevSecOps practices. Audiences include enterprise engineering teams, universities, and industry conferences.

Mentorship

Support aspiring and mid-career security professionals transitioning into product and application security roles through structured career guidance, hands-on technical coaching, and mock technical interviews.

Book a 1:1 Session →
OWASP Chapter Leader

Chapter Leader of the OWASP Cuddalore Chapter, organising local meetups, security awareness events, and hands-on sessions to grow the security community at the grassroots level.

Open to Collaboration

Interested in working together?

I'm available for Guest Lectures, Workshops, Student Mentoring, and conversations around Community Building in Cybersecurity — whether at universities, bootcamps, or industry events. If you're organising something and think I'd be a good fit, I'd love to hear from you.

Get in Touch →
Security Portfolio

Hands-On Practice

Continuous skill development through offensive security platforms and real-world machine exploitation labs.

Check Profile →
Top 1%
Global Rank
325+
Rooms
265+
Day Streak

Hands-on offensive and defensive security labs covering web exploitation, network pentesting, OSINT, and red team techniques.

Web ExploitationPrivilege EscalationActive DirectoryOSINT
Check Profile →
Script Kiddie
Rank
3
Machines
10
Challenges

Real-world machine exploitation and challenge labs focused on penetration testing techniques and CTF problem solving.

Machine ExploitationCTFEnumerationPrivilege Escalation
125/270
Labs Completed
Apprentice
Level

Hands-on web security labs covering SQL injection, XSS, CSRF, authentication flaws, access control, and more. Built by the creators of Burp Suite.

SQL InjectionXSSAuthenticationAccess Control
Accomplishments

Recognition & Achievements

WMG
Excellence Scholarship
Awarded the WMG Excellence Scholarship at the University of Warwick in recognition of academic merit and potential in cybersecurity.
Award
Warwick Award
Recognised for outstanding engagement in the Skills+ Development Programme, completing 100+ hours of employability-focused training.
10+
CTF Challenges
Competed in and completed 10+ Capture The Flag challenges across global and regional cybersecurity competitions.
OSS
Open Security Summit Membership Award
Recognised with membership award at the Open Security Summit for contributions to the open security community and collaborative security research.
CSI
Student Icon Award
Awarded by the Computer Society of India for sustained leadership and contributions to the CSI Club over three consecutive years.
Events & Networking

Conferences Attended

Engaging with the security community through major industry conferences, summits, and practitioner-led events.

BSides Exeter SpeakerExeter, UK
BSides Birmingham SpeakerBirmingham, UK
BSides LondonLondon, UK
BSides BirminghamBirmingham, UK
National Cybersecurity ShowBirmingham, UK
Cloud & Cybersecurity ExpoLondon, UK
OWASP BirminghamBirmingham, UK
BSides LondonLondon, UK
Black Hat LondonLondon, UK
OWASP ChennaiChennai, India
Null ChennaiChennai, India
Nullcon GoaGoa, India
Seasides GoaGoa, India
Research & Insights

Security Writing

Practical perspectives on application security, threat modelling, and building secure engineering cultures.

ICS/OT SecurityMar 20266 min read
ICS/OT Security: What It Is and Why It Matters

Most security practitioners spend their careers in IT environments. Industrial Control Systems operate by completely different rules, with different protocols, different risk priorities, and real physical consequences when things go wrong.

Read Article →
Red TeamingFeb 20268 min read
CRTA Certification Journey: Stepping Into Red Teaming

My experience earning the Certified Red Team Analyst (CRTA) from CyberWarFare Labs, covering Active Directory exploitation, exam tips, practice rooms, and honest thoughts on whether it's worth it.

Read Article →
DevSecOpsJan 202610 min read
Secure SDLC Best Practices for UK Startups

UK startups need to move fast while meeting GDPR and NIS Regulations. Here's how to build security into your SDLC without killing velocity, from threat modelling to CI/CD scanning.

Read Article →
Threat ModellingSep 20258 min read
STRIDE in Practice: Threat Modelling Microservices That Actually Ship

Most threat modelling exercises are too academic to survive contact with real engineering timelines. Here's a lean, attacker-informed STRIDE process that fits inside a sprint and still catches what matters.

Read Article →
Recommendations

What People Say

Recommendations from industry leaders, professors, and the security community.

Rakesh is one of the most inspiring personalities I have come across in the cybersecurity space. He is not just a cybersecurity professional. He is a deep researcher with exceptional command over both offensive and defensive security domains. His ability to dive deep into complex security challenges, break them down, and produce meaningful research is truly remarkable. Through ROOTECSTAK and his various community initiatives, he has been a core driving force behind creating an active, vibrant cybersecurity community in Chennai.

AT
Arulselvar Thomas
CEO · Briskinfosec
View on LinkedIn ↗

Mr. Rakesh is an enthusiastic student since the day I got connected with him when he was playing a technical role in the CSI chapter. He was very keen in the Security domain and had done a good number of projects. He is very active and ready to contribute to the students community. I have admired his commitment, dedication and mentoring the students in the Security domain.

JT
Jeyaprabha T J
Associate Professor · Sri Venkateswara College of Engineering
View on LinkedIn ↗
In The Spotlight

Talks & Interviews

Podcast appearances, video interviews, and media features covering cybersecurity, community building, and the security industry.

YouTube · Video Interview
EC Council Video Interview: LPT Certification
EC-Council · Licensed Penetration Tester
Spotify · Podcast Episode
CyberSecurity Roadmap Unlocked
CIT Podcast · Episode 1
Contact

Let's talk security.

Open to relocation within the UK for Application Security, Penetration Testing, and Offensive Security roles. Resume available on request. Let's connect.

Get In Touch
rakeshela.official@gmail.com Send me a message on LinkedIn West Midlands, United Kingdom
Social Media
@rakeshelamaran98 @rakeshoffcl @RakeshExplores @rakesh_elamaran