Joshua
Alwin

Breaking into systems and building the defenses that stop the next attacker

bash — 80×24

Scroll down

About

Security is a mindset, not a checklist.

I'm a security engineer who thinks like an attacker. At Google and KPMG, I broke into web apps, APIs, cloud environments, and Active Directory networks, uncovering critical vulnerabilities across systems serving millions of users. Now, I'm channeling that same offensive mindset into a Master's in Cybersecurity Engineering at the University of Maryland, going deeper into AI security and the evolving threat landscape around machine learning.

I compete in CTFs under the alias T3rminux and recently won the Bugcrowd Student CTF. That same adversarial energy carries into my role as a graduate teaching assistant, where I design CTF challenges and hands-on labs for courses in penetration testing and cloud security.

Right now, I'm sharpening my offensive tradecraft across cloud, web, and AI attack surfaces. If your team needs someone who breaks things with purpose and builds things that last — let's make it happen.

Education

M.S. in Cybersecurity Engineering

University of Maryland, College Park

2024 – Present

B.E. in Electronics & Communication Engineering

VIT, Vellore

2018 – 2022

Highlights

Bugcrowd x HTB CTF Winner

Student CTF champion as T3rminux

UMD MAGE Feature

News story highlighting my journey

2× KPMG Awards

Applause & Encore Award recipient

TryHackMe Top 1500

Global ranking out of 3M+ users

Experience

> Professional Experience

> Teaching & Academic

Security Consultant Intern, Mandiant Red Team

@ Google LLC

May 2025 – Aug 2025

Worked as a Security Consultant Intern on Mandiant's Red Team conducting offensive security engagements against Fortune 500 clients. Developed internal tooling adopted in production red team operations and identified critical vulnerabilities across consumer platforms serving millions of users.

> cat README.md

Teaching Assistant, Penetration Testing (ENPM634)

@ University of Maryland

Jan 2026 – Present

Supporting the graduate-level penetration testing coursework at the University of Maryland by assisting students with hands-on labs and technical concepts, while designing and building CTF challenges and practical lab environments across offensive security domains.

> cat README.md

Associate Security Consultant

@ KPMG

Jul 2022 – Jul 2024

Worked as an Offensive Security Consultant delivering 100+ security assessments, red team engagements, and source code reviews across Web, Networks, API, mobile, Thick/Thin Client, and cloud environments for Fortune 500 clients based in Europe and Asia.

> cat README.md

Teaching Assistant, Cloud Security (ENPM665)

@ University of Maryland

Jan 2025 – Jan 2026

Supported graduate-level cloud security coursework at the University of Maryland by developing hands-on labs and delivering lectures across AWS, GCP, and Azure, while curating practical assignments on cloud penetration testing, compliance benchmarking, and incident response.

> cat README.md

Projects

Internal

Phishing Analysis Pipeline

[Built @ Google]

Automated phishing deliverability analysis tool built for red teamers at Google. Uses Postfix for email ingestion, FastAPI backend integrating VirusTotal, Gemini, and SpamAssassin, with a React frontend for campaign effectiveness tracking.

PythonFastAPIReactPostfixVirusTotalGemini

ML Security Playground

Collection of ML security projects covering spam classification, network anomaly detection, and malware family classification using scikit-learn and transfer learning with ResNet50.

Pythonscikit-learnNLPResNet50Transfer Learning

View Source

WalkMyNFS

Bash utility for NFS reconnaissance during internal penetration tests. Auto-discovers and mounts network shares in read-only mode for safe enumeration of misconfigurations and sensitive files.

BashNFSPentestingRecon

View Source

Internal

Wario

[Built @ KPMG]

Breach simulation platform built on MITRE Caldera to automate red teaming capabilities. Developed at KPMG, enabling automated adversary emulation and attack chain execution by building custom Active Directory (AD) capabilities on top of Caldera's existing framework.

PythonCalderaMITRE ATT&CKRed TeamingActive Directory