> establishing secure session_
SYSTEM INTEGRITY — 00%
OSCP-CERTIFIED · OFFENSIVE SECURITY · BUG BOUNTY HUNTER

MOST SEE A WALL. I SEE THE GAP.

I'm Shivam Goswami — known online as CSPSHIVAM. Seven years across penetration testing, SOC, EDR/XDR, incident response, and vulnerability management, plus an active bug bounty career recognized by Netflix, Google, and Meta. I don't just fill a security seat — I build the tools, teams, and companies that run it.

SCROLL TO BREACH
01 — Approach

Every system has a seam. I find it before someone with worse intentions does — through a penetration test, a bug bounty report, or a 2 a.m. SOC alert — then close it, prove it's closed, and build the tool, team, or company that keeps it closed. Offense informs defense. That's how I operate. Building the businesses around it is how I grow.

02 — Mission Log

Seven-plus years of enterprise security operations, one case file at a time.

JUN 2023 —
PRESENT2Y+ · CURRENT
Security Operations & Engineering Lead
Billtrust

Own the enterprise vulnerability management program across infrastructure, cloud, applications, and every externally exposed asset. Drive remediation through Engineering, Infrastructure, Cloud, and Business teams using risk-based prioritization. Run attack surface management, credential-leakage tracking, and dark-web intelligence reviews — and deliver the executive-level metrics that keep leadership honest.

Vuln MgmtAttack SurfaceIncident ResponseExec Reporting
AUG 2021 —
JUN 20231Y 10M
Security Analyst & Team Lead
Payworld & Skilrock Technologies

Led web application, infrastructure, network, and OS security assessments across enterprise environments. Manually validated vulnerabilities for real business impact, not just CVSS scores. Ran third-party vendor risk reviews, supported PCI DSS and ISO 27001 audit readiness, and mentored junior analysts into the process.

App SecSIEMPCI DSSMentorship
JUN 2020 —
AUG 20211Y 2M
Senior Security Analyst
Techtwins Technologies

Web application, network, VPN, and VoIP security assessments. Supported SOC operations, incident investigations, and remediation validation from first alert to closure.

SOCVPN/VoIPInvestigations
NOV 2019 —
MAY 20207M
Cyber Security Analyst
Securium Solutions Pvt. Ltd.

Application security assessments, vulnerability validation, and remediation verification for client engagements.

App SecRemediation
MAY 2019 —
JUN 20192M
Application Security Analyst
Trusnetix Pvt. Ltd.

Web application security testing aligned with OWASP methodology — the starting point of the discipline everything after was built on.

OWASPWeb AppSec
03 — Beyond The Job

Not just employed. Building.

A title only covers the hours I bill. The rest of the time goes into tools other researchers actually use, and — through my registered venture, Uncrypt.net — security services and an academy that trains people on real-world attacks and techniques, not theory. Uncrypt isn't the headline here; it's one more way of giving back to the community that gave me my first Hall of Fame.

04 — The Arsenal

Offense and defense, run by the same person.

Four disciplines, one practitioner. Knowing how a system breaks is what makes the defense of it credible.

01 / OFFENSE
Application Security
  • OWASP Top 10
  • API Security Testing
  • SAST · DAST · SCA
  • Container Security
  • Secure SDLC
02 / DEFENSE
Security Operations
  • SIEM
  • EDR / XDR
  • Incident Response
  • Threat Detection
  • Attack Surface Mgmt
03 / GOVERNANCE
Risk & Compliance
  • PCI DSS
  • ISO 27001
  • Risk Assessment
  • Remediation Governance
  • Third-Party Risk
04 / PLATFORM
Cloud & Delivery
  • AWS Cloud Security
  • CI/CD Security
  • Stakeholder Mgmt
  • Executive Reporting
  • Program Delivery
05 — Recognition

Hall of Fame across a growing list of global security programs.

Vulnerabilities disclosed and acknowledged by the organizations and platforms that run bug bounty and responsible disclosure programs at scale.

Netflix
Hall of Fame
Dell
Hall of Fame
Atlassian
Hall of Fame
Indeed
Hall of Fame
Pinterest
Hall of Fame
Mastercard
Hall of Fame
Google VRP
Appreciation
Meta / Facebook
Bug Bounty Program
NCIIPC
Govt. of India — Recognition
HackerOne
Researcher Profile
Bugcrowd
P1 Warrior
Hack The Box
Pro Hacker
TryHackMe
Red Teamer
+ More
Multiple Global Security Programs
GitHub Starstruck Recognition
OSCP-Certified
CISSP — Practitioner
OSCP
CEH
LCSP
CCSP
LCEH
CCC
OSCP
CEH
LCSP
CCSP
LCEH
CCC
SYSTEM STATUS: SECURED — READY FOR THE NEXT BUILD

Let's harden
what matters.

Open to partnerships, advisory work, and conversations with teams who want a security program — or a security business — built properly from the ground up. Based in New Delhi, working with people anywhere.