412-***-**** email@example.com linkedin.com/in/zshan52
Carnegie Mellon University (CMU) Pittsburgh, PA
MS in Information Technology – Information Security August 2019 – May 2021 Courses: Introduction to Telecommunication Networks, Fundamentals of Business Management, Secure Software Systems, Introduction to Software Reverse-Engineering, Browser Security, Distributed Systems, Mobile and IoT Security. Lahore University of Management Sciences (LUMS) Lahore, Pakistan BS in Computer Science August 2015 – May 2019
Courses: Computer Architecture and Systems, Computer Graphics, Network-Centric Computing and Network Security. PROJECTS
Data Guard, CMU September 2020 – December 2020
Built a consent management browser extension as a proof of concept for the California Consumers Privacy Act (CCPA).
Designed a bidirectional HTTP header-based protocol to facilitate communication between Data Guard and web-servers.
Configured the outgoing HTTP request to contain headers signaling the user’s consent regarding their data privacy.
Performed usability testing with prospective users to validate the concept and collect feedback for improvements. Privilege Escalation using Android Accessibility Service, CMU September 2020 – December 2020 An investigation into the security vulnerabilities in the Android OS due to the Android Accessibility Service (AAS).
Created an Android application using Java which manipulated AAS to obtain the users’ passwords on other applications.
Configured the attacking application to grant itself all Android application permissions and hide itself from the app drawer.
Suggested a modification to the password fields to protect against AAS based attacks. Zero Trust Security Implementation, CMU February 2020 – April 2020 Secured a distributed system with Google’s Zero-Trust Network implementation ‘BeyondCorp’ as a model.
Analyzed different open-source tools like Pomerium and Pritunl Zero and their approach to achieving Zero-Trust Security.
Built a distributed LMS with two-factor authentication mechanisms for Duo Mobile App users.
Added role-based access control to segmented file resources and authorization of internal and external interactions. Detecting Crypto-jacked Containers through Provenance, LUMS May 2018 – May 2019
Isolated and identified mining activity on the fine-grained directed provenance graphs.
Discovered exploited Docker images using R’s isomorphic graph detection libraries to compare test graphs with corrupt samples. EXPERIENCE
Full-Stack Software Engineer Intern, Common Caches Charlottesville, VA Interned with the software developing team at Common Caches, a data/content workflow platform. June 2020 – August 2020
Created user-friendly metadata blocks for the dashboard based on prospective user demands to best represent the metadata.
Led weekly meetings with the team to share best security practices and discuss their adaptation to the software.
Assisted the marketing team with market research among stakeholders for the product. Software Engineer, Educative.io Lahore, Pakistan
Software Engineer at Educative.io, an active learning platform for 400,000+ subscribers. January 2019 – May 2019
Designed and developed user-friendly web pages using NodeJS and React on the front-end and Python at the back-end.
Improved existing components of the website, modifying their design and functionality to boost Lighthouse and SEO scores. Teaching Assistant, LUMS Lahore, Pakistan
Courses: Introduction to Programming & Network-Centric Computing. September 2017 – June 2019 SKILLS
• Disassembler/Debuggers: IDA Pro, Ghidra, Olly Debugger, Windows Debugger.
• Other: LateX, CSS, Adobe Lightroom, R, Matlab, Android Studio, Git, Wireshark.