Founding Director @ HeapVue · Executive QMS Developer @ IFB Industries
B.Tech ECE (Amrita) · Google Cybersecurity Professional Certificate
Establishing Secure Connection...
// PERSONNEL_FILE
"I build the systems that connect sensors to servers to intelligence. Then I audit every layer of that stack for vulnerabilities."
"I close the digital-physical gap in legacy industrial environments. The work speaks."
// MISSION_LOG
Local-first AI analytics engine built on zero-trust architecture. All data processing occurs on-premise — no cloud egress, no third-party data exposure. Designed for data sovereignty in environments where sensitive factory metrics never leave the perimeter.
AI agent deployed behind isolated Docker containers with strict network policies. Handles client interactions through sanitized input pipelines and encrypted data channels. Multi-tenant architecture with per-client data isolation.
Self-hosted CRM enforcing complete data sovereignty. Zero cloud dependency — all customer data encrypted at rest on infrastructure you own. Eliminates third-party data exposure vectors inherent in SaaS CRM platforms.
Secure mobile app version control bypassing app store review delays. Implements signed update manifests and integrity verification to prevent supply-chain injection attacks on mobile deployments.
Search and rescue rover with hardened communication channels. Dual-network failover (mobile + WiFi) with encrypted telemetry streams. Sensor fusion pipeline designed to operate in compromised RF environments.
Three-tier IoT architecture with edge-to-cloud encryption. ESP32 nodes communicate over MQTT with TLS, isolated from the main network via VLAN segmentation. Defense-in-depth: edge encryption, apartment-level firewall, society-level monitoring.
GPS-locked maintenance system hardening legacy industrial press workflows. Location-verified checkpoints prevent unauthorized access. Audit trail for every maintenance action — closing the digital-physical gap in factory environments.
Real-time quality monitoring pulling live data from Mitsubishi and Siemens PLCs over hardened industrial protocols. Monitors Cp/CpK drift to detect anomalies that could indicate equipment tampering or sensor manipulation.
Digitized toolroom audit system replacing paper-based workflows vulnerable to falsification. Immutable maintenance history with role-based access control. Hardening legacy factory record-keeping against data integrity threats.
Computer vision threat detection system analyzing live video feeds for fire signatures. Automated alert pipeline designed for zero-latency response in critical infrastructure environments.
Autonomous navigation systems with sensor-hardened pathfinding. Won first place at Xperia tech fest. Demonstrated resilience to sensor spoofing through multi-sensor fusion (ultrasonic + encoder).
// CASE_STUDIES
Internal web portal built by non-security personnel was running over HTTP with credentials transmitted and stored in plaintext. Any device on the same network could passively capture login credentials using basic traffic analysis tools.
Conducted passive network traffic analysis using Wireshark — confirmed plaintext credential exposure in HTTP POST requests. Implemented multi-layer remediation independently: → RSA encryption client-side and server-side for credential protection during transit → HTTPS implementation to encrypt all traffic → bcrypt password hashing replacing plaintext database storage → Altcha integration for bot protection and abuse prevention → 90-day mandatory password rotation policy → 180-day account deactivation for inactive users Subsequently conducted proactive audit of adjacent SCM portal — no vulnerabilities found, documented as clean.
Eliminated complete credential exposure risk. Achieved industry-standard security posture on legacy internal system. Multi-layer defense covering transit security, storage security, access control, and bot protection — all self-initiated without external requirement.
Standard factory analytics platforms leak highly sensitive production metrics to third-party cloud providers, violating strict corporate data governance policies.
Designed a local-first analytics architecture utilizing DuckDB for on-premise, in-memory SQL processing. Deployed entirely within isolated Docker networks with zero cloud egress rules configured at the firewall level.
Achieved complete data sovereignty. Sensitive manufacturing metrics can now be queried using AI without a single byte of telemetry leaving the factory perimeter.
Consumer-grade IoT devices typically transmit unencrypted telemetry over shared Wi-Fi networks, creating trivial interception and spoofing vectors.
Engineered a custom ESP32-based hardware solution implementing TLS-encrypted MQTT payloads. Enforced VLAN segmentation to isolate IoT traffic from the main network, utilizing a secure three-tier architecture.
Created a robust, defense-in-depth IoT stack from the edge node to the analytics dashboard, mitigating MITM attacks and unauthorized command injection.
// SEC_COMMAND
// CREDENTIALS
Amrita Vishwa Vidyapeetham
// SERVICE_RECORDS
Co-founded software startup focused on data-sovereign products. Architected zero-trust deployment pipelines for Heaplytics, HeapSync, and Chatpress. All products deploy in isolated Docker containers with Cloudflare tunnel ingress. Leading IoT security research including custom PCB design with hardware-level encryption.
Built secure supply chain management system hardening legacy factory APIs (SQL Server + ASP.NET Core). Developed AI transcription pipeline with on-premise Nvidia Canary model — no audio data leaves the factory network. Deployed Heaplytics internally for secure factory analytics. Closed the digital-physical gap across NCR, IQC, and toolroom workflows.
First professional engineering role. Where all three HeapVue co-founders met — the origin story of the startup.
Encrypted channels preferred. PGP key available on request.