visitor@mistert.pro:~
Welcome to MisterT v1.0.0
Type 'help' to see available commands.

visitor@mistert.pro:~$
Thoufeeque N S

Thoufeeque N S

Offensive Security Penetration Testing AI/LLM Security Attack Surface Management AppSec Engineering

About Me

I am an Offensive Security Practitioner with over 10 years of experience in the security domain. My career has been defined by a passion for breaking complex systems to make them stronger. I specialize in Application Pentesting, API Security, External Attack Surface Management, and Red Teaming.


Currently, I focus on automating security in multiple stages and LLM Security—ranging from architecture-level design reviews to AI Red Teaming to identify vulnerabilities in large language models.


I am also a strong advocate for community knowledge sharing. I have spoken at conferences like BSides Delhi, DEFCON Trivandrum, and c0c0n Pre-con on topics such as Radio Hacking and Automating Pentesting. I was also part of the organizing team for multiple security chapters and villages.


I document my research, security findings, and tutorials on my blog: mistert.pro.

Key Expertise

Offensive Security

  • Red Team Operations & Adversary Simulation
  • Security Awareness Training & Phishing Sims
  • Physical Security & Social Engineering
  • Radio Hacking & SDR

Penetration Testing

  • Web Application Security (OWASP Top 10)
  • API Security & Microservices Assessment
  • Network Infrastructure (Internal/External)
  • Thick Client & Mobile App

AI/LLM Security

  • Prompt Injection & Jailbreak Testing
  • LLM Red Teaming & Model Abuse
  • Architectural Design Review for AI Apps
  • Securing RAG Pipelines

Attack Surface Management

  • Unknown Asset Discovery & Attribution
  • Vulnerability Prioritization
  • Cloud Exposure Analysis
  • Shadow IT Reduction

AppSec Engineering

  • DevSecOps & CI/CD Pipeline Hardening
  • SAST/DAST Automation
  • Secure Code Review & Threat Modeling
  • Vulnerability Management Governance

Latest Blog Posts

Loading latest articles...

View All Posts

Professional Experience

Security Engineer
Advance Auto Parts
  • Lead penetration tester for the InfoSec team, conducting assessments on high-risk apps, APIs, and infrastructure.
  • Owned the External Attack Surface Management (EASM) platform, optimizing asset discovery and reducing unknown assets.
  • Owned the Risk Acceptance Request (RAR) governance process and contributed to enterprise-wide Risk Register Consolidation.
Senior Information Security Analyst
Agility
  • Performed web, API, network, and infrastructure pentesting for internal and internet-facing systems.
  • Led the evaluation and implementation of BurpSuite Enterprise and Tenable SC.
  • Owned vulnerability management across internal and external infrastructure, defining processes for the VA lifecycle.
Senior Security Engineer
IBS Software
  • Conducted penetration tests for enterprise-grade products in the Travel & Logistics domain.
  • Worked with product teams to drive secure development and delivered internal pentest training.
Security Analyst
EY
  • Performed security reviews and extensive web application pentesting for global EY applications.
  • Developed PoCs to demonstrate exploitability and enabled teams to run automated scans using Webinspect.
  • Delivered secure-coding training globally.
Independent Consultant
Freelance
  • Conducted web and network penetration testing for multiple clients using OWASP standards.
  • Delivered ethical hacking and web application security training at multiple institutes.