Gagan Yalamuri

InfoSec Engineer · Security Automation · AI Workflows

Security design with faster judgment, calmer systems, and fewer reckless buttons.

I’m Gagan Yalamuri, a New York-based Information Security Engineer shaping cloud defense, SOAR engineering, and AI-assisted operations into systems that feel sharp under pressure.

My work spans trusted-IP orchestration across Azure tenants, Splunk-to-XSOAR containment in under a minute, post-quantum research, and operator workflows that make teams faster without making decisions sloppy.

See the Builds Open Resume
Containment < 1 minute

From alert to action with explainable controls.

Scale 6+ tenants

Tenant-wide trust controls without drift.

Efficiency 200+ hours

Annual manual effort pulled out of the loop.

"Legen... wait for it... secure." Reliability still has to have style.

  • SOAR / XSOAR / Splunk
  • Cloud Security / AWS / Azure
  • Threat Intel / Detection Engineering
  • AI-Assisted Security Operations

Core Mindset

One line that stays with me

As long as I’m alive, there are infinite chances.

That is how I work: stay adaptive, keep building, and never confuse a setback with an ending. The system can evolve, the workflow can improve, and the next move can still be better.

Mission Focus

Current operating thesis

Build response systems that move quickly without feeling dangerous.

The goal is not more automation. It is better judgment encoded into containment, trust workflows, and analyst-facing UX.

  • Normalize signal before asking humans to care.
  • Automate reversibly so speed does not turn into chaos.
  • Design every workflow as if an auditor and an analyst both need to trust it.

Signal Deck

Rotating operator notes

Cool cool cool. Now show me the audit trail.

Storyline

How I think when the work has to survive real pressure.

Less "have you met Ted," more "have you met the threat model."

01 Observability

Make telemetry useful in motion, not just present in dashboards.

At Cantor Fitzgerald and NYU, I’ve focused on evidence paths that help responders decide faster: cloud logs, identity drift, threat intel, and the context needed to trust a next step.

  • Evidence over volume
  • Context over raw events
  • Trustworthy signal over cosmetic coverage

"I want to live in a world where people can trust the stuff they use."

02 Automation

Automate policy and judgment, not just button clicks.

I build playbooks that encode standards: progressive blocks, recurrence-aware containment, quarantine review, and trusted-IP lifecycle management across multi-cloud infrastructure.

  • Containment that can be defended later
  • Playbooks that preserve operator trust
  • Fewer loops that waste analyst attention
03 Adversarial depth

Stay technical enough to understand how defenses actually fail.

My background spans exploit solver scripts, ECU cryptography hardening, release-signing workflows, and post-quantum migration prototypes built for longer-horizon threats.

  • Offense informs defense
  • Crypto work informs architecture
  • Attack-path thinking keeps controls honest
04 AI-native ops

Push security teams toward governed, AI-native workflows.

The direction is clear: autonomous but supervised systems for detections, internal tooling catalogs, email triage, and operational reasoning that scale with confidence.

  • Agentic triage with strong guardrails
  • Better internal tooling discoverability
  • Faster response without black-box drift

Impact

Useful security outcomes, not decorative security theater.

No mystery-box metrics. Rosa would hate that.

Case Study

Containment architecture

Contain in under a minute, without making bad calls faster.

I shipped Splunk-to-XSOAR containment that routes enriched detections into decisive actions, then publishes network blocks through Cloudflare and EDL workflows with policy-aware guardrails.

Detection Enrichment Policy Containment
< 1 min

Mean time to contain

15 / 30 day

Progressive block logic

<1

minute mean time to contain after shipping Splunk-to-XSOAR enforcement with Cloudflare and EDL publishing.

6+

Azure tenants orchestrated through Terraform, GitHub Actions, and SOAR for zero-drift trusted-IP operations.

200+

manual hours removed annually across certificate renewals, triage flows, and control enforcement.

50+

citations on post-quantum cryptography research, connecting academic depth to applied security engineering.

Cantor Fitzgerald

Information Security

SOAR engineering, block automation, tenant-wide trust controls, AI-assisted triage.

NYU Tandon

Graduate Assistant

Cloud security labs, GuardDuty investigations, and student mentoring across AWS and Vault.

Secure Systems Lab

Open Source Contributor

Release-signing integrity, CI trust hardening, and secure software supply chain discipline.

Garrett

Cybersecurity Intern

Threat intel workflows, OpenCTI and MISP integration, and ECU cryptography hardening.

Selected Builds

The repo trail behind the operator.

A little Straw Hat energy: move fast, protect the crew, leave the ship better.

SOAR / Integration

Python

SplunkSOAR_XSOAR

An integration bridge for Cortex XSOAR 8 indicator management, aligned with the kind of systems work I do in security orchestration and response engineering.

SOAR Indicator Management Security Automation
Open Repository

Applied Crypto

Python

post-quantum-cypto-toolkit

Practical experimentation with quantum-safe algorithms, turning research into usable migration intuition.

PQC Kyber / Dilithium Research to Code
Open Repository

Offensive Tooling

Python

AutoPTT

Automatic penetration testing tooling that reinforces my offensive mindset when building resilient defenses.

Attack Simulation Security Testing Automation
Open Repository

Secure Systems

Python

SplitSmartSecure

A cryptographic expense-splitting app with signed Diffie-Hellman, RSA-PSS, AES-GCM, and a tamper-evident ledger.

E2E Security Integrity Protocol Design
Open Repository

Cloud / Crypto

Python

applied-crypto-multiparty-otp

A multi-party one-time-pad communication protocol from NYU coursework, showing the cryptographic foundations behind my security engineering work.

Applied Cryptography NYU Protocol Security
Open Repository

Trust / Supply Chain

Python

taf

The Archive Framework aligns with my work on release-signing integrity and trustworthy software supply chains.

Secure Releases Signing Software Integrity
Open Repository

Operating Stack

Capabilities across incident response, cloud defense, and secure automation.

Built for "suuper" practical security, not decorative complexity.

Automation systems for serious security teams

Splunk, XSOAR, GitHub Actions, Terraform, Python, alert enrichment, response playbooks, and AI-assisted triage flows.

  • Analyst-facing workflows that stay legible under pressure
  • Policy-aware containment and trust orchestration
  • Operational guardrails instead of magic black boxes

Cloud-native security operations

AWS, Azure, Kubernetes, GuardDuty, CloudWatch, IAM, WAF, Security Hub, and incident-ready infrastructure patterns.

  • Identity and trust controls across multi-cloud environments
  • Secure-by-default infrastructure with real response paths
  • Zero-drift operations via Terraform and GitHub automation

Adversarial thinking and validation

Pwntools, Ghidra, Binary Ninja, BloodHound, Mimikatz, protocol analysis, exploit development, and attack-path awareness.

  • Understand where controls crack before production does
  • Model attacker paths, not just defender wishful thinking
  • Use offensive depth to make defensive choices sharper

Detection & Response

Splunk, XSOAR, Wazuh, GuardDuty, Sentinel, custom pipelines, incident management, crisis response.

Automation & DevSecOps

Python, Go, Bash, Terraform, Ansible, GitHub Actions, SAST/DAST workflows, operator enablement.

Cloud & Infrastructure

AWS, Azure, GCP, Docker, Kubernetes, IAM, Secrets Manager, network segmentation, and zero-trust patterns.

Threat & Crypto

Threat intel operations, post-quantum cryptography, secure protocol design, signing integrity, RBAC, and PAM.

Signal

Research, credentials, and the direction this career is heading.

Research depth, operator range, and enough adaptability to keep evolving when the rules change.

Research

A Review of the Present Cryptographic Arsenal to Deal with Post-Quantum Threats

Published in Procedia Computer Science and cited 50+ times, connecting long-horizon cryptographic change to practical engineering choices.

Read the paper

Education

NYU M.S. Cybersecurity · GPA 4.0

Graduate work focused on cloud security, applied cryptography, and the systems thinking required to design dependable defenses.

Recognition

Certified and operator-minded

Certified Network Security Professional, Academic Achievers Award recipient, and consistently drawn toward work that proves security value through execution.

Next Mission

I’m building toward AI-native security operations with real production depth.

If you’re designing faster response systems, safer automations, or cloud defense programs that need rigor with velocity, let’s talk.

Email Me GitHub LinkedIn Medium

Operator Note

The best systems feel like a well-run crew: calm under pressure, fiercely reliable, and always ready for the next move. That mindset matters more than any single tool.