Learning Portfolio
Learning Portfolio
This page tracks the courses, books, and technical topics I am currently studying. It is a working portfolio of my ongoing learning in security engineering, AI security, systems, and software supply chain security.
Rather than only listing resources, I use this page to summarize what I am learning from them and how they connect to my research and engineering work.
Current Learning Focus
- AI and LLM Security: prompt injection, jailbreaks, tool abuse, agent security, and secure AI application design.
- Red Teaming and Offensive Security: adversarial testing methods, attack simulation, vulnerability discovery, and defensive validation.
- DevSecOps and Supply Chain Security: secure CI/CD, dependency risk, provenance, SBOMs, and security automation.
- Systems Programming: Rust, memory safety, concurrency, and performance-oriented software design.
- Graph-Based Security Analysis: attack-chain reconstruction, dependency graphs, provenance graphs, and scalable graph processing.
Courses and Hands-On Training
Security Engineer - TryHackMe
I am using this track to strengthen practical security engineering skills across web security, infrastructure security, vulnerability assessment, and defensive operations.
Key topics:
- Web and application security fundamentals
- Network and system exploitation patterns
- Security monitoring and incident response workflows
- Practical attacker mindset for defensive engineering
Secure Coding - Github
Secure Code Game made by Github, covering four seasons so far. Personal effort: Github-Secure-Code
AI Red Team Academy - AIRT
This course supports my work on AI-native security evaluation, especially around LLM applications, model behavior, and multi-modal attack surfaces.
Key topics:
- AI red teaming methodology
- Prompt injection and jailbreak evaluation
- Model and agent abuse scenarios
- Security testing for AI-enabled systems
The Rust Programming Language
I am studying Rust to improve my ability to build safer and more predictable systems software, especially for graph processing, security tooling, and performance-sensitive analysis pipelines.
Key topics:
- Ownership, borrowing, and lifetimes
- Memory-safe systems programming
- Concurrent and parallel computation
- Building reliable command-line and backend tools
Currently Reading
Red Teaming AI: Attacking and Defending Intelligent Systems
This reading connects closely with my research interests in AI red teaming, multi-modal attacks, and adversarial evaluation of intelligent systems.
Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems
I am reading this book to better understand how modern endpoint detection systems are bypassed in practice, and how those evasion patterns can inform stronger telemetry design, detection engineering, and defensive validation.
Finished Reading
The Developer’s Playbook for Large Language Model Security
This book is useful for connecting AI security risks with practical engineering decisions. I am using it to think through how LLM applications should be designed, tested, and deployed securely.
Knowledge gained:
- Threat modeling for LLM-powered applications
- Secure prompt and tool design
- Risks around retrieval, agents, plugins, and external actions
- Practical controls for building safer AI systems
The DevSecOps Playbook
This book supports my interest in secure software delivery and supply chain security. I am reading it alongside my work on CI/CD security, dependency risk, and security automation.
Knowledge gained:
- Integrating security into development workflows
- CI/CD security controls and automation
- Secure release and deployment practices
- Common Techniques/Tools used in DAST, SAST, IAST, RASP
Knowledge I Am Building
Through these courses and readings, I am developing a stronger foundation in:
- Designing secure AI applications and evaluating LLM-specific risks
- Building red-team workflows for AI systems and application security
- Applying DevSecOps practices to real software delivery pipelines
- Using Rust for safer, performance-oriented security tooling
- Connecting graph analysis techniques with practical threat detection
Notes and Next Steps
This page is continuously evolving. Some books are read cover-to-cover, while others are revisited selectively alongside papers, experiments, and system implementations. I will continue updating this page with concrete notes, mini-projects, and write-ups as the learning progresses.