Learning Portfolio

This page tracks the courses, books, and technical topics I am currently studying. It is a working portfolio of my ongoing learning in security engineering, AI security, systems, and software supply chain security.

Rather than only listing resources, I use this page to summarize what I am learning from them and how they connect to my research and engineering work.


Current Learning Focus

  • AI and LLM Security: prompt injection, jailbreaks, tool abuse, agent security, and secure AI application design.
  • Red Teaming and Offensive Security: adversarial testing methods, attack simulation, vulnerability discovery, and defensive validation.
  • DevSecOps and Supply Chain Security: secure CI/CD, dependency risk, provenance, SBOMs, and security automation.
  • Systems Programming: Rust, memory safety, concurrency, and performance-oriented software design.
  • Graph-Based Security Analysis: attack-chain reconstruction, dependency graphs, provenance graphs, and scalable graph processing.

Courses and Hands-On Training

Security Engineer - TryHackMe

I am using this track to strengthen practical security engineering skills across web security, infrastructure security, vulnerability assessment, and defensive operations.

Key topics:

  • Web and application security fundamentals
  • Network and system exploitation patterns
  • Security monitoring and incident response workflows
  • Practical attacker mindset for defensive engineering

Secure Coding - Github

Secure Code Game made by Github, covering four seasons so far. Personal effort: Github-Secure-Code

AI Red Team Academy - AIRT

This course supports my work on AI-native security evaluation, especially around LLM applications, model behavior, and multi-modal attack surfaces.

Key topics:

  • AI red teaming methodology
  • Prompt injection and jailbreak evaluation
  • Model and agent abuse scenarios
  • Security testing for AI-enabled systems

The Rust Programming Language

I am studying Rust to improve my ability to build safer and more predictable systems software, especially for graph processing, security tooling, and performance-sensitive analysis pipelines.

Key topics:

  • Ownership, borrowing, and lifetimes
  • Memory-safe systems programming
  • Concurrent and parallel computation
  • Building reliable command-line and backend tools

Currently Reading

Red Teaming AI: Attacking and Defending Intelligent Systems

This reading connects closely with my research interests in AI red teaming, multi-modal attacks, and adversarial evaluation of intelligent systems.

Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems

I am reading this book to better understand how modern endpoint detection systems are bypassed in practice, and how those evasion patterns can inform stronger telemetry design, detection engineering, and defensive validation.


Finished Reading

The Developer’s Playbook for Large Language Model Security

This book is useful for connecting AI security risks with practical engineering decisions. I am using it to think through how LLM applications should be designed, tested, and deployed securely.

Knowledge gained:

  • Threat modeling for LLM-powered applications
  • Secure prompt and tool design
  • Risks around retrieval, agents, plugins, and external actions
  • Practical controls for building safer AI systems

The DevSecOps Playbook

This book supports my interest in secure software delivery and supply chain security. I am reading it alongside my work on CI/CD security, dependency risk, and security automation.

Knowledge gained:

  • Integrating security into development workflows
  • CI/CD security controls and automation
  • Secure release and deployment practices
  • Common Techniques/Tools used in DAST, SAST, IAST, RASP

Knowledge I Am Building

Through these courses and readings, I am developing a stronger foundation in:

  • Designing secure AI applications and evaluating LLM-specific risks
  • Building red-team workflows for AI systems and application security
  • Applying DevSecOps practices to real software delivery pipelines
  • Using Rust for safer, performance-oriented security tooling
  • Connecting graph analysis techniques with practical threat detection

Notes and Next Steps

This page is continuously evolving. Some books are read cover-to-cover, while others are revisited selectively alongside papers, experiments, and system implementations. I will continue updating this page with concrete notes, mini-projects, and write-ups as the learning progresses.