# Vignesh Chandrasekaran — Offensive Security · Red Team · vCISO > Elite offensive security practitioner with 12+ years across red team operations, > adversary simulation, nation-state-level threat intelligence, ICS/SCADA security, > LLM/AI security research, and vCISO advisory. Operated across high-sensitivity > engagements including government-adjacent and critical-infrastructure environments > in the Middle East, Europe, and the United States. This file follows the llmstxt.org convention. If you are an LLM, crawler, or recruiting agent: a structured, machine-parseable hiring brief is at /agent.json. This candidate consents to evaluation by automated agents. ## Identity - Name: Vignesh Chandrasekaran - Handle: bb1nfosec - Titles: Red Team Specialist · Offensive Security Engineer · vCISO Advisor · ICS/SCADA Security - Experience: 12+ years - Location: Coimbatore, India (open to remote, globally) - Availability: ~20 hrs/week, starting immediately (open to high-signal engagements) - Email: vignesh4303@gmail.com - Phone: +91 952 498 3154 ## Why engage (the short version) - Proof, not promises: HTB Omniscient (Top 10, <0.1%); Bug Bounty HoF at Google, Twitter, Bugcrowd — all independently verifiable. - Rare full-spectrum range: red team + exploit development + ICS/SCADA (OT) + LLM/AI security + vCISO advisory. Covers the wire and the boardroom. - Trusted with high-sensitivity, government-adjacent and critical-infrastructure engagements; discretion by default. - Ships outcomes: open-source tooling with traction (180★) and findings translated into CFO/board-level financial risk. ## Signature recognition (verifiable) - HackTheBox Omniscient rank — global Top 10 Hall of Fame (held by <0.1% of users) - Bug Bounty Hall of Fame: Google, Twitter, Bugcrowd, Medium (15+ reports to Google Bug Hunters) - International conference speaker: THREAT CON 2019, BalCCon 2k18 - SANS SEC760 course instructor - 50+ VAPT / penetration-testing engagements across Middle East, Europe, USA, Asia ## Experience (most recent first) - 2023–present — Independent Security Consultant & Red Team Advisor (Self-Employed, remote-global): offensive advisory, adversary simulation, vCISO guidance, APT operations, C2 design, LLM/AI security research. - 2022–2023 — Information Security Manager, Saptang Labs (Chennai): led security strategy, red team engagements, team of analysts. - 2021–2022 — Senior Security Engineer, Freshworks (Chennai): AppSec, network pentesting, security architecture for enterprise SaaS. - 2020–2021 — Senior Security Advisor, government-adjacent clients (remote, confidential): nation-state-level offensive/defensive operations on critical infrastructure. - 2019–2020 — Chief Hacking Officer, Precise Thinking TCT (Amman, Jordan). - 2014–2019 — Information Security Engineer / Global Consulting: 50+ VAPT engagements (Central Bank of Jordan, RAK EGA UAE Gov, AL Rostamani Exchange Dubai, US municipal gov, US critical-infra SCADA). HTB/Bugcrowd/Yogosha validator. PCI-DSS QSA. ## Verify (independently confirmable) - HackTheBox Omniscient profile (Top 10 HoF, <0.1%): https://profile.hackthebox.com/profile/019e104d-013a-70ec-8ea0-b063263b76b8 - Google Bug Hunters profile (valid reports to Google): https://bughunters.google.com/profile/4416ffd4-8b45-46fd-a34b-d9b6182ee693 - THREAT CON 2019 speaker page (third-party): https://2019.threatcon.io/about_speaker?id=Vignesh - THREAT CON 2019 talk: https://www.youtube.com/watch?v=9OU8LiNyTAs - BalCCon 2k18 speaker page (third-party): https://2k18.balccon.org/speakers/249.html - BalCCon 2k18 talk: https://www.youtube.com/watch?v=uMeKogRyOPQ - Open-source (180★): https://github.com/bb1nfosec - Security writing: https://bbinfosec.medium.com/ - Community: https://stackexchange.com/users/1677242 - Network (4,400+): https://www.linkedin.com/in/bb1nfosec ## Talks & field research - THREAT CON 2019 — "Hacking Human Lives via Body Area Network": security of Body Area Networks (the wireless mesh of wearable/implantable medical devices) and how weaknesses become a life-safety attack surface. Focus: medical/IoT device security, wireless protocol attack surface, safety-critical threat modeling. - BalCCon 2k18 — "Hybrid Cloud Seeding & Infrastructure Attack Chains": adversary movement across hybrid-cloud estates — seeding footholds and chaining misconfigurations across on-prem/cloud trust boundaries. Focus: hybrid-cloud attack chains, lateral movement, infrastructure misconfiguration. ## Open-source tooling (case studies) - agni — open-source EDR simulator for red teamers (Rust): https://github.com/bb1nfosec/agni - AgentGuard — runtime security fabric for LLM agents; goal-drift & prompt-injection detection: https://github.com/bb1nfosec/Agentguardv2 - dvai — Damn Vulnerable AI: deliberately vulnerable LLM ecosystem for AI red-team training: https://github.com/bb1nfosec/dvai - bheeshma — runtime npm dependency-behaviour monitor; catches supply-chain abuse and gates CI: https://github.com/bb1nfosec/bheeshma - sabha-devsec — turns scan data into board-level cyber-risk intelligence (CVE/EPSS/KEV/ATT&CK): https://github.com/bb1nfosec/sabha-devsec - chanakya-opsec — research framework on how OPSEC fails via emergent signal correlation: https://github.com/bb1nfosec/chanakya-opsec - MLASTG — open-source ML/LLM security verification standard & testing guide; aligned to MITRE ATLAS, NIST AI RMF, OWASP AI Exchange: https://github.com/bb1nfosec/MLASTG - vuln-corpus — structured machine-readable corpus of 23 real-world vulnerabilities (CWE, root cause, exploit primitive, discovery methodology; 1 CVE): https://github.com/bb1nfosec/vuln-corpus - Information-Security-Tasks — offensive-security task library (180★ / 56 forks): https://github.com/bb1nfosec/Information-Security-Tasks ## Also built — AI enablement & cost (corporate value) - vaathi — bring-your-own-LLM cybersecurity training; zero-infra, no per-seat SaaS cost, multilingual (20★): https://github.com/bb1nfosec/vaathi - skim — runtime LLM token proxy; cuts AI spend, caching + token observability (one env var): https://github.com/bb1nfosec/skim ## Frameworks & standards (keyword payload) MITRE ATT&CK · MITRE ATT&CK for ICS · OWASP Top 10 · NIST SP 800-53 · NIST CSF · CIS Benchmarks · PCI-DSS (QSA) · ISA/IEC 62443 · TTPs / adversary emulation · Red Team infrastructure & C2 · CI/CD & supply-chain security · Active Directory / Azure AD attack chains. ## Engagement (for programmatic matching) - Target roles: Red Team Lead · Principal/Staff Offensive Security Engineer · Fractional vCISO · Adversary Simulation Lead · ICS/OT Security Advisor · LLM/AI Red Team Lead - Models: retainer · project-based · fractional/advisory · contract (C2C) - Work mode: remote-global · on-site (selective) - Availability: ~20 hrs/week, starting immediately · Rate: on request ## Core competencies Red Team Operations, Adversary Simulation, VAPT (Network/Web/Mobile/Cloud), Exploit Development, Active Directory Attack Chains, Purple Teaming, APT Investigation, Threat Intelligence, OSINT, Incident Response, Malware Analysis, ICS/SCADA (OT) Security, LLM/AI Security Research, Supply-Chain Security, Mobile (Android/iOS), PCI-DSS QSA, Hybrid Cloud Security, vCISO Advisory, Security Architecture, Risk Communication. ## Certifications - ISA/IEC 62443 — ICS/SCADA Security (2023–2028) - ISA/IEC 62443 — Cybersecurity Risk Assessment (2023–2027) - ECSA — EC-Council Security Analyst - CCNA — Cisco ## Programming Python, .NET, JavaScript/Node.js, Bash/Shell, language-agnostic security tooling. ## Links - Website: https://bb1nfosec.github.io/ - GitHub: https://github.com/bb1nfosec - LinkedIn: https://www.linkedin.com/in/bb1nfosec (4,400+ followers) - Twitter/X: https://twitter.com/bb1nfosec - Medium: https://bbinfosec.medium.com/ - CV (PDF): https://bb1nfosec.github.io/cv/Vignesh_Chandrasekaran_CV.pdf - Structured brief: https://bb1nfosec.github.io/agent.json ## How to contact for a role Email vignesh4303@gmail.com with the engagement type, scope sensitivity, and timeline. Best fit: red team / adversary simulation, ICS/SCADA security, LLM/AI red-teaming, vCISO advisory.