Hello, I'm Suman Roy Chowdhury

Security Consultant | Certified Ethical Hacker | Freelance Web Developer

Transforming digital vulnerabilities into fortified solutions through meticulous security assessments and strategic consulting.

CEH v12 CNSP Kali Linux Certified Security Consultant Freelance Web Developer OWASP Top 10 Expert Responsive UI/UX Design
Hire Me View Work

Web Design Portfolio

Freelance and personal projects built with focus on responsiveness, visual design, and performance.

VKr Downloader

All In One Video Downloader

A responsive tool for downloading videos from over 1000 platforms including YouTube, Facebook, and Instagram.

Live Demo
Thumbnail Tool

YouTube Thumbnail Downloader

Extract high-resolution thumbnails from any YouTube video with ease.

Live Demo
Fashion Store

Fashion Store

A trendy fashion website mockup showcasing modern product listing and style.

Live Demo
Hackathon Event

NSEC Hackathon

Event page for a student-led hackathon with sections for registration, schedule, and FAQs.

Live Demo
Word Counter

Word Counter App

Utility app for counting words and characters—useful for content writers and students.

Live Demo

About Me

I'm Suman Roy Chowdhury, a dedicated security professional specializing in identifying and resolving cybersecurity vulnerabilities. With a comprehensive background in ethical hacking and penetration testing, I'm committed to fortifying digital assets against evolving security threats.

Currently serving as a Security Consultant at Black Duck Software, I leverage my expertise to provide organizations with actionable insights and robust security solutions. My approach combines technical proficiency with strategic thinking to address complex security challenges.

I graduated with a Bachelor's degree in Cyber Security from Netaji Subhash Engineering College in 2024, where I developed a strong foundation in security principles and practical defensive/offensive techniques.

In addition to my cybersecurity work, I also take on freelance web development projects—focusing on static websites and high-conversion landing pages. I specialize in building fast, responsive, and visually appealing designs tailored to client needs, combining strong UI/UX principles with clean code to deliver professional-grade web experiences.

Certifications

  • Certified Ethical Hacker (CEH) v12
  • Certified Network Security Professional (CNSP)
  • Kali Linux Certified Professional
  • ISO/IEC 27001:2022 Information Security Associate

Education

BSC in Cyber Security

Netaji Subhash Engineering College

Graduated: 2024 | GPA: 8.47/10.0

Key Focus Areas

Web App Security

Comprehensive assessments to identify and mitigate web vulnerabilities

Pen Testing

Methodical security evaluations simulating real-world attacks

Ethical Hacking

Authorized penetration testing to improve security posture

Vulnerability Research

Deep analysis to discover and report security weaknesses

Web Development

Freelance development of static websites and landing pages with responsive UI/UX

Professional Experience

Security Consultant

Black Duck Software Aug 2024 - Present
  • Providing expert security consulting services to enterprise clients across various industries
  • Conducting comprehensive vulnerability assessments and penetration tests
  • Developing customized security solutions and risk mitigation strategies
  • Advising clients on security best practices and compliance requirements

Security Researcher & Bug Bounty Hunter

HackerOne  &  Bugcrowd Aug 2024 - Present
  • Identifying and responsibly disclosing critical vulnerabilities in web applications
  • Participating in private and public bug bounty programs
  • Contributed to securing products from top tech companies
  • Ranked in top 5% of researchers on both platforms

Application Security Intern

Synopsys Feb 2024 - July 2024
  • Assisted in performing security assessments on client applications
  • Supported senior security consultants in vulnerability analysis
  • Gained hands-on experience with enterprise security tools
  • Contributed to security report documentation and remediation guidelines

Technical Expertise

Web App Security

Comprehensive security assessment for modern web applications

OWASP Top 10 XSS/CSRF SQL Injection Session Security

Penetration Testing

Methodical security evaluations simulating real-world attacks

Kali Linux Metasploit Burp Suite Nessus

API Security

Specialized testing for API vulnerabilities and misconfigurations

REST/SOAP GraphQL Postman OWASP API Top 10

Security Tooling

Proficient with industry-standard security assessment tools

Nmap Sqlmap Wireshark ZAP

Front-End Development

Crafting responsive static websites and interactive user interfaces

HTML5/CSS3 Tailwind CSS JavaScript React

Cloud Security & Deployment

Securing cloud platforms and deploying static or dynamic websites efficiently

AWS S3/EC2 Cloudflare Netlify Vercel SSL/TLS IAM Policies

Security Portfolio

The following case studies represent anonymized security assessments conducted across various industries while maintaining strict confidentiality standards.

E-commerce Platform

Web Application

Comprehensive security assessment of a high-traffic e-commerce platform processing over 10,000 transactions daily.

Key Findings:

  • Critical payment processing vulnerability (CVSS: 9.8)
  • Authentication bypass affecting customer accounts
  • Multiple stored XSS vulnerabilities in product reviews
OWASP Top 10 PCI DSS Business Logic

Fintech API Security

REST API

Security assessment of core banking APIs serving mobile banking applications with over 500,000 active users.

Key Findings:

  • Account takeover via access token leakage
  • Mass assignment vulnerability exposing sensitive data
  • Improper rate limiting on authentication endpoints
API Security Broken Authentication OWASP API Top 10

Healthcare Portal

Web Application

HIPAA-compliant security assessment for a healthcare provider portal handling sensitive patient data.

Key Findings:

  • SQL injection in patient record lookup (CVSS: 9.1)
  • Insecure direct object references to medical records
  • Missing security headers exposing to clickjacking
HIPAA SQLi IDOR

Cloud Infrastructure

AWS Security

Cloud security assessment of AWS infrastructure hosting critical business applications with 99.99% uptime requirement.

Key Findings:

  • Overprivileged IAM roles exposing S3 buckets
  • Unencrypted database backups containing PII
  • Security group misconfigurations allowing lateral movement
AWS IAM Security Cloud Security

Get In Touch

For security consulting inquiries, penetration testing services, or to discuss potential research collaborations.

Contact Information

Email

r.suman@myyahoo.com

Phone

+918910937970

LinkedIn

linkedin.com/in/im-suman-roy

Professional Credentials

CEH v12 CNSP Bug Bounty Hunter Web App Security OWASP Top 10 Burp Suite Network Penetration Testing Vulnerability Assessment Red Teaming Nmap HTML5 CSS3 Tailwind CSS JavaScript (ES6) Responsive Design SEO Optimization Static Site Generators