About Me

About Me

Hello! I’m Prabhu Kalyan Samal, an Application Security Tester (AST) at Tata Consultancy Services (TCS) — one of the world’s largest IT services and consulting firms. With a deep passion for cybersecurity, I specialize in identifying vulnerabilities in web applications, APIs, and enterprise systems before malicious actors can exploit them.

My day-to-day work involves conducting comprehensive security assessments, performing penetration testing, and working closely with development teams to integrate security into every stage of the software development lifecycle. I believe that security isn’t a checkbox — it’s a culture that needs to be embedded from the first line of code to the last deployment.

Beyond my corporate role, I run hmmnm.com, where I share in-depth articles on cybersecurity topics including Cross-Site Scripting (XSS), Server-Side Template Injection (SSTI), HTTP Request Smuggling, ransomware defense strategies, and ethical hacking best practices. My goal is to make advanced security concepts accessible to developers, security enthusiasts, and fellow professionals.

Certifications

Continuous learning is at the core of my professional growth. I hold the following industry-recognized certifications:

  • CISP — Certified Information Systems Security Professional, validating expertise across eight domains of information security.
  • Microsoft SC-900 — Microsoft Certified: Security, Compliance, and Identity Fundamentals, demonstrating foundational knowledge of Microsoft cloud security services.
  • Microsoft SC-200 — Microsoft Certified: Security Operations Analyst, certifying skills in threat detection, response, and proactive threat hunting using Microsoft Sentinel and Defender.
  • PSPO 1 — Professional Scrum Product Owner I, reflecting my understanding of agile product management and stakeholder collaboration.
  • GC (Google Cloud) — Google Cloud certification, confirming competence in Google Cloud security and infrastructure.

These certifications represent both breadth and depth — spanning cloud security (Azure and Google Cloud), offensive security methodologies, and agile product ownership — giving me a well-rounded perspective on building secure, resilient systems.

Experience

As an Application Security Tester at TCS, I work across multiple client engagements in sectors ranging from banking and finance to healthcare and government. My responsibilities include:

  • Web Application Penetration Testing: OWASP Top 10 analysis, business logic flaw identification, and authentication/authorization testing using industry-standard tools.
  • API Security Assessment: REST and GraphQL API testing, with focus on Broken Object Level Authorization (BOLA), injection vulnerabilities, and excessive data exposure.
  • DevSecOps Integration: Collaborating with CI/CD pipelines to embed security scanning (SAST, DAST, SCA) into automated workflows.
  • Security Reporting & Remediation: Delivering clear, actionable vulnerability reports with risk ratings, proof-of-concept exploits, and remediation guidance to development teams.
  • Cloud Security Review: Assessing Azure and GCP configurations against CIS benchmarks and identifying misconfigurations that could lead to data exposure.

I take pride in not just finding vulnerabilities but ensuring they are understood, prioritized, and effectively remediated by the teams I work with.

Contact

I’m always open to connecting with fellow security professionals, developers looking to level up their security knowledge, and anyone passionate about making the internet safer. Feel free to reach out:

Whether you’re looking to collaborate on security research, discuss vulnerability disclosures, or simply exchange ideas — my inbox (and DMs) are always open.