About Me
Prabhu Kalyan Samal
Securing the digital world, one vulnerability at a time.
Security Researcher & Consultant
I write about what I break — and how to fix it.
Hello! I'm Prabhu Kalyan Samal, a Cyber Security Consultant at Tata Consultancy Services (TCS) — one of the world's largest IT services and consulting firms. With a deep passion for cybersecurity, I specialize in identifying vulnerabilities in web applications, APIs, and enterprise systems before malicious actors can exploit them.
My day-to-day work involves conducting comprehensive security assessments, performing penetration testing, and working closely with development teams to integrate security into every stage of the software development lifecycle. I believe that security isn't a checkbox — it's a culture that needs to be embedded from the first line of code to the last deployment.
Beyond my corporate role, I run hmmnm.com, where I share in-depth articles on cybersecurity topics including Cross-Site Scripting (XSS), Server-Side Template Injection (SSTI), HTTP Request Smuggling, ransomware defense strategies, and ethical hacking best practices. My goal is to make advanced security concepts accessible to developers, security enthusiasts, and fellow professionals.
Skills & Tools
Offensive Security
Cloud & DevSecOps
Tools & Platforms
Communication
Certifications
Continuous learning is at the core of my professional growth. These certifications span cloud security, offensive methodologies, and agile practices.
Certified Information Systems Security Professional
Expertise across eight domains of information security.
Microsoft Security Operations Analyst
Threat detection, response, and hunting using Sentinel & Defender.
Microsoft Security, Compliance & Identity
Foundational knowledge of Microsoft cloud security services.
Professional Scrum Product Owner I
Agile product management and stakeholder collaboration.
Google Cloud Certification
Google Cloud security and infrastructure competence.
Security isn't a checkbox — it's a culture that needs to be embedded from the first line of code to the last deployment.
Think Like an Attacker
Understanding offensive techniques is the foundation of effective defense.
Shift Left
Catching vulnerabilities early in the SDLC is orders of magnitude cheaper than fixing them in production.
Share Knowledge
A stronger security community means a safer internet for everyone.
Experience
Cyber Security Consultant
Tata Consultancy ServicesOWASP Top 10 analysis, business logic flaw identification, and authentication/authorization testing.
REST and GraphQL API testing — BOLA, injection vulnerabilities, and excessive data exposure.
Embedding SAST, DAST, SCA scanning into CI/CD pipelines for automated security.
Actionable vulnerability reports with risk ratings, PoC exploits, and remediation guidance.
Azure and GCP configuration assessment against CIS benchmarks.