Harsh Bhetaria

Lead Product Security Engineer

Welcome to my corner of the internet where I showcase my professional work and personal projects. Passionate about cybersecurity, infrastructure automation, and building secure, scalable solutions.

View My Work Get In Touch 📄 Download Resume

🔐 Resume SHA256: 7f6d68d09f5919a61166c48bac8ded50b536f6fbede26e6bbdc2379b5fabc26b (click to copy)

About Me

10+ Years Experience
3 Top Companies
50M+ Users Protected
CISSP Certified
HB CISSP
2021 – Present
Senior Product Security Engineer
Slack
2019 – 2021
Security Engineer
Amazon
2017 – 2019
Senior Security Consultant
Synopsys

Building Secure Infrastructure, One System at a Time

🛡️

Senior Product Security Engineer @ Slack

Proactive threat modeling & secure code review for millions of users

Click to learn more →
What I Do at Slack:
  • 🏗️ Architecture Reviews: Helping teams design secure system architectures and identify security risks
  • 📱 Mobile Security Program: Designed and implemented comprehensive mobile security framework
  • 🚨 Incident Response SME: Serving as subject matter expert for security incident response
  • 🎯 Hacking Events: Running internal security events to improve security awareness and skills
  • 🔧 Vulnerability Remediation: Advising teams on how to effectively fix security vulnerabilities
  • 🛡️ Security Integration: Helping teams integrate security considerations into their planning processes
  • 📋 Security Reviews: Performing comprehensive security assessments of systems and applications

5+ years of experience securing enterprise communication for millions of users worldwide

📦

Security Engineer @ Amazon

Large-scale infrastructure security and cloud security architecture

Click to learn more →
What I Did at Amazon:
  • 🎯 Service Priority System: Designed priority framework to determine which services require security focus
  • 🚨 Incident Response SME: Served as subject matter expert for security incident response
  • 🔥 Critical Incident Support: Provided hands-on assistance during high-severity security incidents
  • 🔐 AuthN/AuthZ Frameworks: Designed new authentication and authorization frameworks for product team adoption

Experience securing critical infrastructure serving millions of customers worldwide

🔬

Senior Security Consultant @ Synopsys

Application security testing and secure software development lifecycle

Click to learn more →
What I Did at Synopsys:
  • 👥 Team Leadership: Led a team of 5 security professionals
  • 📚 Training Program Head: Led training initiatives for new hires and designed comprehensive onboarding courses
  • 🎯 Recruiting Team Member: Conducted multiple interviews as part of the recruiting team
  • 🏢 Practice Leadership: Led a security practice within the organization

Leadership experience in security consulting with focus on team development and organizational growth

🏆

CISSP Certified

Expert in penetration testing, vulnerability assessment & cryptography

Click to learn more →
Cybersecurity Expertise:
  • 🎯 Penetration Testing: Ethical hacking to identify vulnerabilities
  • 🔐 Cryptography: Implementation of secure encryption protocols (AES, HMAC)
  • 🌐 Network Security: Designing secure network architectures
  • 🛡️ Application Security: Code analysis and secure development practices
  • 📚 Continuous Learning: Staying current with emerging threats and security frameworks

CISSP certification demonstrates mastery across 8 domains of cybersecurity

🏠

Homelab Enthusiast

Self-hosted password vault, automation & secure remote access

Click to learn more →
My Homelab Infrastructure:
  • 🔐 Password Vault: Self-hosted Bitwarden for complete password control
  • 🏠 Home Automation: Smart home integration with privacy-first approach
  • 🌐 Reverse Proxy: Cloudflare Access for secure remote connections
  • 📊 Monitoring Stack: Grafana + Prometheus for infrastructure visibility
  • 🐳 Containerization: Docker swarm for service orchestration

Experimenting with enterprise security concepts in a controlled environment

🤖

AI Automation in CI/CD Pipelines

Integrating AI-driven automation into CI/CD workflows for security and efficiency

Click to learn more →
AI-Powered CI/CD Automation:
  • 🤖 AI Code Review: Integrated LLM-based static analysis into pull request pipelines for automated security and quality feedback
  • 🔍 Automated Threat Detection: Built AI-assisted pipeline stages that flag security misconfigurations and vulnerable dependencies before merge
  • Intelligent Test Generation: Leveraged AI to auto-generate security test cases and fuzz inputs based on code changes
  • 📊 Pipeline Observability: Deployed AI-driven anomaly detection on build and deployment metrics to surface regressions early
  • 🔄 Self-Healing Pipelines: Designed automation workflows that use AI to diagnose and retry flaky build steps with corrective actions
  • 🛡️ Security Gate Automation: Enforced AI-evaluated security gates (SAST, DAST, secrets scanning) as mandatory pipeline checks

Applying AI to make CI/CD pipelines faster, smarter, and more secure at enterprise scale

🔍

Security-First Mindset

Every system designed with security as the foundation, not an afterthought

Click to learn more →
My Security Philosophy:
  • 🏗️ Security by Design: Integrating security from the ground up, not bolting it on later
  • 🔄 Continuous Improvement: Regular security assessments and iterative hardening
  • 👥 Education First: Training teams to think security-first in every decision
  • ⚖️ Risk-Based Approach: Balancing security controls with business functionality
  • 🔍 Transparency: Open communication about security posture and improvements

"Security is not a product, but a process" - Building resilient systems through thoughtful design

🚀 Skills

Security
Security Architecture Vulnerability Assessment Penetration Testing Threat Detection SIEM
Cloud & Infrastructure
AWS Docker Kubernetes Linux Terraform
Dev & Automation
Python CI/CD GitHub Actions AI/ML Automation LLM Integration

🏆 Certifications

🛡️ CISSP - Certified Information Systems Security Professional

Featured Projects

🏢 Professional Experience

🛡️

Proactive Security Engineering

Leading product security initiatives at Slack, focusing on proactive threat modeling, secure code review, and vulnerability assessment across enterprise communication platform serving millions of users.

5+ years experience Enterprise scale Proactive security
🔐

Application Security & Penetration Testing

Conducting comprehensive security assessments including penetration testing, vulnerability analysis, and application security reviews. Implementing security controls across cloud infrastructure and communication systems.

CISSP Certified Penetration testing Vuln assessment
🔒

Cryptography & Network Security

Designing and implementing cryptographic solutions and network security protocols. Expertise in encryption technologies, secure communication protocols, and privacy protection for enterprise platforms.

Cryptography expert Network security Privacy protection

🚀 Personal Projects

🔐

HMAC Implementation & Security Analysis

Custom implementation and analysis of Hash-based Message Authentication Code (HMAC) with comprehensive security testing and documentation.

View Code Documentation
📊

Cloudflare Analytics Dashboard

A modern, Grafana-style dashboard for monitoring Cloudflare analytics in real-time. Built with React, TypeScript, and Recharts with dual-mode operation.

View Code
🖥️

Homelab Monitoring Stack

Comprehensive monitoring solution for distributed homelab setups using Grafana, Prometheus, and AlertManager. Features Docker deployment, Home Assistant integration, and smart alerting.

View Code Documentation
🤖

AI-Powered CI/CD Security Automation

End-to-end pipeline automation integrating LLM-based code review, automated security gate enforcement, and AI-driven anomaly detection on build metrics. Reduces manual security review time while catching vulnerabilities before they reach production.

LLM code review CI/CD security gates Anomaly detection

Get In Touch

Interested in collaborating, discussing homelab setups, or just want to chat about tech? I'd love to hear from you!

📧 Email
💼 LinkedIn 🐙 GitHub

🔐 PGP/GPG Public Key

Key Fingerprint: 1BCF 4D18 E05A F929 399A C0D3 CBAA B1F5 DCAD E586
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGjcTAoBEADRWbvH9NInyKLTFVbsPFMWN51qscdL/3nbkHh92f8l5NeEMnUh AX4KIi3m/pN+TEBy4H8AYGPWO7AFh9B5I+XyRdFcrKkS4HNHIWqwJX1HSXC8Rl6S 5xNshYhK7s2cnLeVms/JhARdC99rxMrjYYZWtXxslfjZMXR6tTmAUicu5WtWfnEU Qqi61SoupvPFqJWewD5htq39fyiuH9YGeGjN+bnWYDVrjRBjb1sdnCU6LtK2jQnx 7NhjQeJPzQJnzcXkKjrOa96sOhIkLAkAqjkoUVCebrdI75yIAsW8YWOPBJDc/Zme zFEz6/E29bC5cnQ+JAzor0IYv+j+e9pKzL74alruLyLJbJ6m3XFu4INRmSdfRCaC GWlfbg5PYxyHB7TXHvujmdvAXuzbL6RcSj/2Hyb9T4jlIBD2Maa0ZBw+OeRiImk0 PDRitkcwj9NwFgcdEx565xkwXoKgMGc9Xt/epLJ3C0gAeKL3D6/zODRwIO4vOV3P bwuux7lymve8/T8Kyo9Mzu7lYzfQzD8wbrZgxFR36X+TF3z5vIZUp4t1MmISTstV 63CVBLELvu6JT2JVFtsH0RSHVc0UA2h5Ksxv6bmB/f3HFqWuPtbGjGgEYjR3U4nA p0p5Heja3svm28aIJ3KWRjUgvv0Mf/z6LqAdwzqttL5SPNr4GqRpFZcV1QARAQAB tB9IYXJzaCA8YmhldGFyaWFoYXJzaEBnbWFpbC5jb20+iQJUBBMBCAA+FiEEG89N GOBa+Sk5msDTy6qx9dyt5YYFAmjcTAoCGwMFCQeGHz4FCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQy6qx9dyt5YZAPQ//cM1Nkpw4aRyEEupugVxq5fFrsjtfB1R9 3MvPQVOzx7j28VZLaXHzNgos4TXAYVYHv5nnNDBqFJJ9BakMscI4ut0Mi2KEG0cM HLdQMxLgcqWDVWkSMqPL+SHzEgjZT7e6jk6uVh+114Ih57oC++bQHbq8Kzk4dADj HeLy27eIJq+6HevCq5iSU9icZCby62Uyg48OUSuBWNvy4irD74q7Rt94MgYS90Vw TucZG7Tvq4DrBO2mP/exnUAkxBwMZA6dBbI2zGc2CcVL5KtgjYzSuJoSXtXkvE3B KDjmv0PFjsSCNWl9k3NS7pXgCUZ84uT6PTuNbLd9FDFfH7nnYGfJa6rhlsxpia7T RcrMC2pJkyl1uGAiIJXBd+BlCcW67a1gk3ZZQgB4vIr6jQfn4ZTx21ozSNmo5/5D DcMvQfmdPVs4nnl2f5BxeqK6HESRcWmzUM4XSA6lfxXN+qqvtQk+JwNuBnQOqcjR eWl7mVAxQ8pa6ul8NIBd2/KHH5e19IkfE2Ag1mqWgsK1f81bKbKQT3GNMmiJ5rx3 6JxGo70e6fH98s+acioW9rJr8R8IxdKPJ0eBf/uyBecLOQHYEzQ/qDKoooOhGMh5 YKYkHmg8kryo1dWzNwoT5DWtOYot7ZP5FA+eYps3gRA5RVP/fQwyuhkOgUGCePJ1 jwRDwOa9EUu5Ag0EaNxMCgEQALMT0wBlZ4K2h+tZSnvhuJIaQ1bVy9uv3YfiBi/f Oyp5I7uVxmX/kCHz/YLuWZ5GzKUb+PSPbXzmn3wxeftBEckbFqkPduwAkq8WTl09 O2piKaZm6GOMe+Ggx9AF8MLITV9ViRUeCojhNJpFj4iKVmhuD7TynLPBh8tJFgoB gGPl76oF0KXqLWdQF5e8xRGfTGs3XOy92bAJ0AT/UV/SdQUJHEPAAo7Wxb1HlP97 1UkF1r6sW32wYco5bhD44HOAKWr9ghiUVhK3wdLgg27i/AkcQ0orqZmTm2V9FMLw xjDU372HDktBCOaAAdVlgTGogO5XoAIaILAI51epMC1iYtsbCKvHLqjq62qin75S Ox16D5PzswF1mmAK2BUJxtYB0kNkMq2XrwMSZVNeUOyNWlmjG2yUf53vCOn+8xdI QBHd+xYcfu9tJ3vBvLGhJK+zlvSdTjv2x7A/l1EcKH8jRUqMIAKIw6/BUofIwhh/ wkTou23AoO6DUq8P63mSbsceNmRG7xguXfoqJy8/Wd9xMAeura9/wJFMxxukkTWj b+Atj1SmFp50R6NDPefMiAXEQ1h4Hg1QDCLNT0TETnQAcLlhp2dNsw8VUHMUZ/mn rLt7+TqhZx+EN2hg0Mxs1KrO/nrcxfMk5yilyGgIxoTT42y+B3nOH3p+hSP0pRWI rkuXABEBAAGJAjwEGAEIACYWIQQbz00Y4Fr5KTmawNPLqrH13K3lhgUCaNxMCgIb DAUJB4YfPgAKCRDLqrH13K3lhtRAD/4vLukBv7EE9qY6rPIcKvkb4RB67kfjZzsn yp5QaACJPbeFIocZ70wIejsEWzQG0U3dL7PywO9nOE2nNrhIPpBHBErGheYOmDQj HkkQuQAsfRWtVAEJN82sERNzeY49yDLJ9HVgfghc4CPk5hv0L1OZfK3epnSEdV0u blE+7sJQUAn3IhPRExTkSCefVCx7qHlkE+j+3HwGKcQIOTmykMdEF3buu/1FcFeO N62+1g1XjLGN4FDGSI0m+eJyYGW8mlvH4VxbsictUrXJOC7lCS6E9OyKAzL40X9B 0PMXApmjFBakz6El91WfNLQsC02iD7xMvHQ7JjshhIoFBvhL9Nn34Equ4Isqxe0c nct05ZIsnHXaL234KbN060aSgE23o+8qKajKwhnkcG/9cFU7WUFDktf6CNufEJx0 yEEyRJt8mfQ2gvyExMmFURuMnqWXVVPAQZ2jyeuYjZq1WTtHA4kW/gjeXQKY8vFb W3A6+53v9TyEKdNVWtDChpfmEYCIl0JiOK/MXCHxlH2JhVBnZjXAsKA2tOeLO7J4 Y7TGnROWFv7dvZxC5y36tvfJj281G6pBDliDQ8YYSyzyN0KkNMN1vJhHUTr/qrz1 gcXgY4QrRVXdllnNyobjtXUfMfTWmMXAoHzBWWXMcx3kd+vKLBQRb6DPipD8yny2 SgieuZtsuw== =d1M/ -----END PGP PUBLIC KEY BLOCK-----
🔍 Verify on Keyserver

For secure communication: Use this key to send me encrypted messages or verify my signed communications. You can import it with: gpg --import