Mihir Shah

Mihir Shah

I make things, I break things, and I make things that break things

CS Student @ Northeastern University

Mihir Shah is a pragmatic software engineer with a niche in Security and creator of VulnDroid, an intentionally vulnerable by design Application Cluster to learn and practice Application Security. He is a published author and cloud native secure software engineer with an extensive experience. Also he is an active member of the international security, DevOps and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), etc.

Mihir frequently speaks and runs training sessions at security and software engineering events and conferences around the world including DEFCON, BlackHat USA, GitHub Satellite 2020, Appsec EU, All Day DevOps, KubeCon & CloudNativeKon, DevOpsDays India, Nullcon, Serverless Summit, null and multiple others.

He has worked within the software engineering domain for a few companies wherein he was responsible for scaling the product during the company’s hypergrowth stage and performing security reviews and audits. Also won 1st prize for building Kubernetes Security Monitoring solution at OWASP DevSlop hackathon among 100+ engineering teams.

  • Software Engineering
  • Cloud Native development
  • Cloud & Container Security
  • DevOps & DevSecOps
  • Building & Breaking Stuff
  • MS in Computer Science

    Northeastern University

  • BS in Computer Science

    Jain University, Bangalore


Cloud-Native Software Engineer (Security)
May 2020 – Aug 2021 Remote

Responsibilities include:

  • Led a project to create and deploy a microservice-based web app designed in Django and MongoDB
  • Performed Security code reviews for product (in GoLang) patching security bugs in the product and enhancing the AWS security infrastructure
  • Improved the Kubernetes and AWS Security solutions with the product engineering team
Security Software Engineer - Contract
Sep 2020 – Nov 2020 Remote

Responsibilities include:

  • Presented improved code performance to 3 senior engineers leading to 20% better performant code
  • Performed a security review of the Android app and the PHP web app within AWS infrastructure to make it compliant against the OWASP Benchmarks
  • Created a secure SDLC pipeline for the DevOps team to follow leading to better secure coding practices within the organization
Software Engineering intern
Jun 2020 – Aug 2020 Remote

Responsibilities include:

  • Collaborated with the project maintainer to make improvements to the Cluster API Provider for GCP for Prometheus
  • Started with resolving issues in quick start and documentation to understand the project implementation and workflow
  • On completion of the project, implemented unit and feature tests in GoLang to verify unit build checks
DevOps Freelancer
Sep 2019 – Aug 2020 Remote

Responsibilities include:

  • Developed a backend infrastructure for an investment Banking startup, deployed it on Google Kubernetes Engine, and used GCP managed services
  • Built another project to understand the trend in risk analysis for an insurance company - Leveraging Flask rest plus and deployed it on AWS Lambda (Serverless stack)
  • Implemented a microservice architecture for a web app from a monolithic architecture, revising the AWS pricing factor to half of the original price


OWASP Bangalore Chapter lead
Nov 2017 – Aug 2021 Bangalore, India
OWASP is a security organization responsible for defining the standards for web & application security. I moderated and lead the Bangalore chapter for OWASP, wherein I origanized hackathons and moderated talks
Aug 2020 – Aug 2020 Online
This is the CNCF’s flagship conference for the developers and project maintainers for all the tools hosted by the CNCF, in Europe. I spoke at the conference on CRD version tagging for containers in Kubernetes.
Cloud Security project maintainer
Jan 2021 – Present Online
Mentoring for the Cloud Security Study Group and contributed and audited code commits for all the cloud security projects created by the members at null community.
Crew Member
Mar 2019 – Present Goa, India
Was a part of cloud villages in India. An open space to meet folks interested in offensive and defensive aspects of cloud security. I was leading in creating and running the hackathons for the conference.
Jan 2019 – Present Online
Security is everyone’s responsibility - http://www.devsecops.org
Code Contributor
Jan 2018 – Present Online

Code Vigilant project is created out of the need to have a more secure open source software. It is a known fact that a large number of users use opensource software but a very few of them contribute back in terms of identifying and making these opensource software a more secure piece of software.

This project is initiated with an aim of finding flaws in open source software and making sure that we reach one of the following conclusion.

  1. Get the vulnerability fixed and Patch issued.
  2. If author is not reachable then make sure the public information is available and spread the details that issues exist with opensource software and discourage its usage.
Chapter Lead
Sep 2017 – Aug 2021 Bangalore, India
Moderated the Bangalore chapter for the null - security community. Responsibilities include organizing monthly events, arranging venues, inviting speakers, etc.
Crew Member
Mar 2020 – Mar 2020 India

Recent & Upcoming Talks