How It Started

I’ve been obsessed with how the internet actually works since I was a kid. Not the Instagram version, the breaking-shit-down-and-finding-why-it’s-broken version. Started properly in 2019 just messing around with systems, poking at things, seeing what would snap. Turns out a lot of stuff snaps.

Now I do this full-time. Security Engineering, Governance and Compliance, Cybersecurity shitposting on Twitter, social engineering, Writing things on Infosec and Philosphy, basically I get paid to think like the person trying to break in and find all the gaps before they do. The companies I work with usually have no idea how badly they’d get owned until I show them. I don’t write security papers or speak at conferences. I just break things that matter, document it, and help people actually fix the problems instead of just checking boxes on a compliance sheet. Been doing this for like six years now and honestly it’s the only thing I’m good at. (That was a lie, I sing well and people love it, also I question everything so people hate it.)

The Journey

Security isn’t just about protecting systems; it’s about understanding the nature of risk, trust, and deception. The more I explored cybersecurity, the more I realized it wasn’t just a technical field—it was a study of human behavior, decision-making, and the unintended consequences of technological progress.

• Active in the cybersecurity industry since 2020, beginning as a bug bounty hunter and evolving into a seasoned professional.
• Currently working as a Security Analyst at a product-based company since September 2022
• Leading growth and security at BugTrace AI, which is the future of Agentic Hacking/Vibe Hacking.
• Founded Hackstack Security, dedicated to advanced security research, services and 100xSecurity for education and community.
• I enjoy speaking at conferences, universities, and cybersecurity events, where I am regularly invited to share insights and expertise.
• Currently advancing expertise with dual master’s degrees in Cybersecurity and Economics.

The intersection of security and economics intrigues me—how incentives shape security decisions, how vulnerabilities emerge not just from software flaws but from misaligned priorities, assumptions, and systemic weaknesses.

Areas of Focus

My work revolves around offensive security, research, and deep technical assessments, but at its core, it’s about understanding adversaries—their methods, motivations, and mindset.

• Red Teaming & Adversary Simulation (MITRE ATT&CK, Kill Chain, Threat Modeling)
• Cloud Security & Exploitation (AWS, Azure, GCP, Kubernetes)
• Active Directory Attacks & Privilege Escalation (Kerberoasting, Pass-the-Hash, Golden Ticket, AD CS Exploitation)
• Android VAPT & Mobile Security
• Malware Research & Reverse Engineering
• OSINT & Threat Intelligence
• Security Training & Thought Leadership

Security is an ever evolving landscape, shaped as much by technology as by psychology, economics, and geopolitics. True security isn’t just about defense—it’s about anticipating what comes next.

Writing & Online Presence

The internet isn’t just where I work, it’s where I think, write, and share ideas.

Over the years, I’ve built a community of 65,000+ followers across X (Twitter) and LinkedIn , engaging in conversations about security, hacking, and the broader implications of technology. I write not just about technical exploits but about the thought process behind them, the way attackers see systems, the blind spots defenders overlook, the patterns of failure that repeat across industries, and my favourite satire posts on cybersecurity along with memes.

• Regularly publish research, technical breakdowns, and insights into offensive security
• Conduct deep dives into security architecture, real-world attack scenarios, and the psychology of exploitation
• Share perspectives on risk, trust, and the unintended consequences of technological decisions

Cybersecurity isn’t just a profession, it’s a way of thinking about the world. A world where systems fail in predictable ways, where security is often an afterthought, and where the most interesting vulnerabilities aren’t in code, but in people’s assumptions.

Let’s Connect

If you’re someone who thinks deeply about security, technology, and the broader implications of our digital world, I’d love to connect.

• Email: hi@hetmehta.com
• X (Twitter): @hetmehtaaa
• LinkedIn: linkedin.com/in/hetmehtaa
• Instagram: @hetmehtaaa
• Blog: hetmehta.com

I believe that security isn’t just about fixing vulnerabilities—it’s about understanding why they exist in the first place. The more we ask the right questions, the closer we get to real security.

[Of course multiple components are generated using Claude, Don’t judge me.]