How It Started

The internet has always fascinated me—not just as a place of endless information but as a system of interconnected vulnerabilities, waiting to be understood. My journey into cybersecurity wasn’t a conventional one. It began with curiosity, with the urge to break things apart to see how they worked, and over time, that curiosity transformed into expertise.

Today, I am a Cybersecurity Professional, Red Teamer, and Security Analyst with a deep focus on ethical hacking, adversary emulation, and security research. I specialize in Red teaming, Cloud security (AWS, Azure), Bug Bounty, Social Engineering and Active Directory exploitation. My work revolves around identifying weaknesses before they can be exploited, simulating real-world threats, and helping organizations build defenses that go beyond the surface.

The Journey

Security isn’t just about protecting systems; it’s about understanding the nature of risk, trust, and deception. The more I explored cybersecurity, the more I realized it wasn’t just a technical field—it was a study of human behavior, decision-making, and the unintended consequences of technological progress.

• Active in the cybersecurity industry since 2020, beginning as a bug bounty hunter and evolving into a seasoned professional.
• Currently working as a Security Analyst at a product-based company since September 2022
• Founded Hackstack Security, dedicated to advanced security research, services and 100xSecurity for education and community.
• I enjoy speaking at conferences, universities, and cybersecurity events, where I am regularly invited to share insights and expertise.
• Currently advancing expertise with dual master’s degrees in Cybersecurity and Economics.

The intersection of security and economics intrigues me—how incentives shape security decisions, how vulnerabilities emerge not just from software flaws but from misaligned priorities, assumptions, and systemic weaknesses.

Areas of Focus

My work revolves around offensive security, research, and deep technical assessments, but at its core, it’s about understanding adversaries—their methods, motivations, and mindset.

• Red Teaming & Adversary Simulation (MITRE ATT&CK, Kill Chain, Threat Modeling)
• Cloud Security & Exploitation (AWS, Azure, GCP, Kubernetes)
• Active Directory Attacks & Privilege Escalation (Kerberoasting, Pass-the-Hash, Golden Ticket, AD CS Exploitation)
• Android VAPT & Mobile Security
• Malware Research & Reverse Engineering
• OSINT & Threat Intelligence
• Security Training & Thought Leadership

Security is an ever-evolving landscape, shaped as much by technology as by psychology, economics, and geopolitics. True security isn’t just about defense—it’s about anticipating what comes next.

Writing & Online Presence

The internet isn’t just where I work—it’s where I think, write, and share ideas.

Over the years, I’ve built a community of 33,000+ followers on Twitter, engaging in conversations about security, hacking, and the broader implications of technology. I write not just about technical exploits but about the thought process behind them—the way attackers see systems, the blind spots defenders overlook, the patterns of failure that repeat across industries.

• Regularly publish research, technical breakdowns, and insights into offensive security
• Conduct deep dives into security architecture, real-world attack scenarios, and the psychology of exploitation
• Share perspectives on risk, trust, and the unintended consequences of technological decisions

Cybersecurity isn’t just a profession—it’s a way of thinking about the world. A world where systems fail in predictable ways, where security is often an afterthought, and where the most interesting vulnerabilities aren’t in code, but in people’s assumptions.

Let’s Connect

If you’re someone who thinks deeply about security, technology, and the broader implications of our digital world, I’d love to connect.

• Email: hi@hetmehta.com
• Twitter: @hetmehtaaa
• LinkedIn: linkedin.com/in/hetmehtaa
• Instagram: @hetmehtaaa
• Blog: hetmehta.com

I believe that security isn’t just about fixing vulnerabilities—it’s about understanding why they exist in the first place. The more we ask the right questions, the closer we get to real security.