I am Purushothaman Govindasamy, a cybersecurity professional and techno-leader with over 15 years of experience spanning security testing, embedded and automotive security, cloud and application security, tool development, and strategic advisory. My work bridges deep technical execution with security leadership, helping organisations move from vulnerability to lasting resilience.
A snapshot of the areas that define my professional identity — from hands-on security work to intellectual property and team leadership.
More than 15 years of security testing, vulnerability research, and risk-driven assessment across enterprise, embedded, and automotive environments — combined with strategic clarity to drive programmes and influence security direction at scale.
Developed multiple security tools including a Wi-Fi assessment framework, TLS fuzzing engine, and a Burp Suite extension integrating intranet AI. Holds a filed patent at the UK Intellectual Property Office for wireless node authentication via RF fingerprinting.
Trained and mentored security professionals across organisations, led security testing programmes, and driven security maturity through structured assessments, strategic advisory, and direct team leadership.
I am Purushothaman Govindasamy, a cybersecurity professional with over 15 years of experience spanning security testing, embedded device security, automotive cybersecurity, cloud security, consulting, and security engineering. My career has progressed from hands-on technical execution into techno-leadership: setting direction, mentoring teams, driving programmes, and influencing security strategy at scale.
Over the years I have worked across enterprise IT environments, operational technology, embedded systems, automotive ECUs, cloud platforms, and application ecosystems. I have identified critical vulnerabilities, built security tooling, led structured assessments, and helped organisations translate technical findings into meaningful, lasting risk reduction.
My professional identity is built around three pillars: technical depth that keeps me grounded in real-world threats and practical outcomes; a builder's instinct that drives me to create tools and automation that raise the quality of security work; and a leader's clarity that enables me to communicate risk, guide professionals, and influence outcomes beyond individual engagements.
Spanning application security, network security, infrastructure security testing, mobile security, embedded device testing, automotive ECU security (CAN / LIN / CAN FD), cloud security, and secure code review. This breadth ensures my perspective on risk is neither siloed nor superficial.
I operate as a hands-on leader — close enough to the technology to earn trust from technical teams, and clear enough in communication to influence stakeholders and shape strategy. I have led security testing programmes, built security tooling, managed security operations, coordinated cross-functional teams, and contributed to risk management and vendor security evaluation at enterprise scale.
I believe in giving back: delivering training, mentoring practitioners, and producing research that advances the broader security community.
Practical fluency with a wide range of security tooling developed across 15+ years of real engagements:
Strong proficiency in Python and Bash for building custom security tooling, automating assessment workflows, scripting vulnerability analysis pipelines, and developing reusable utilities that improve consistency and depth across engagements. Automation is not a shortcut — it is how experienced practitioners multiply their impact.
Core areas that reflect 15+ years of progressive depth — from hands-on security testing through specialist embedded and automotive security, to strategic leadership and capability development.
Leading and executing structured security assessments from scoping and methodology design through testing, reporting, and remediation guidance. Covering applications, networks, infrastructure, embedded systems, and cloud environments with a focus on real-world impact and actionable outcomes.
Specialist depth in testing embedded devices, hardware modules, and automotive ECUs across protocols including CAN, CAN FD, LIN, and MQTT. Experience spans hardware debug interfaces, firmware analysis, ECU security testing, and automotive cybersecurity standards alignment (CACSP-certified).
Providing practical direction on security posture, programme maturity, assessment planning, and risk management strategy. Translating highly technical findings into business-relevant priorities for leadership, procurement teams, and technical stakeholders across diverse environments.
Designing and delivering technical training on security testing, secure coding, and vulnerability assessment. Certified EC-Council Instructor (CEI). Experienced in workshop facilitation, professional mentoring, and building lasting security capability within teams and academic settings.
Building practical, purpose-built security tooling that improves assessment depth, repeatability, and efficiency. Tools include a Wi-Fi security assessment framework, TLS fuzzing engine, and a Burp Suite extension integrating intranet AI — all designed for real-world usability by practitioner teams.
Security assessments across cloud environments (AWS), web applications, APIs, and mobile platforms. Covering OWASP Top 10, CWE/SANS Top 25, DAST-based testing, business logic assessment, and architecture review. AWS Solutions Architect certified, CCSK certified.
A portfolio of industry certifications spanning security testing, cloud, automotive, network, and professional instruction — representing a sustained commitment to verified expertise across multiple domains over 15+ years.
These credentials span four distinct security domains — security testing, cloud, network, and automotive — and include an instructor-level certification, reflecting not only technical mastery but also the ability to teach, assess, and develop security talent. The CACSP is a specialist credential rare in the industry, underscoring genuine focus on safety-critical and emerging security environments.
Innovation is a core part of my professional identity. Beyond security testing, consulting, and leadership, I have contributed to original research that extends into intellectual property — bridging the gap between practitioner insight and formal invention.
Being listed as an inventor on a patent application reflects both depth of technical understanding and the ability to conceive, articulate, and document novel solutions to real-world security problems at a standard accepted by a national intellectual property authority.
A filed patent application at the Intellectual Property Office of the United Kingdom, with Purushothaman Govindasamy listed as a named inventor alongside co-inventors.
The invention addresses a fundamental challenge in wireless security: verifying that a wireless node attempting to join a network is genuinely who it claims to be, without relying solely on software-layer credentials that can be spoofed or replicated by an attacker.
The approach uses radio frequency (RF) fingerprinting — the analysis of physical-layer signal characteristics that are unique to individual wireless hardware — as an additional authentication signal. When a wireless node attempts association, its RF characteristics are compared against stored reference fingerprints. A match allows association; a deviation — indicating a potential rogue device or Evil Twin attack — triggers denial.
This is particularly significant in environments where credential-based authentication alone is insufficient: automotive wireless networks, industrial control systems, critical infrastructure, and enterprise Wi-Fi environments where Evil Twin and rogue AP attacks are active and documented threat vectors.
The invention is designed to defend against several well-known and actively exploited wireless attack categories:
This patent reflects a trajectory from practitioner to inventor — from identifying weaknesses in wireless systems during real-world security assessments, to conceiving and formalising a novel technical approach to address them. It demonstrates that deep cybersecurity experience can be channelled into constructive, forward-looking innovation that strengthens the security of systems that millions rely on.
The filing at the UK Intellectual Property Office represents formal recognition of the novelty and utility of the approach at a legal and technical standard. It also signals the kind of security professional I am: one who does not stop at finding problems, but continues thinking until a new solution is formed.
Concrete outcomes, tools built, and contributions made — reflecting a track record of going beyond assessment to create lasting improvements in security capability, knowledge, and intellectual property across 15+ years.
Developed a comprehensive Wi-Fi security testing tool with a graphical interface, capable of performing end-to-end wireless assessments with minimal technical overhead. Designed to make rigorous wireless security testing accessible without sacrificing depth or accuracy — deployable in both professional and training contexts.
Engineered a purpose-built tool for fuzzing TLS-encrypted communication channels to surface implementation vulnerabilities, handshake weaknesses, and protocol edge cases that standard scanners miss. Particularly effective on embedded and IoT targets where TLS libraries are resource-constrained and less thoroughly tested by mainstream tooling.
Built a custom Burp Suite extension that connects the Burp testing environment to an organisation's intranet-hosted AI (GPT) instance. Security analysts can query the AI directly from within the Burp window — accelerating payload research, vulnerability analysis, and report drafting without leaving the testing workflow or exposing any data to external services. Designed with regulated and security-conscious environments in mind.
Designed and delivered numerous professional training programmes on security testing, secure coding practices, and cybersecurity concepts across organisations and academic settings. As a Certified EC-Council Instructor (CEI), this work has directly enhanced the capability of security professionals and contributed to raising the standard of security practice in teams I have worked with.
Listed as a named inventor on a patent application filed with the UK Intellectual Property Office for a novel wireless node authentication mechanism using radio frequency fingerprinting. A formal recognition of original technical contribution at a national legal standard — the result of translating practitioner insight into a documented, novel invention that addresses real-world wireless spoofing threats.
Research is not a side activity — it is how I stay ahead of the threat landscape, validate assumptions, and generate ideas that eventually become tools, training material, or formal intellectual property. The patent filing is one example of where practitioner-led research leads.
Ongoing investigation into physical-layer security properties of wireless devices — the research underpinning the UK patent filing on RF fingerprint-based node authentication. Exploring how hardware-unique signal characteristics can serve as a tamper-resistant identity signal in adversarial wireless environments, with application to automotive, industrial, and enterprise contexts.
Research into the security posture of embedded systems and automotive ECUs — covering CAN bus vulnerabilities, hardware debug interface exposure, firmware analysis techniques, and the practical applicability of automotive cybersecurity standards in real-world assessment contexts. Informed by hands-on experience testing production automotive systems.
Exploring practical integration of AI capabilities into security testing workflows — demonstrated through a custom Burp Suite extension that connects intranet AI instances directly to the testing environment. Research into where AI can reduce cognitive load on analysts while keeping sensitive data within organisational boundaries and away from external services.
Developing frameworks and utilities that automate repeatable elements of security assessment — reducing time-to-depth on engagements, improving consistency across teams, and freeing practitioners to focus cognitive effort on genuinely complex and novel security challenges.
A deliberate commitment to producing research that is not only technically rigorous but also explainable, transferable, and usable in training contexts. The best security research improves not just one engagement but raises the capability of every practitioner who encounters it.
I build what I need. Rather than relying solely on off-the-shelf tooling, I develop purpose-built utilities that target specific gaps in security coverage, improve execution efficiency, and enable teams to work with greater depth and consistency.
A GUI-driven framework for end-to-end wireless security testing. Covers association, authentication, encryption analysis, and rogue AP detection in a unified workflow. Built to make comprehensive assessments accessible without sacrificing technical rigour — deployable in both professional and training contexts.
A protocol fuzzer targeting TLS implementations, designed to identify parsing errors, handshake edge cases, and cryptographic implementation flaws in encrypted communication stacks. Particularly effective on embedded devices and IoT targets where TLS libraries are resource-constrained and less thoroughly tested by mainstream scanners.
A custom Burp Suite extension that bridges the testing environment with an organisation's intranet-hosted AI (GPT) instance. Security analysts can query the AI directly from the Burp window — accelerating payload crafting, vulnerability research, and report drafting without leaving the testing workflow or exposing any data to external services.
Built with security-conscious teams in mind: all queries stay within the organisation's network perimeter, making it suitable for regulated and sensitive environments where external AI tools are restricted.
Every tool I build starts from a real gap identified during an actual engagement. The goal is never tooling for its own sake — it is to solve a specific security problem faster, more reliably, or at greater depth than existing options allow.
Over time, these utilities mature from personal scripts into team-level capabilities that improve the quality and consistency of security work across an entire programme. A security professional who can build their own tools is not just an assessor — they are a force multiplier for every team they work with.
Connect with me through my public professional platforms.