About me
Hello there! 👋🏽
I’m Aseem Shrey — Security Engineer at Scale AI and founder of ShipSecAI, based in San Francisco.
I’m an Ethical Hacker. I’ve hacked into trillion-dollar entities like the US DoD, American Airlines, and the Government of India, and billion-dollar companies like Google, GM, IBM, and MMT — and have been acknowledged by them. That’s how I landed my first security role too: by finding I could delete millions of customer orders at Blinkit.
Specializing in offensive security orchestration and AI-native security systems. From bypassing mobile locks as a kid to building automated security pipelines — the craft has evolved but the drive to break and rebuild systems hasn’t.
I love adventure and travelling. My last trip was to Andamans where I could go for scuba diving. I like to run 🏃♂️ and swim 🏊 but have been lately irregular.
On CyberSecurity
Through these almost 8-10 years ( last 5 years is when I actually got to do something ) of my journey into cybersecurity, I learnt a lot and relearnt even more.
After 5 years at Rippling and Yahoo, I kept seeing the same issue — even with 20+ security engineers and $5M+ budgets, teams couldn’t confidently say if their product features going live were secure or not. That’s why I started building ShipSec.ai — Your AI Product Security Engineer. Before ShipSec, I built SecureMyOrg — a CyberSecurity Remote Partner, still serving clients across the US, UK, Singapore, and India.
I understand a lot of challenges that a beginner faces when starting with ethical hacking. To help new people get started into cybersecurity through a proper guided way, I created a youtube channel in May’20, HackingSimplified — now a community of 15,000+ cybersecurity enthusiasts.
CyberSecurity is an ever changing landscape with new threats and bypasses coming everyday. You need to keep yourself updated with the latest trends.
Past Life
Before Scale AI, I was a Security Engineer at Rippling (building vuln management, DAST scanners, and security leaderboards), a security consultant at Yahoo, Senior Information Security Engineer at Gojek (compliance-as-code, red teaming, app pentesting), and Security Engineer at Blinkit — joining as the 2nd member of the security team and shipping things like DNS-as-Code, the G-Shield PR security bot, and Vault-backed temporary DB credentials.
After schooling at DPS RKP, I did my BTech at IIIT-Allahabad, and an MS in Privacy Engineering at Carnegie Mellon University, Pittsburgh.
A few things I’m proud of
- Spoke at CloudNativeSecurityCon North America 2024
- HackIM CTF — 1st in India, 8th World Rank
- 5th place at CSAW Finals 2017
- Hall of Fame — Digilocker (Government of India)
- DRDO CTF — Top 20
Around the web
Tool Stack
Daily Updates
- YCombinator 🧠
- HackerNews 📰
- Twitter 📟
Newsletters 📰
Blog Stack
- Hosting: Netlify 🔥 (prod) / Linux homeserver + Cloudflare Tunnel (dev preview)
- Static Site Generator: Astro 🚀
- Sync: Mutagen (Mac → homeserver, real-time)
- Editor: Visual Studio Code + Claude Code 💫
Gadgets
- Computer: MacBook (with Mutagen syncing to a Linux homeserver running Docker + Cloudflare Tunnel for live previews) 💻