Kailash

Kailash Bohara
About Hacktivities Experience Talks Certifications Research
aboutme.md

// Senior Cybersecurity Engineer

Kailash Bohara

Cybersecurity professional with 9+ years of experience securing modern applications and enterprise infrastructure across cloud platforms, containerized environments, and DevOps ecosystems. Expertise spans security architecture, cloud security, risk assessment, threat hunting, penetration testing, vulnerability management, and threat modeling. Strong experience in embedding security within CI/CD pipelines, container security monitoring, DevSecOps practices, and incident response to proactively detect and mitigate emerging threats. Passionate about building resilient, scalable, and secure infrastructure while actively mentoring and contributing to the cybersecurity community through OWASP Kathmandu and Pentester Nepal.

Get In Touch Portfolio

01 / about

About Me

Professional Profile & Overview

Who I Am

About Kailash Bohara

Cybersecurity Engineer with 9+ years of experience designing and implementing secure systems across applications, networks, cloud, and containerized environments. My expertise includes security architecture, Zero Trust design, penetration testing (web, mobile, API, and network), application security, vulnerability management, and DevSecOps pipeline security.

Hands-on experience enhancing enterprise security through improvements in SOC, MDR, DLP, cloud security, and threat detection, as well as automating security processes to streamline operations and improve resilience. My work supports organizations in achieving and maintaining compliance with standards such as SOC 2, HITRUST, and ISO 27001 by strengthening audit readiness, risk management, and operational security practices.

Core Skills

  • Security Architecture & Zero Trust Design
  • Identity & Access Management
  • Penetration Testing (Web, API, Network, Mobile)
  • Vulnerability Assessment & Vulnerability Management
  • Application Security & Secure SDLC
  • Cloud Security (AWS, GCP, Azure Hardening & Architecture)
  • DevSecOps & CI/CD Security Integration
  • Container & Kubernetes Security Monitoring
  • Network Security & Secure Infrastructure Design
  • Risk Assessment & Threat Modeling
  • Compliance & Security Gap Assessment (ISO 27001, SOC2, HIPAA, HITRUST)
  • Secure Code Review & Developer Security Training
  • Security Monitoring & Detection Engineering (SIEM/SOAR)

Helped Secure

Identified and responsibly disclosed vulnerabilities across major platforms.

GoogleGoogle
FacebookFacebook
AWSAWS
AdobeAdobe
DellDell
ZohoZoho
MicrosoftMicrosoft

02 / hacktivities

Hacktivities

Bug bounties, CVEs, talks, publications, and trainings

Cross-Site Scripting (XSS) Vulnerability
High
March 2024 · HackerOne
Discovered a stored XSS vulnerability in user profile sections allowing arbitrary script execution.
XSSHigh SeverityResolved
Authentication Bypass in API Endpoint
Critical
February 2024 · Bugcrowd
Found an authentication bypass allowing unauthorized access to sensitive API endpoints.
Bounty: $2,500
AuthenticationCriticalBounty
SQL Injection in Search Functionality
Critical
January 2024 · Private
Identified SQL injection vulnerability in search module leading to unauthorized database access.
Bounty: $5,000
SQL InjectionCriticalBounty
Insecure Direct Object Reference (IDOR)
High
December 2023 · HackerOne
Found IDOR vulnerability allowing users to access other users' private documents.
Bounty: $1,500
IDORHigh SeverityBounty
Server-Side Template Injection (SSTI)
Critical
November 2023 · Bugcrowd
Discovered SSTI vulnerability in email templating system leading to RCE.
Bounty: $3,000
SSTICriticalBounty
Security and Governance Challenges in AI
Dec 2025 · Google DevFest 2025
Why security and governance matter more than ever as organizations start using generative AI. How to securely adopt AI in systems, build secure AI models, mitigate risks from unsafe AI use, and more.
TalkConference
CVE-2024-2301 in HP Printers
CVE
May 2024 · NVD
Stored cross-site scripting (XSS) vulnerability in HP printer web interface.
CVEXSS

03 / experience

Experience

Professional Work History

2023 - Present
Senior Cybersecurity Engineer
Cedar Gate Technologies
Enhanced DLP, SOC, MDR, and cloud security; supported compliance (SOC 2, HITRUST, ISO 27001); managed vulnerabilities and verified external pentest reports.
2018 - 2023
Senior Penetration Tester
Eminence Ways Pvt. Ltd.
Conducted VAPT of web/mobile/api/network systems, secure code review and training, social engineering assessments and security audits for various organisations.
2022 - Present
Chapter Leader
OWASP Kathmandu
OWASP Kathmandu is a non-profit cybersecurity community dedicated to strengthening information security awareness and building a collaborative security ecosystem in Nepal. The chapter organizes regular cybersecurity meetups, Capture-the-Flag (CTF) events, and live hacking competitions to promote learning, knowledge sharing, and hands-on security skills

04 / talks

Talks & Presentations

Conference talks, workshops, and community events

Security and Governance Challenges in AI
Google DevFest 2025 Lalitpur, Nepal December 2025
Why security and governance matter more than ever as organizations start using generative AI. How to securely adopt AI in systems, build secure AI models, mitigate risks from unsafe AI use, and more.
View Details ↗️
Speaker
Software Supply Chain Attacks and Preventions
Pentester Nepal Kathmandu, Nepal April 2023
Conduct security scan of third-party dependencies using SCA tools, SBOM analysis, and automated dependency checks. Evaluate software supply-chain risks—including compromised packages, malicious updates, and insecure build pipelines—to prevent large-scale security risks and maintain secure software releases.
View Details ↗️
Speaker
Present and future of infosec in Nepal
OWASP Kathmandu Eminence Ways, Kathmandu September 2022
Different domains of cybersecurity and how one can start cybersecurity. Introduction to security tools, frameworks, standards and rodmap
View Details ↗️
Speaker
Application Security: Tools and Techniques
TU-ERC Campus Dharan, Nepal November 2022
Advanced WebApp security testing techniques and emerging threats.Introduction to OWASP Top 10 risks
View Details ↗️
Speaker
Secure Development and Deployment
Security Professionals Meetup Cedar Gate Nepal, Lalitpur, Nepal January 2024
Secure coding practices, OWASP Top 10 prevention, DevOps mistakes
View Details ↗️
Speaker

05 / certifications

Certifications

Professional Credentials & Qualifications

Certified in Cybersecurity (CC)
Certified in Cybersecurity (CC)
ISC²
2023
Certified Ethical Hacker (CEH)
Certified Ethical Hacker (CEH)
EC-Council
2022
APISEC Certified Practitioner
APISEC Certified Practitioner
APISEC
2024
Proofpoint Certified Email Authentication Specialist
Proofpoint Certified Email Authentication Specialist
Proofpoint
2025
ISO/IEC 42001:2023 Lead Auditor
ISO/IEC 42001:2023 Lead Auditor
Mastermind
2025
Vulnerability Management Detection & Response
Vulnerability Management Detection & Response
Qualys
2022

06 / research

CVE Disclosures

Security Vulnerabilities Responsibly Disclosed