About Me
What I Do
I build ML systems that detect threats and deploy them into production. I secure the infrastructure those systems run on. And I think about what happens when both break at the same time.
That puts me at the intersection of AI engineering, MLSecOps, and security engineering — which is exactly where I want to be. The most interesting problems don't sit neatly in one box. A production ML model is also an attack surface. An IAM pipeline is also a data pipeline. A network intrusion detector is also a feature engineering problem. Understanding the full stack — from model architecture to cloud deployment to access control to protocol behavior — is what lets you build things that actually hold up.
---
How I Think
I see everything as a graph. Not as a metaphor — as an actual analytical frame.
Network traffic is a graph of flows, protocols, and timing relationships. An IAM system is a graph of identities, permissions, and trust boundaries. A machine learning model is a graph of features, weights, and activations. An attack is a graph traversal — an adversary moving through trust boundaries toward a target node.
When I look at a system, I'm mapping it: where are the nodes, what are the edges, how does information flow, where does it bottleneck, where does it break under adversarial conditions?
This lens works for both building and breaking systems. Which is the point.
---
The Journey So Far
Integrated MSc in IT (5-year program): Built ML systems from scratch during undergrad — face detection mobile app with a FastAPI backend on Heroku, a network intrusion detector with LSTM autoencoders trained on 2.5M network flows, a 3D digital twin of my entire campus in Blender just to understand spatial systems. Won a 24-hour hackathon at NIT Trichy building an NFT tracking dashboard in Google Apps Script — a tool I'd never touched. Learned that you can absorb new tools fast when you're actually shipping something.
Industry — Three Security Domains:
At iMerit, automated identity lifecycle management across Ivanti, Google Workspace, and Active Directory using Python and REST pipelines. Cut provisioning errors significantly and reduced onboarding time by ~60%. Learned what RBAC looks like when it has to work for real organizations with messy, inconsistent data.
At Invisbl, refactored AWS IAM to align with NIST 800-53 AC controls and CIS AWS Foundations benchmarks. Built detection pipelines with Python, Lambda, and Elasticsearch — flagging access anomalies, privilege escalations, configuration drift. First time I understood that cloud security is really a logging and detection problem as much as a configuration problem.
At Anna University, built a hybrid LSTM-CNN intrusion detection system on the UNSW-NB15 dataset (2.5M flows, 9 attack categories). Used a two-stage metaheuristic optimization pipeline — Sine Cosine Algorithm then Particle Swarm Optimization — to reduce features from 42 to 18. That cut false positives by 25% and improved detection latency. First time I really understood that feature selection is the work, not a preprocessing step you do before the real work.
MS in Cybersecurity, Penn State (3.8 GPA, graduating May 2026): Reverse-engineered binaries. Designed secure network architectures. Studied how attacks actually work versus how papers describe them. Got Security+ and CCNA to solidify the fundamentals — how encryption works under the hood, how BGP makes forwarding decisions, what companies actually deploy for network access control.
---
What I'm Building Now
Temporal CNN-Based Intrusion Detection System (Capstone): Training on BCCC-Cloud-DDoS-2024 — 540,000+ real DDoS and normal traffic flows. The architecture is a Temporal Convolutional Network: it captures sequential patterns in packet timing, inter-arrival intervals, and flow behavior in a way that standard CNNs miss and LSTMs overfit on sparse data.
Started with 317 features per flow (packet sizes, inter-arrival times, TCP flags, flow durations, protocol distributions). That many features creates noise and slows training; the model starts memorizing artifacts. Built a feature selection pipeline that identified 32 critical indicators — 90% dimensionality reduction — without meaningful accuracy loss. Training efficiency improved 85%.
Now integrating the Gemini API to generate natural language alert explanations: instead of "anomaly detected in flow 47293," security teams see "coordinated SYN flood — 47 source IPs, packet rate 400× baseline, sustained over 3-minute window targeting port 443." Because a detection system that can't communicate what it found is only half a system.
QUIC Router Simulation: Simulating QUIC protocol behavior to compare queue scheduling algorithms — FIFO, Weighted Fair Queuing, Hierarchical Packet Fair Queuing — under varying load conditions. Specifically interested in tail latency (P99) behavior, because that's where streaming applications actually fail. QUIC is what HTTP/3 runs on, and understanding queue dynamics at this layer means understanding where real bottlenecks form when millions of flows compete for bandwidth.
Self-Hosted AI Inference Stack: Running LLM inference on local hardware. The goal isn't just cost savings — it's understanding the full inference stack: quantization tradeoffs, memory bandwidth ceilings, latency under concurrent requests. If you're building systems that depend on AI, you should understand what happens when you own the compute.
---
What I'm Looking For
Roles where ML and security actually overlap in production:
- MLSecOps — applying ML to security operations, or securing ML pipelines themselves
- AI Engineering — building and deploying ML systems, especially in adversarial or safety-critical contexts
- Security Engineering — cloud security, network detection, identity and access
- MLOps — model deployment, monitoring, retraining pipelines, inference infrastructure
I want to work on problems that affect real users at scale, where getting it wrong has real consequences. The leverage is there and the problems are genuinely interesting.
Open to: Full-time roles starting June 2026. F-1 OPT eligible.
---
Outside Work
Chess — no rating, just games on chess.com/member/lkslokesh and a lot of questionable endgames. Pattern recognition from chess actually transfers to network traffic analysis — you learn to see structure in noise.
Reading — working through Designing Data-Intensive Applications. The reliability chapter maps cleanly onto security architecture: hardware faults, software bugs, and human error are just different layers of the same threat model.
Skating — taught me that falling is just data. What matters is whether you adjust and try again with better information.
---
What I Believe
The gap between theory and practice is where the interesting problems live. Papers describe perfect detection systems. Reality is noisy flows, adversarial evasion, alert fatigue, and teams that need to act in seconds.
Building systems that hold up in that reality — not just on benchmark datasets — is what I'm trying to get good at.
---
Let's talk: lokeshlks01@gmail.com
Other places: GitHub | Blog | Chess
---
"We used to look up at the sky and wonder at our place in the stars. Now we just look down, and worry about our place in the dirt."
I'm still looking up.