Academic and industry-focused experience, research, and credentials in system security and cybersecurity.

Basics

Name Mohsin Khan
Label PhD Cybersecurity | Aspiring Security Professional (Blue & Red Team)
Email khann.mohsin@icloud.com
Url https://khannmohsin.github.io
Img assets/images/profile.jpg
Summary PhD in cybersecurity with strong systems-level expertise in IoT/OT security, distributed trust, and applied cryptography. My background combines academic rigor—evaluating 130+ cryptographic primitives and designing secure distributed architectures, with hands-on industry skills in vulnerability management, detection fundamentals, cloud security, and governance. I am actively transitioning into blue-team, red-team, or security engineering roles.

Work

  • 2021.11 - 2025.12
    UiT – The Arctic University of Norway logo
    PhD Research Fellow in Cybersecurity
    UiT – The Arctic University of Norway
    Conducted applied cybersecurity research on securing distributed IoT and OT systems under adversarial and resource-constrained conditions.
    • Designed secure distributed IoT and cloud architectures using Zero Trust principles, IAM-based access control, and STRIDE threat modeling, reducing attack surface and strengthening trust enforcement across multi-node systems.
    • Performed risk and impact analysis on distributed components to identify trust boundaries and failure modes, improving resilience against partial compromise, misconfiguration, and insider threats.
    • Developed a taxonomy and benchmarking framework for ~130 lightweight cryptographic primitives, evaluating performance, memory, energy, and cryptanalytic properties to support secure algorithm selection on constrained devices.
  • 2021.01 - 2021.11
    Blackbuck Insight logo
    Data Engineer (Security-Aware Systems)
    Blackbuck Insight
    Worked on large-scale data pipelines with a focus on secure cloud migration, access control, and operational reliability.
    • Migrated on-premise data pipelines to AWS using IAM-based access controls and monitoring, improving security posture and reducing data access risk.
    • Built and optimized distributed data processing workflows using PySpark, MapReduce, and Linux, enabling scalable and reliable analytics on high-volume datasets.
    • Improved pipeline observability and access separation, supporting secure production analytics and downstream decision-making.

Education

  • 2021.11 - 2025.12

    Tromsø, Norway

    PhD
    UiT – The Arctic University of Norway
    Cybersecurity
  • 2019.01 - 2022.07

    New Delhi, India

    MBA
    Indira Gandhi National Open University
    Operations Management
  • 2018.08 - 2020.11

    Jammu & Kashmir, India

    M.Tech
    Central University of Jammu
    Computer Science and Engineering
  • 2014.08 - 2018.06

    Jammu & Kashmir, India

    B.Tech
    Baba Ghulam Shah Badshah University
    IT and Telecommunication Engineering

Projects

  • 2025.12 - 2025.12
    Cloud Security Architecture & Migration Risk Analysis
    Assessed cloud migration risks and security controls for an industrial organization transitioning critical systems to the cloud.
    • Evaluated IaaS, PaaS, and SaaS deployment models to identify security risks to data, applications, and infrastructure during migration.
    • Applied shared responsibility principles and cloud security best practices to recommend mitigation strategies aligned with operational constraints.
    • Strengthened practical skills relevant to cloud security, security engineering, and architecture-focused roles.
  • 2025.12 - 2025.12
    Deloitte Australia Cyber Job Simulation (Forage)
    Completed a hands-on cyber incident simulation mirroring real SOC and consulting workflows.
    • Analyzed web and activity logs to identify anomalous behavior and potential indicators of compromise during a simulated security breach.
    • Supported incident investigation using structured reasoning to separate benign activity from suspicious patterns under incomplete information.
    • Developed practical detection, triage, and communication skills directly applicable to SOC analyst and blue-team roles.
  • 2025.12 - 2025.12
    Healthcare Data Security & HIPAA Risk Assessment
    Evaluated the data security posture of a healthcare provider against HIPAA requirements and real-world operational risks.
    • Reviewed policies, workflows, and data handling practices to identify confidentiality, integrity, and availability risks to patient data.
    • Mapped existing controls against HIPAA Security Rule requirements to identify compliance gaps and remediation priorities.
    • Recommended encryption, backup, and access-control improvements suitable for a small healthcare organization.
  • 2025.12 - 2025.12
    Vulnerability Impact Analysis & Threat Mitigation
    Performed structured vulnerability analysis and risk-based mitigation planning for an organizational environment.
    • Identified technical and procedural vulnerabilities, then assessed likelihood and business impact to support risk-based prioritization.
    • Ranked findings by severity to guide remediation decisions under limited time and resource constraints.
    • Delivered a mitigation plan aligned with defensive security workflows and vulnerability analyst responsibilities.
  • 2024.01 - 2025.11
    BlockCap: Blockchain-Based Capability Access Control for IoT Systems
    Designed a distributed trust and access-control architecture for IoT systems operating under partial trust and adversarial conditions.
    • Designed capability-based authorization using smart contracts and validator coordination to enforce least-privilege IoT communication, reducing reliance on static credentials.
    • Implemented token issuance, revocation, expiry, and auditability through blockchain-backed governance, improving traceability and resistance to misconfiguration and insider threats.
    • Evaluated latency, resource overhead, and security guarantees using STRIDE threat modeling to validate deployability in resource-constrained environments.
  • 2023.01 - 2025.09
    Lightweight Cryptography Benchmarking & Taxonomy for IoT
    Built a practitioner-oriented benchmarking and taxonomy framework to support secure cryptographic choices for constrained IoT and OT devices.
    • Benchmarked 130+ lightweight primitives (hash, symmetric, asymmetric) across AVR and ARM platforms using ChipWhisperer and custom measurement tooling.
    • Analyzed performance, memory footprint, energy cost, and known cryptanalytic properties to quantify real-world security–efficiency trade-offs.
    • Produced a structured taxonomy to help engineers and security teams select algorithms aligned with device constraints and threat models.
  • 2019.08 - 2021.01
    CAV- and VANET-Enabled Traffic Congestion Reduction and Accident Circumvention
    Designed a cooperative cyber-physical system using CAV and VANET communication to reduce traffic congestion and prevent accidents through coordinated vehicle decision-making.
    • Designed distributed decision logic for safe-distance maintenance, controlled overtaking, and permission-based lane changes using inter-vehicle communication.
    • Evaluated system behavior using MATLAB simulations under realistic traffic scenarios, demonstrating reduced congestion waves and lower collision risk.
    • Built early systems expertise in trust, coordination, and failure propagation in distributed cyber-physical systems—foundational to later IoT/OT security work.

Skills

Blue Team & Defensive Security
Log Analysis
Detection Fundamentals
Incident Response
Vulnerability Management
SIEM Tools
Threat Modeling (STRIDE)
Red Team & Adversarial Skills
Penetration Testing Fundamentals
Web Application Security
Adversarial Thinking
Attack Surface Analysis
Security Engineering & Architecture
Zero Trust
IAM
Secure Distributed Systems
IoT/OT Security
Blockchain Security
Cryptography & Emerging Security
Lightweight Cryptography
Hash Functions
Applied Cryptography
Post-Quantum Cryptography (research exposure)

Interests

Cybersecurity Practice
Blue Team Operations
Red Team Techniques
Security Architecture
OT & Critical Infrastructure Security

Publications

References

Prof. Håvard Johansen
Professor, Department of Computer Science, UiT The Arctic University of Norway.
havard.johansen@uit.no
Prof. Dag Johansen
Professor, Department of Computer Science, UiT The Arctic University of Norway.
dag.johansen@uit.no
Dr. Elisavet Kozyri
Associate Professor, Department of Computer Science, UiT The Arctic University of Norway.
elisavet.kozyri@uit.no