skip to content
kursataknc

cyber-security

cryptography · DevSecOps · application security · METU MSc

Cyber-Sec CV

thesis

Security must be expressed in a system's design and enforced by the compiler — at import time and at the type level — rather than discovered during an audit. My primary focus for the METU Cyber Security MSc is formalizing threat-modeled construction: treating architectural boundaries as explicit, verifiable security contracts rather than operational checklists.

mathematical & theoretical foundation

Applied Cryptography. Utilizing pure mathematics and number theory to analyze the structural foundations of modern cryptographic systems.

System Analysis. Leveraging probability theory, stochastic models, and game theory to formally evaluate defense mechanisms and architectural trade-offs.

core principles & methodology

Type-Level Constraint Mapping. Translating STRIDE threat categories directly into TypeScript constraints. A spoofing threat at a boundary should result in a type error at build time, preventing the execution of an unauthenticated state.

Input Elimination (LANGSEC). Treating parsers as strict trust boundaries. Structurally invalidating inputs at the perimeter provides stronger guarantees than relying on runtime sanitization logic.

Threat-Modeled Construction. Ensuring the application's data-flow diagram maps exactly to its dependency graph. Unauthenticated layers must be structurally incapable of importing privileged handlers.

applied security & infrastructure

Network & Host Analysis. Practical lab experience analyzing network traffic (Wireshark), conducting host enumeration (Nmap), and performing vulnerability exploitation (Metasploitable), actively reinforced through CTF challenges.

End-to-End Server Hardening. Provisioning and securing Linux VPS environments as a freelance administrator. Implementing strict access controls via UFW, Fail2Ban, SSH key authentication, and Cloudflare DNS proxying.

Training & Practice. Expanding operational security knowledge through the Kodluyoruz & IBM CyberStart 2.0 bootcamp.

direction

Incoming: METU Cyber Security MSc, non-thesis track, starting September 2026. The working framing — how architectural patterns speak to security guarantees — sits at the intersection of application security and secure software construction.

The connection to the work on the backend page is structural: where that page asks "what does this module guarantee about its behavior?", this page asks "what does this boundary guarantee about its threat surface?" Threat-modeled construction is the security-by-design reading of the same underlying discipline.