Defensive security In progress
Certified Defensive Security Analyst
Hands-on defensive track centered on SOC workflows, alert triage, log analysis, threat detection, and investigation practice.
Selected Work
This is the work I decided to keep visible - not everything I have built, but the pieces that still say something honest about me.
Commercial product Private build
CheesecakeNU Ordering System
A production Telegram commerce system for a registered campus micro-business, handling ordering, fulfillment, payments, and admin workflows.
CTI tooling Details ↗
STIX2Maltego Intelligence Graph
A local Maltego integration that turns STIX 2.0/2.1 bundles into structured cyber threat intelligence graphs.
Threat intelligence Details ↗
TeleScope
A real-time OSINT and threat intelligence platform for public Telegram sources, with rule-based detection and structured alert delivery.
Research project Kazpatent ↗
BrainGrokker
A cognitive web application for structuring learning materials and retrieving knowledge through graph-based relationships.
Hackathon MVP LinkedIn ↗
SayLess AI
An AI pitching coach built solo in 24 hours to simulate different Q&A scenarios and generate structured feedback on clarity and delivery.
Systems security Details ↗
Sanitizer
A C utility for single- and multi-pass file overwrite workflows, built as a minimal security-oriented alternative to file shredding tools.
Low-level networking Details ↗
Chatgroup Server
An event-driven multi-user TCP chat server in C using poll() for concurrent client handling and predictable session behavior.
Network tooling Details ↗
ProxyDog
An asynchronous Python utility for collecting and validating public HTTP proxy endpoints.
Selected Writings
I believe understanding becomes real only when you can explain it clearly. Writing is how I test that for myself. (Some writings are intentionally unavailable because they involve active HTB machines)
SmartHire
ML application security chain covering exposed MLflow, default credentials, CVE-2024-37054 cloudpickle deserialization RCE, and Python path privilege escalation.
Helix
Industrial-control themed walkthrough: Apache NiFi access, CVE-2023-34468 H2 JDBC RCE, support-artifact SSH key movement, and OPC UA escalation logic.
Certificates
Certificates are not something I chase for the sake of collecting badges. Rather, I see them as public signals of baseline competence. Some sort of Proof of Work.
Core Cybersecurity Verified
CompTIA Security+
Premier global certification that establishes the essential skills required for core security functions and a career in IT security.
Credential ↗ Core Cybersecurity Verified
Google Cybersecurity Professional Certificate
Professional certificate program, where you'll learn in-demand skills, and get AI training from Google experts.
Credential ↗About
I’m Vadim Li, a second-year Computer Science student at Nazarbayev University, an aspiring cybersecurity specialist, and an active builder. Fluent in English and Russian.
For me, cybersecurity is a never-ending game of being one step ahead. My passion lies in striving to win on both fronts. That is, thinking like an attacker to find vulnerabilities and verify PoCs, and acting like a defender to maintain control and minimize risks.
I also believe strong security people need broad engineering foundations. That is why I keep building software outside pure security. I am especially interested in backend systems, automations, telegram-based products. For me, every serious technical project becomes another way to understand how real systems behave.
Education
Nazarbayev University — Astana, Kazakhstan
BSc in Computer Science
Aug 2025 — Present
Relevant coursework: Programming for Scientists and Engineers — A, Calculus I — A, Performance & Data Structures — B+, Calculus II — B+
Nazarbayev Intellectual School — Karaganda, Kazakhstan
Advanced secondary education, Computer Science and Physics track
Aug 2023 — May 2025
CS — A* · Physics — A · Math — A · UNT — 131/140
Completed a 12-year school curriculum in 11 years after advancing directly from grade 9 to grade 11.
Selected signals:
- Finalist of Republican Scientific Project Competition in Informatics with patented BrainGrokker
- 7th / 78 teams - solo founder at a startup hackathon, pitching to Silicon Valley founders and venture investors
- Ranked #17 in Kazakhstan on Hack The Box (as of June 8, 2026)
- Ranked as a top 20 CS student in my cohort
- GPA: 3.5/4.0
- University swimming team athlete
Availability
I am wide open to internships, junior roles, research opportunities, and collaborations across security and software engineering.
Focus areas:
Security engineering Penetration testing SOC OSINT researches OPSEC and privacy hygiene Backend development Telegram bot development Data collection & parsing DevSecOps
Contact
I’m not the kind of person who ignores a message just because it sounds unusual or unexpected. If you have an idea, opportunity, question, or just something interesting to discuss - feel free to reach out.
I’ll try to respond as soon as I can. Just please skip the part with meaningless meta-questions, send the context, the point, and what you expect from me. Let’s respect each other’s time.
Let’s connect!
