B.S. Cybersecurity · Wentworth Institute of Technology · Boston

Building Systems
That Don't Break
Under Attack

I'm Ahmad Ansar, a freshman at Wentworth studying cybersecurity. I interned at State Street, placed 2nd in SkillsUSA, and spend my time building things and figuring out how they work and how they break. I'm new to this field, but I'm all in.

View Projects Live Demo

AES-256

Encryption standard used

State Street

Cybersecurity internship

2nd Place

SkillsUSA Cybersecurity

Class of 2029

Wentworth Institute of Technology

Work

Projects

Real tools built from scratch. Security first, every time.

Featured Python Flask SQLite

KeyVault — Local Password Manager

A fully encrypted, local-only password manager. No cloud, no telemetry. Every password stays on your machine, locked behind a master password you control.

Fernet authenticated encryption (AES-128-CBC + HMAC-SHA256) with PBKDF2HMAC at 480,000 iterations
HaveIBeenPwned breach check via k-Anonymity: SHA-1 prefix sent, password never transmitted
Exponential backoff lockout persisted across restarts, CSRF protection, 30s clipboard auto-clear
Password strength scoring: entropy bits, crack time at 10B guesses/sec GPU threat model
Encrypted vault backup (.kvbak) only importable with the correct master password

Apr 2026 · Personal Project Confidentiality

Lynis UFW PAM VMware

Linux System Hardening with Lynis

Audited a SANS SIFT 20.04 workstation with Lynis, applied five targeted hardening measures, and ran a second scan to verify improvement.

Hardening index improved from 55 to 59 (+7.3%) across two full Lynis scans
UFW: default deny incoming, SSH-only allow; SSH: port 22 to 2222, PermitRootLogin disabled, MaxAuthTries 3
PAM password policy: minlen=12, dcredit/ucredit/lcredit/ocredit=-1 enforced via libpam-pwquality
Unattended-upgrades enabled for automatic security patch delivery
5 unused filesystem kernel modules disabled (cramfs, freevxfs, jffs2, hfs, hfsplus)

Apr 2026 · COMP 2500, WIT Integrity

Wireshark VirtualBox Ubuntu

Traffic Flood Simulation and Packet Analysis

Built an isolated two-VM lab to simulate a controlled traffic flood, captured it in Wireshark, and measured real host impact before writing a mitigation report.

Load average measured with top: baseline ~0.25, peak during flood ~1.5, recovery ~0.3
Wireshark capture: identified flood signatures, packet rate spikes, and protocol anomalies
Mitigation report: rate limiting, monitoring, firewalls/ACLs, load balancing, CDN offload
Fully contained VirtualBox environment with two Ubuntu VMs, no external systems involved

Nov-Dec 2025 · WIT Networks Final Availability

Rust Stellar Soroban

DeSci Clinical Trial Matcher

24-hour hackathon build at Harvard. Decentralized patient-to-trial matching on Stellar, with rule-based eligibility logic designed to make outcomes explainable.

Core Soroban (Rust) smart contract written and deployed on Stellar testnet
Rule-based eligibility matching: explainable outcomes, no black-box decisions
Removes central data broker so patients control their own trial eligibility data
Blockchain immutability makes enrollment records tamper-proof by design

Oct 2025 · EasyA x Stellar at Harvard DeSci

Experience

Where I've Worked

Real-world security work, not just coursework.

Cybersecurity Intern

State Street Nov 2024 – Feb 2025 Quincy, MA · On-site

Shadowed security operations and incident response teams, capturing structured notes on daily workflows and tooling
Researched security operations topics and produced write-ups and slides to support team learning
Developed and presented a Gen Z recruiting strategy to cybersecurity leadership
Created onboarding documentation and delivered an end-of-internship presentation on findings and areas of interest

Fortune 500

Financial Services

Interactive

Password Strength Analyzer

The same engine inside KeyVault, running live. Your input is analyzed server-side and never stored or logged.

This is one of the most commonly used passwords. Change it immediately.

— Score: —

—

Length

—

Entropy bits

—

Crack time (GPU)

Lowercase

Uppercase

Numbers

Symbols

Crack time assumes a GPU cluster at 10 billion guesses per second, which is a standard threat model for offline hash attacks. Your password is never sent to any third party.

About

Ahmad Ansar

Freshman at Wentworth. New to the field, but I take it seriously.

I'm a B.S. Cybersecurity student at Wentworth Institute of Technology in Boston, heading into my sophomore year. I graduated high school early through an Early College program, which is how I ended up at WIT at 18. Before starting, I interned at State Street in cybersecurity and placed 2nd in the SkillsUSA District Cybersecurity Competition.

I'll be straight about where I am: I'm new to this field and I'm still learning a lot. But I read before I build, I try to understand why things work the way they do, and I take security seriously. The projects on this page are real, built from scratch. This summer I'm studying for my CompTIA Security+.

I also founded the Cybersecurity Club at Quincy High School, was selected as one of 12 students statewide for the Massachusetts Alliance for Early College Advisory Council, and received the Ned V. Mannai Memorial Scholarship for academic achievement and community involvement. I work hard. That part I'm confident about.

Python Java Bash Linux CLI TCP/IP Wireshark Cisco Packet Tracer AES / PBKDF2 UFW / iptables Lynis VMware / VirtualBox Flask SQLite Git / GitHub Rust / Soroban

SkillsUSA Cybersecurity Competition, 2nd Place (District)

Silver Medal · Feb 2025 · Qualified for MA State Leadership and Skills Conference

Ned V. Mannai Memorial Scholarship

$5,000 · Jun 2025 · Academic achievement and community involvement

Currently pursuing: CompTIA Security+

Summer 2026 target · Also completed Cisco Networking Academy courses in cybersecurity, networking, and Linux

Confidentiality

Data is only accessible to authorized users. In KeyVault, the master password never touches the vault file. A derived key does. That distinction is not academic, it is the whole model.

Integrity

Data is not tampered with undetected. Fernet's authentication layer means any bit-flip in the ciphertext causes an explicit failure, not silent garbage output. That matters.

Availability

Systems stay up under pressure. The Traffic Flood lab showed exactly how availability collapses under a flood and how rate limiting, SYN cookies, and ingress filtering restore it.

Building SystemsThat Don't BreakUnder Attack