Product Security Engineer

Onkar Koli.

Exploring the security of systems that power the physical world — IoT devices, embedded firmware, and cloud infrastructure.

Explore Work Read Writing →
Onkar Koli

About

Security engineer.
Perpetual student.

I work at the intersection of hardware and software security — the messy, fascinating territory where physical systems meet adversarial environments.

Whether it's pulling apart firmware, mapping threat landscapes, or securing cloud infrastructure, my approach is the same: relentless curiosity and a habit of asking "what happens if I do this?"

Currently a Product Security Engineer at SolarWinds. Based in India. Occasionally pointing a camera at the world.

IoT Security Firmware Analysis Cloud Security Threat Modeling Secure Development Vulnerability Research

Expertise

What I do

Three domains. One thread: making systems resistant to adversaries.

01

IoT & Firmware Security

Hardware teardowns, firmware extraction and static analysis, protocol reversing, and identifying vulnerabilities in embedded systems before they ship.

02

Application & Cloud Security

Securing APIs, cloud infrastructure, and development pipelines. SAST/DAST integration, secrets management, and secure-by-default architecture.

03

Threat Modeling

Structured risk analysis using STRIDE, PASTA, and Attack Trees. Translating abstract threats into concrete, prioritized engineering work.

Photography

Through the lens

The same curiosity that drives security research — looking at things closely, finding what others overlook.

After Midnight

Mumbai · 2024

Golden Hour

Rajasthan · 2023

Concrete & Light

Delhi · 2024

Into the Canopy

Western Ghats · 2023

Violet Hour

Pune · 2024

View all photographs

Writing

From the field

Mar 20, 2024

Threat Modeling 101: A Security Engineer's Guide

Introduction to Threat Modeling

All writing

Contact

Let's
Talk.

Email LinkedIn GitHub