Md Shazibul Islam Shamim

Md Shazibul Islam Shamim

PhD Candidate

Auburn University

Biography

I am a Ph.D. candidate and Graduate Research Assistant at Auburn University, AL, USA, working in the Computer Science and Software Engineering Department. I hold a Bachelor of Science (B.Sc.) in CSE from Bangladesh University of Engineering and Technology (BUET) and have previously worked as a Software Engineer (DevOps) at a Fin-Tech start-up, iPay Systems Limited, in Bangladesh.

I am passionate about DevOps, Software Security, and Cybersecurity education. My research focuses on developing security analysis tools and innovative techniques for software practitioners, enabling them to better understand and implement security measures in their software applications. Currently, I am working in the Practical and Actionable Software Engineering Research (PASER) group at Auburn University, where I collaborate with Professor Dr. Akond Rahman. We are developing security analysis tools and techniques to help practitioners prevent security misconfigurations in Kubernetes-based container deployments. Additionally, we are working on creating hands-on cybersecurity exercises for students.

Interests
  • Software Engineering
  • DevOps
  • Cybersecurity Education
Education
  • PhD in Computer Science and Software Engineering, 2024 (May 2024 Expected)

    Auburn University

  • BSc in Computer Science and Engineering, 2016

    Bangladesh University of Engineering and Technology

Experience

 
 
 
 
 
Research Intern
May 2023 – August 2023 Alameda, California
  • Created a map between AWS CIS Kubernetes recommendations and the rules of open-source Kubernetes security analysis tools.
  • Designed and conducted a survey among the practitioners to understand their perceptions of Kubernetes CIS recommendations.
  • Created an Oracle dataset from the proprietary repositories and executed static analysis tools on the Oracle dataset.
  • Reported precision, recall and low agreements, coverage among the static analysis tools on the static analysis results.
  • Collaborated with the product security team to execute dynamic analysis tools in production clusters and reported low AWS CIS Kubernetes recommendation coverage and low agreement among the dynamic analysis tool.
 
 
 
 
 
Data Science Intern
May 2022 – August 2020 Brentwood, Nashville
  • Collaborated with the data team and internal stakeholders to identify 66 relevant attributes out of 780 in the data of the past 24 months.
  • Performed feature selection on the relevant attributes and identified 15 attributes that are correlated more with the freight inspection.
  • Conducted statistical analysis and created visualizations to explore freight inspection, which is a rare event ($<$0.02%).
  • Developed several machine learning models for freight inspection prediction, and proposed an autoencoder model that outperformed other models by uncovering latent patterns in the data related to freight inspection.
 
 
 
 
 
Software Engineer (DevOps)
September 2016 – December 2019 Dhaka, Bangladesh
  • Increased deployment frequency by 200% and reduced downtime by automating CI/CD pipelines with Jenkins, Ansible, and deploying Docker containers in production Docker swarm cluster
  • Configured and managed the ELK cluster for a centralized logging system with Apache Kafka and Zookeeper.
  • Built real-time monitoring and alert systems for the Kibana visualizer and Elastic search for the production application.
  • Performed security scanning for vulnerabilities in the production cluster to comply with PCI-DSS standards.
  • Developed a cross-platform automated test suite for mobile platforms such as Android, iOS and web platforms with Calabash, Appium, and Capybara frameworks, respectively, that saved 20 hours for UI feature testing time for each release.
  • Designed API automated test suites and used SonarQube for code security analysis with CI pipeline that saved 10 hours per release.

Publications

(2024). A Qualitative Study on the Automated Detection of Misconfigurations in Open Source Kubernetes Projects. ACM Transactions on Computer Education (submitted).

(2023). Security Misconfigurations in Open Source Kubernetes Manifests: An Empirical Study. ACM Transactions on Software Engineering and Methodology.

PDF Cite

(2021). ‘under-reported’security defects in kubernetes manifests. 2021 IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS).

Cite

(2021). Mitigating security attacks in kubernetes manifests for security best practices violation. Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering.

Cite

(2020). A curated dataset of security defects in scientific software projects. 2020 IEEE Secure Development (SecDev).

Cite

Contact

Please send an email if you are interested about my work and research