Hi, my name is

Zhicheng Sun

I build secure systems elegant solutions cool things

Security researcher & full-stack engineer with a passion for finding vulnerabilities and building robust systems. Currently focused on blue team operations and cloud security.

See My Work Get in Touch

andy@security:~

$ whoami

zhicheng_sun

$ cat skills.txt

Vulnerability Research Full-Stack Development Security Architecture

$ echo $MOOD

caffeinated ☕

$ _

Scroll to explore

01. About Me

I'm a security engineer who loves breaking things (ethically) and then building them back stronger.

My journey started with a curiosity about how systems work — and more importantly, how they fail. Now at Johns Hopkins studying Security Informatics, I spend my days diving deep into vulnerability research and building secure systems.

When I'm not hunting for zero-days or writing secure code, you'll find me exploring new taco/dumpling spots 🌮🥟, gaming at home, shredding on electric guitar 🎸, painting 🎨, or getting lost in history books and museums.

🔍
                                    50+
                                    Vulnerabilities Found
                                

📝
                                    3
                                    Papers Published
                                

🎓
                                    JHU
                                    MS Security '25
                                

02. Where I've Worked

Full-Stack Engineer @ OfSpectrum, Inc.

Jun 2025 – Aug 2025 · Los Angeles, CA

Designed platform security architecture for an AI audio watermarking SaaS, achieving 85% reduction in unauthorized API calls
Identified and remediated 10+ high-risk vulnerabilities including file upload whitelist bypass
Built enterprise compliance frameworks (GDPR, SOC 2, ISO 27001), reducing supplier audit TAT by 40%
Developed full-stack features with Next.js + FastAPI + Supabase, including real-time WebSocket proxy

Next.jsFastAPISupabaseTypeScriptSecurity

Software Engineer @ Inspur Smart Healthcare

Apr 2024 – Jul 2024 · Jinan, China

Built AI-driven EMR/EHR migration tool with LLM-based field matching, achieving 85% accuracy
Reduced manual migration effort by ~70% across 100+ hospital data migrations
Created 100K+ labeled medical dataset using OCR, NLP, and entity recognition for diagnostic model training

Vue 3FlaskD3.jsLLMNLP

Graduate Researcher @ Johns Hopkins University

Aug 2024 – Dec 2025 · Baltimore, MD

Pursuing MS in Security Informatics at Whiting School of Engineering
Research focus: Vulnerability research, secure medical device systems
Developed Medical End-to-End Security in Healthcare framework adopted as teaching reference for JHU courses

SecurityResearchAWSZero Trust

03. Things I've Built

Security Research

Host Name Pollution Detection

Discovered a new cross-layer vulnerability class affecting 9 programming languages and 32 major web frameworks. Earned 50+ CVE identifiers through responsible disclosure, including zero-days in projects with thousands of GitHub stars.

Vulnerability Research
S&P 2026
CVE
Zero-day

🏆 Submitted to S&P 2026

Open Source Framework

Medical End-to-End Security in Healthcare

End-to-end Zero-Trust architecture for secure medical devices. Connects wearables to AWS Serverless backend with mTLS, JWT, and Argon2id. Includes DevSecOps automation and FDA-aligned compliance documentation.

AWS
Zero Trust
Flutter
Raspberry Pi
DevSecOps

📚 Published at ACM SIGCSE

AI Research

Text-Guided Image Segmentation

Designed Clip2Sam, an AI-driven multimodal segmentation system combining CLIP, SAM, and Stable Diffusion. Simply input a prompt like 'person' to achieve precise image segmentation and inpainting.

PyTorch
CLIP
SAM
Computer Vision

📄 Published at ICIVC 2024

04. My Toolkit

Security & Compliance

Vulnerability Research

Penetration Testing

OWASP Top 10

ISO 27001

NIST SP 800

FDA / HIPAA / GDPR

Nmap

Wireshark

Burp Suite

Ghidra

Languages

Python

JavaScript/TypeScript

C/C++

Java

Rust

SQL

Bash

Development

React / Next.js

Node.js

FastAPI / Flask

Vue.js

TailwindCSS

PostgreSQL / MongoDB

Cloud & DevOps

AWS

Docker

GitHub Actions

Linux

VMware

Terraform

05. What's Next?

Get In Touch

I'm currently looking for security engineering opportunities and always open to interesting conversations about vulnerabilities, secure systems, or just tech in general. Drop me a line!

Say Hello