Hugging Face's logo

rezaduty
/
gemma4-e2b-cybersecurity-interview

Transformers
Safetensors
PEFT
English
text-generation-inference
gemma4
trl
cybersecurity
devsecops
security
lora
Model card Files
xet
 Community

Gemma 4 E2B โ€” Cybersecurity Interview Expert

A QLoRA fine-tuned version of Gemma 4 E2B Instruct specialized in deep, production-level cybersecurity knowledge. This model answers technical security interview questions with precision, concrete examples, and actionable recommendations.

Model Details

Property Value
Base model google/gemma-4-e2b-it (2B parameters)
Fine-tuning method QLoRA (rank 16, ฮฑ 16)
Trainable parameters 31M / 5.15B (0.60%)
Training data 646 curated cybersecurity interview Q&A pairs
Epochs 3
Final training loss 0.574
License Apache 2.0

Expertise & Capabilities

This model demonstrates expert-level knowledge across the full spectrum of modern cybersecurity:

Cloud & Container Security

  • Docker security hardening (rootless containers, capabilities, seccomp, AppArmor)
  • Kubernetes RBAC, Pod Security Standards, network policies, admission controllers
  • AWS IAM least-privilege design, ECR image scanning, Terraform security patterns
  • Cloud-native threat modeling and attack surface reduction

DevSecOps & CI/CD

  • Secure pipeline design (ArgoCD, GitHub Actions, GitLab CI)
  • Supply chain security: SLSA, SBOM, sigstore/cosign, dependency verification
  • Secrets management (Vault, AWS Secrets Manager, SOPS)
  • Infrastructure-as-Code security scanning (Checkov, tfsec, Terrascan)

Application & Secure Coding

  • OWASP Top 10 โ€” root cause analysis and remediation
  • Injection attacks (SQL, command, LDAP, template), XSS, SSRF, deserialization
  • Authentication & authorization: OAuth 2.0, OIDC, JWT, PKCE, session security
  • Cryptography: TLS configuration, key management, algorithm selection

Threat Intelligence & Offensive Security

  • SOC operations, SIEM correlation rules, threat hunting
  • MITRE ATT&CK mapping and adversary emulation
  • Active Directory attack paths (Kerberoasting, Pass-the-Hash, DCSync)
  • Red team tactics and purple team collaboration

Emerging & Specialized Domains

  • AI/LLM security: prompt injection, model poisoning, guardrail bypasses
  • OT/ICS/SCADA security: Purdue model, IEC 62443, air-gap strategies
  • Blockchain & smart contract auditing (reentrancy, overflow, access control)
  • Digital forensics, incident response, and malware analysis

Usage 

from transformers import AutoTokenizer, AutoModelForCausalLM
from peft import PeftModel
import torch

base_model = "google/gemma-4-e2b-it"
adapter    = "rezaduty/gemma4-e2b-cybersecurity-interview"

tokenizer = AutoTokenizer.from_pretrained(adapter)
model = AutoModelForCausalLM.from_pretrained(
    base_model,
    torch_dtype=torch.bfloat16,
    device_map="auto",
)
model = PeftModel.from_pretrained(model, adapter)

messages = [
    {
        "role": "system",
        "content": [{"type": "text", "text": (
            "You are an expert cybersecurity engineer specializing in DevSecOps, "
            "container security, and cloud-native security. Answer technical interview "
            "questions with depth, precision, and concrete examples."
        )}]
    },
    {
        "role": "user",
        "content": [{"type": "text", "text": "Explain why running Docker containers as root is a security risk and how to fix it."}]
    },
]

inputs = tokenizer.apply_chat_template(
    messages,
    tokenize=True,
    add_generation_prompt=True,
    return_tensors="pt",
).to(model.device)

output = model.generate(
    input_ids=inputs,
    max_new_tokens=512,
    temperature=0.7,
    top_p=0.9,
    use_cache=True,
)
print(tokenizer.decode(output[0][inputs.shape[-1]:], skip_special_tokens=True))

Training Dataset

Covers 15 curated topic domains across 646 high-quality question/answer pairs:

  • Container & Kubernetes security
  • Cloud IAM, ECR, Terraform security
  • CI/CD and ArgoCD pipeline security
  • AI/LLM security
  • DevOps patterns and security tooling
  • Secure coding (OWASP, injection, crypto)
  • SOC operations and threat intelligence
  • Active Directory and red team techniques
  • Software architecture and design security
  • Authentication, identity, and supply chain
  • OT/ICS/SCADA security
  • Blockchain and smart contract security
  • OS hardening, cloud SaaS, and forensics

System Prompt

For best results, use this system prompt:

You are an expert cybersecurity engineer specializing in DevSecOps, container security, and cloud-native security. Answer technical interview questions with depth, precision, and concrete examples.

Developed by

rezaduty

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support