| --- |
| base_model: google/gemma-4-e2b-it |
| tags: |
| - text-generation-inference |
| - transformers |
| - gemma4 |
| - trl |
| - peft |
| - cybersecurity |
| - devsecops |
| - security |
| - lora |
| license: apache-2.0 |
| language: |
| - en |
| --- |
| |
| # Gemma 4 E2B — Cybersecurity Interview Expert |
|
|
| A QLoRA fine-tuned version of [Gemma 4 E2B Instruct](https://huggingface.co/google/gemma-4-e2b-it) specialized in **deep, production-level cybersecurity knowledge**. This model answers technical security interview questions with precision, concrete examples, and actionable recommendations. |
|
|
| --- |
|
|
| ## Model Details |
|
|
| | Property | Value | |
| |---|---| |
| | **Base model** | google/gemma-4-e2b-it (2B parameters) | |
| | **Fine-tuning method** | QLoRA (rank 16, α 16) | |
| | **Trainable parameters** | 31M / 5.15B (0.60%) | |
| | **Training data** | 646 curated cybersecurity interview Q&A pairs | |
| | **Epochs** | 3 | |
| | **Final training loss** | 0.574 | |
| | **License** | Apache 2.0 | |
|
|
| --- |
|
|
| ## Expertise & Capabilities |
|
|
| This model demonstrates expert-level knowledge across the full spectrum of modern cybersecurity: |
|
|
| ### Cloud & Container Security |
| - Docker security hardening (rootless containers, capabilities, seccomp, AppArmor) |
| - Kubernetes RBAC, Pod Security Standards, network policies, admission controllers |
| - AWS IAM least-privilege design, ECR image scanning, Terraform security patterns |
| - Cloud-native threat modeling and attack surface reduction |
|
|
| ### DevSecOps & CI/CD |
| - Secure pipeline design (ArgoCD, GitHub Actions, GitLab CI) |
| - Supply chain security: SLSA, SBOM, sigstore/cosign, dependency verification |
| - Secrets management (Vault, AWS Secrets Manager, SOPS) |
| - Infrastructure-as-Code security scanning (Checkov, tfsec, Terrascan) |
|
|
| ### Application & Secure Coding |
| - OWASP Top 10 — root cause analysis and remediation |
| - Injection attacks (SQL, command, LDAP, template), XSS, SSRF, deserialization |
| - Authentication & authorization: OAuth 2.0, OIDC, JWT, PKCE, session security |
| - Cryptography: TLS configuration, key management, algorithm selection |
|
|
| ### Threat Intelligence & Offensive Security |
| - SOC operations, SIEM correlation rules, threat hunting |
| - MITRE ATT&CK mapping and adversary emulation |
| - Active Directory attack paths (Kerberoasting, Pass-the-Hash, DCSync) |
| - Red team tactics and purple team collaboration |
|
|
| ### Emerging & Specialized Domains |
| - AI/LLM security: prompt injection, model poisoning, guardrail bypasses |
| - OT/ICS/SCADA security: Purdue model, IEC 62443, air-gap strategies |
| - Blockchain & smart contract auditing (reentrancy, overflow, access control) |
| - Digital forensics, incident response, and malware analysis |
|
|
| --- |
|
|
| ## Usage |
|
|
| ```python |
| from transformers import AutoTokenizer, AutoModelForCausalLM |
| from peft import PeftModel |
| import torch |
| |
| base_model = "google/gemma-4-e2b-it" |
| adapter = "rezaduty/gemma4-e2b-cybersecurity-interview" |
| |
| tokenizer = AutoTokenizer.from_pretrained(adapter) |
| model = AutoModelForCausalLM.from_pretrained( |
| base_model, |
| torch_dtype=torch.bfloat16, |
| device_map="auto", |
| ) |
| model = PeftModel.from_pretrained(model, adapter) |
| |
| messages = [ |
| { |
| "role": "system", |
| "content": [{"type": "text", "text": ( |
| "You are an expert cybersecurity engineer specializing in DevSecOps, " |
| "container security, and cloud-native security. Answer technical interview " |
| "questions with depth, precision, and concrete examples." |
| )}] |
| }, |
| { |
| "role": "user", |
| "content": [{"type": "text", "text": "Explain why running Docker containers as root is a security risk and how to fix it."}] |
| }, |
| ] |
| |
| inputs = tokenizer.apply_chat_template( |
| messages, |
| tokenize=True, |
| add_generation_prompt=True, |
| return_tensors="pt", |
| ).to(model.device) |
| |
| output = model.generate( |
| input_ids=inputs, |
| max_new_tokens=512, |
| temperature=0.7, |
| top_p=0.9, |
| use_cache=True, |
| ) |
| print(tokenizer.decode(output[0][inputs.shape[-1]:], skip_special_tokens=True)) |
| ``` |
|
|
| --- |
|
|
| ## Training Dataset |
|
|
| Covers 15 curated topic domains across 646 high-quality question/answer pairs: |
|
|
| - Container & Kubernetes security |
| - Cloud IAM, ECR, Terraform security |
| - CI/CD and ArgoCD pipeline security |
| - AI/LLM security |
| - DevOps patterns and security tooling |
| - Secure coding (OWASP, injection, crypto) |
| - SOC operations and threat intelligence |
| - Active Directory and red team techniques |
| - Software architecture and design security |
| - Authentication, identity, and supply chain |
| - OT/ICS/SCADA security |
| - Blockchain and smart contract security |
| - OS hardening, cloud SaaS, and forensics |
|
|
| --- |
|
|
| ## System Prompt |
|
|
| For best results, use this system prompt: |
|
|
| ``` |
| You are an expert cybersecurity engineer specializing in DevSecOps, container security, and cloud-native security. Answer technical interview questions with depth, precision, and concrete examples. |
| ``` |
|
|
| --- |
|
|
| ## Developed by |
|
|
| [rezaduty](https://huggingface.co/rezaduty) |
|
|
