Security: Vulnerability Assessment and Penetration Testing (VAPT -- MASPT) across different environments (mobile, web, API, microservices, cloud, infrastructure, wifi, social engineering, etc.). Ethical Phishing Campaigns Human Hacking Devices/Gadgets (Physical Red Teaming) OSINT - Public Exposure Reports on the web (including dark web and deep web) Denial of Services (Stress Testing) Ethical Hacking Technical Collaboration in Criminal Investigations Training / Webinars Digital Forensics: Participate as an Assistant to the Expert Witness/Complainant in expert evidence. Audit the expert examination processes with the court-appointed experts. Ensure proper handling of digital evidence. Extraction of evidence from powered-off and powered-on electronic devices (cold and hot data). Physical and logical copies of digital information stored on different equipment and electronic devices.
Implementation of a Secure Software Development framework based on CMMI and NIST CSF, best security practices and methodologies. Perform Design and Code Reviews, perform security audits, Threat Models, and advise on the implementation of security testing in CI/CD pipelines (shift-left security). Create and manage the Security Champions Program. Manage security projects globally. Create and maintain security guidelines, procedures and protocols. Collaborate with monitoring networks and systems for intrusions.
Leading security champion program across engineering teams. Conducting various security assessments and threat modeling. Collaborating with compliance for audit automation. Guiding DevSecOps strategy and Security Champions. Establishing and maintaining security protocols. Monitoring networks for intrusions, investigating incidents. Performing regular penetration testing. Fostering Zero Trust culture. Enhancing security in CI/CD pipelines. Integrating app security tools. Creating awareness content, conducting workshops. Addressing vulnerabilities, vendor engagement. Identifying threats through modeling and assessment.
Develops security processes and solutions for production and non-production environments. Collaborates with compliance for automated audit evidence collection and maintains security protocols. Identifies/responds to incidents, conducts pre-production tests, and reviews code for best practices. Cultivates a culture of security and zero trust in engineering. Enhances CI/CD pipeline security with open-source tools, integrates security workflows. Leads workshops, aids security decisions, manages HackerOne program. Supports audit evidence collection, outsourcing audits, and evaluates tools. Utilizes threat modeling and STRIDE framework effectively.
Penetration testing on Web Applications, Mobile, Infrastructure, Containers, API, and Cloud (different scopes - external and internal) (DAST - SAST - RASP - IAST). Security code review (WhiteBox, GreyBox and BlackBox assessments) Implementation of Shift Left Security, and Bottom-to-Top concepts Threat modelling (STRIDE & VAST) Technical participation in RFCs, and briefings Vulnerability management and risk analysis Definition of security requirements (MASVS - ASVS) Documentation of processes, and definition of best practice guidelines. Vulnerability management Network team operations (social engineering - insider threat simulator - OSINT - malware outbreak) Reporting and report writing Security awareness (security pills and workshops) MicroManagement
Conduct penetration testing on web, mobile apps, infrastructure, containers, APIs, and cloud environments, covering various scopes (external and internal). Participate in technical aspects of RFCs and debriefings. Develop technical exams for cybersecurity position recruitment and engage in the selection process. Perform Security Code Review (WhiteBox & BlackBox assessments). Implement Shift Left Security and Bottom-to-Top concepts. Conduct Threat Modeling (STRIDE & VAST). Manage vulnerabilities and risk analysis. Define security requirements (MASVS - ASVS). Compose and draft reports. Promote Security Awareness (creating educational content based on the OWASP TOP 10).
Configure HID devices for physical intrusions. Analyze vulnerabilities associated with human vectors. Perform information gathering. Design awareness talks on social engineering-related topics. Craft campaigns (webpage creation and design, pretexts, scripts). Conduct open-source intelligence analysis (OSINT, GEOINT, SOCMINT). Execute large-scale phishing and smishing tests. Automate and design scripts (Python and Bash). Manage teams and propose improvements. Collaborate with other areas - forensics (Special Ops, RED TEAM).
Penetration testing on Web and Mobile Applications and Infrastructure, Containers and Cloud. Documentation and vulnerability tracking. RFC analysis. Preparation and drafting of reports (metrics - security maturity test). DAST - SAST - RASP - IAST Cloud Security Infrastructure Reviews. CI/CD automation on IT security tools (Bitrise & Gitlab). Security Awareness (making videos on youtube and writing articles on Medium.com) and Workshops. Red Team Operations.
Conduct penetration testing on Mobile Apps, Web Apps, Web Servers, APIs, and Infrastructure (SAST, DAST, IAST). Direct project management with clients. Document and compile technical reports following international cybersecurity standards (NIST 800-53, OWASP TOP 10, CERT C, ISO 27001, SANS TOP 25). Provide corporate training on cybersecurity topics and tools to client companies. Perform intrusion tests on OnPrem infrastructures, hybrid environments, and multicloud settings. Execute external and internal intrusion tests. Conduct intrusion tests on Web/Mobile applications. Develop scalable testing strategies. Create security tools to automate complex tasks.
Conduct penetration testing on Mobile Apps, Web Apps, Web Servers, APIs, and Infrastructure (SAST, DAST, IAST). Direct project management with clients. Document and compile technical reports following international cybersecurity standards (NIST 800-53, OWASP TOP 10, CERT C, ISO 27001, SANS TOP 25). Provide corporate training on cybersecurity topics and tools to client companies. Perform intrusion tests on OnPrem infrastructures, hybrid environments, and multicloud settings. Execute external and internal intrusion tests. Conduct intrusion tests on Web/Mobile applications. Develop scalable testing strategies. Create security tools to automate complex tasks. Assist in secure web application development. Implement computer security and conduct vulnerability analyses. Survey assets and infrastructure. Design security policies. Conduct occasional penetration tests.
Collaborate with the development team to establish standards. Ensure the production and development of secure software through the use of SAST and DAST tools (SonarQube, Jenkins, Snyk, AppScan, OWASP ZAP, etc.) and manual source code analysis. Contribute to the Secure-SDLC. Raise awareness and promote the SecDevOps culture. Technology stack: Java, JavaScript, PHP, SQL Server. HTML, CSS, JS (Angular), Bootstrap, SASS. Power BI. Open Source Ticketing & Remedy.
In charge of police mobile support, and budget. Drafting and preparation of documents and administrative management processes. (ITIL + ISOS) Database administration.