SUMMARY
- I am a Security Engineer with a decade of experience in Telco, FinTech, Retail, and SasS. My expertise includes security-focused software development practices, threat modeling, penetration testing, and vulnerability management.
- I help companies adopt DevSecOps to produce more secure products with less effort and cost. I can communicate security concerns in a language that makes sense to both technical and non-technical departments.
- As an active contributor to the global security community, I lead the OWASP DevSecOps Guideline project. I advocate for AppSec and DevSecOps, speaking at events to influence security in technology
SOFT SKILLS
- Strong communication skills gained from interacting with colleagues, clients, and customers.
- Collaborative team player with excellent knowledge-sharing abilities.
- Experience in managing a team of 8 engineers and handling stakeholder management, conflict resolution, and business prioritization.
- Ability to effectively communicate technical concepts to non-technical stakeholders.
TECHNICAL SKILLS
Security standards
- Familiar with security standards and frameworks such as ISO27001, SOC2, TISAX, PCI-DSS, NIST800, OWASP, and GDPR.
Vulnerability Assessment and Penetration test
Strong practical knowledge of penetration tests and logical and business-based security bugs.
- Pentest tools {Burp suite, SQLMap, and Metasploit}
- Mobile pentest tools {drozer, and bug, Frida, Inspeckage, MobSF, and apktools}
- Vulnerability scanner {Nessus, InsightVm, Nexpose, and OpenVAS}
Cloud and Container
- Hands-on experience with AWS, GCP, and Azure as public cloud providers and in the container side Kubernetes (CKA and CKS Certified) working with GitOps solutions like Flux and ArgoCD
Software Development
- Computer programming background Bash, Python, Go, and JavaScript
DevOps Experiences
- Hands-on experience working with varent of CI/CD like GitHub, Gitlab, and Azure DevOps.
Infra Experiences
- Hands-on experience working with Terraform, and Pulumi.
RESEARCH EXPERIENCE
12/2016 - today:
Role: Security Researcher
Customer: OWASP Foundation
Tasks:
- The OWASP DevSecOps guideline project leader.
- The OWASP MSTG (Mobile Security Testing Guide) project contributor.