Jun 2025 – Jun 2025 · 0 mo

• Pentesting mainframe systems zOS for financial institution.

May 2025 – Jun 2025 · 1 mo

• Leading full-spectrum Red Team operation for critical infrastructure in Belfast, UK

Mar 2025 – Apr 2025 · 1 mo

• Performed full-spectrum red team including physical assessments(Black Teaming)
• Performed POS(Point-of-Sale) IoT device pentesting.
• Conducting security assessments and penetration tests on automotive embedded systems, such as gateways, connectivity modules, telematics units, and connected vehicle components.
• Tools:
• Proxmark3,FlipperZero
• LAN Turtle, Throwing Star Lan TAP PRO,UbertoothOne

Nov 2024 – Nov 2024 · 0 mo

• Performed Purple teaming - TIBER-DE for one of the well-known bank in Frankfurt,Germany.
• Regulatory driven Intelligence-led based Testing
• Sandbox, Email and Web Gateway assessment
• ART(Advanced Red Teaming)
• ZORRO for the Healthcare sector: provided by Z-CERT
• ART for the financial sector: provided by DNB
• ART for the Government,OSFI I-CRT,Canada,DORA TLPT EU
• Frameworks: The Unfied Killchain,MITRE ATT&CK,Lockheed Martin CyberKillChain,Diamond Model of Intrusion Analysis,Red Team Maturity Model(RTMM)

Nov 2024 – Nov 2024 · 0 mo

• Pentesting SWIFT systems for one of the largest bank in Luxembourg based on Customer Security Controls Framework (CSCF) to comply with SWIFT CSP(Customer Security Programme) requirements

Oct 2024 – Nov 2024 · 1 mo

• Pentesting RPA Bot and performing RPA Security assessment,wireless pentesting for biggest law enforcement entity in Dublin, Ireland
• Pentesting network infrastructure and OT components for energy provider based on Purdue Model

Sep 2024 – Oct 2024 · 1 mo

• Pentesting for biggest railway network in Switzerland based on VATT&EK framework(Vehicle Adversarial Tactics , Techniques & Expert Knowledge)

Jul 2024 – Oct 2024 · 3 mos

• Building Red Team and pentesting program for one of the biggest security technology company in Switzerland

May 2024 – Jun 2024 · 1 mo

• Pentesting Azure cloud infrastructure including landing zones for a public government agency in Ireland.

Mar 2024 – May 2024 · 2 mos

• Pentesting zOS mainframe system,CICS apps,green terminals for a leading European bank in Gdansk & Gdynia location(tri-city)

Oct 2023 – Nov 2023 · 1 mo

• Pentesting mobile apps both android and ios for biggest automotive firm in Sweden

Sep 2021 – Present · 4 yrs 6 mos

• ➤ Red & Purple team assessments, Tabletop Exercises
• ➤ Penetration testing web/mobile/desktop apps & infra/cloud(AWS,Azure,GCP)
• ➤ Cloud Configuration Reviews ( AWS, Azure,GCP,OpenShift,AliCloud)
• ➤ Internal & external pentesting
• ➤ SAP Penetration Testing including traditional & modern stacks(SAP Fiori,S/4 HANA)
• ➤ Container & Kubernetes Security
• ➤ Client and Server Build Reviews
• ➤ Providing advisory consulting services to clients from various industry verticals in Americas,Europe and Asia region.
• ➤ Citrix and Locked down Environment Breakouts
• ➤ Network Device Security Reviews
• ➤ Firewall Configuration/Rulebase Reviews
• ➤ Client and Server Build Reviews
• ➤ Social Engineering (Phishing,vishing)
• ➤ Physical Security Testing
• ➤ PCI DSS Penetration Testing
• ➤ Insider Threat Campaigns
• ➤ EDR Product Review
• ➤ OSINT Target Profiling
• ➤ Knowledge of security and architecture testing and development frameworks, i.e. OWASP, OSSTMM, PTES, ISSAF, &NIST SP 800-115
• ➤ Regulatory driven Intelligence-led based Testing (DORA-TLPT,CBEST-UK,iCAST-HK,CORIE-AU,TIBER-EU,FINMA Switzerland, FEER-SAMA, TLPT-Japan,AASE-SG,GFMA)
• ➤ Ransomware Readiness Assessment
• ➤ Stolen Device Assessment
• ➤ Remote Access Assessment
• ➤ Smart Contract Security
• ➤ Vehicle/IoT/IoMT/ICS Security
• ➤ Voting machine security
• ➤ C-UAS Drone Adversarial Testing
• ➤ Ransomware Readiness Assessment
• ➤ AI/MCP Pentesting
• Key Tasks:
• Led an entire Red Team operation for one of the biggest smart city including OT environment in the world.
• Infra pentest for highly secured automotive Zabbix environment in Brazil
• AWS Cloud pentesting for a fintech company in Mexico
• ATM pentesting for a bank in Bosnia & Herzegovina
• Blackbox pentesting for a telecom government client in Switzerland
• SAP,AWS,k8s pentesting for an insurance company in Germany.
• Red team, table top exercises in sensitive environment for public client in USA
• Container security for a bank in Singapore
• Product security pentest in Latvia

Sep 2021 – Apr 2025 · 3 yrs 7 mos

• Pentesting domotics
• POS and TMS Security assessment
• Telecom Signaling Pentest
• Maritime/Aviation Security Assessment -IACS UR E26, E27, E22 maritime standards
• Hotel/Hospitality Security Assessment
• AI/ML/LLM Pentesting - MITRE ATLAS
• Metaverse Pentesting
• Pentesting Augmented Reality(AR),Mixed Reality(MR),Extended Reality(XR),Virtual Reality(VR)
• SDR Pentesting
• Blockchain Pentesting
• Telecom Penetration Testing (Air interface and CORE) based on MITRE FiGHT and MOTIF framework
• Device and hardware Penetration Testing
• Wireless Security Assessment - OWISAM (Open Wireless Security Assessment Methodology)
• Red Teaming
• Super yachts and Marine Penetration Testing
• Satellite Security assessment SPARTA framework(Space Attack Research & Tactic Analysis)
• ioT and Firmware Penetration testing
• IPTV, VOIP, AD exploitation
• IP-PBX and PSTN Security Assessment
• Telecom Pentesting
• VAPT of Telecom Network(EPC & IMS), AppSec ,Architecture Review, Protocol Fuzz Testing(GTP, SIP, SCTP, S1AP, X2AP),SS7,Diameter, GTP,HTTP/2,RAN 2G/4G,5G Core,SIM/eSIM Security assessment,VoLTE & VoWIFI(SIP)
• Salesforce Pentesting
• Browser Extensions Security Assessment
• Railway Penetration Testing ( GSM-R, Wi-Fi, and Ethernet,railway control systems, encompassing signaling systems, communication networks, and train control systems (TCS)
• Automotive and EV Vehicle Chargers Pentesting

Apr 2021 – Sep 2021 · 5 mos · Berlin, Germany · On-site

• Previously Lendico Deutschland GmbH - a brand of ING (acquired by ING Germany)
• https://www.lendico.de
• https://www.ing.jobs/germany/person/fintech-meets-direktbank-1.htm
• Responsible for securing the fintech platform
• Pentesting infrastructure,applications(Web, API) Cloud and cloud-native ecosystem
• Red Teaming in Cloud environment:
• AWS and Azure
• Cloud native Security Assessments
• Kubernetes Ecosystem Penetration Testing
• Container Penetration Testing
• Red Teaming Assumed Breach Assessments using TTP from MITRE ATT&CK framework
• In-depth knowledge of relevant information security regulations and standards, including BSI IT Grundschutz,OWASP, NIST, ISO 27001.
• DevSecOps:
• SAST:SonarCloud
• DAST:OWASP ZAP
• Cloud Security: Prowler,ScoutSuite
• Cloud-native: tfsec,checkov,clair,trivy,anchore,Checkmarx KICS
• Azure DevOps

Oct 2019 – Mar 2021 · 1 yr 5 mos · Bonn, North Rhine-Westphalia, Germany · Hybrid

• previously LeanIX GmbH (now acquired by SAP)
• https://news.sap.com/2023/11/sap-completes-acquisition-of-leanix/
• LeanIX, an SAP company, is a market leader for enterprise architecture management (EAM), driving the modernization of IT landscapes and continuous business transformation. Its software-as-a-service solutions empower organizations to create transparency, enabling them to visualize, assess and manage the transition towards their target IT architecture. LeanIX serves over 1,000 companies globally across various industries, including more than 10% of the Fortune 500 and half of the German DAX 40.

Jun 2019 – Sep 2019 · 3 mos

Apr 2019 – May 2019 · 1 mo

• Worked with the Technology Information Security Office - TISO
• Performed application penetration testing on web based application and thick-client application.
• API , SOA, Microservices , Container Security Assessment
• Security Design Reviews
• Smart ATM Security Assessment using IoT MQTT protocol(MQTT.fx)
• Application penetration testing of Near Field Communication (NFC) based
• card-less money(QR code scanning) withdrawal from ATM
• Cash Dispensers, Cash Machines Security Assessment
• KIOSK Penetration Testing
• Smart Boards Security Assessment
• Legacy systems such as Mid-range Systems (AS400/ IBM iSeries) Penetration Testing
• HP Tandem NonStop Systems Security Assessment
• Infrastructure Penetration Testing
• Perform mobile application penetration testing across different mobile platforms
• Perform network penetration testing on systems.
• Exploit vulnerabilities to gain access, and expand access to remote systems.
• Document technical issues and recommend mitigation controls identified during security assessments.
• Research cutting edge security topics and new attack vectors
• Conduct compliance testing on web based application, mobile applications and thick/thin-client application that meet predetermined technology
• Security Standards and other regulatory requirements such as MAS TRMG.
• Conduct secure code review and design review of applications.(RPG, C#, Java ,Swift)
• Conduct Internal Security Trainings
• DevSecOps :
• SAST :HP Fortify, Coverity ,Synopsys Black Duck
• DAST: IBM Appscan, Acunetix

Oct 2018 – Oct 2018 · 0 mo

Sep 2018 – Dec 2018 · 3 mos

• Securing Ships: In the role of Security Architect, performed secure SDLC activities like Threat Modelling, SAST and DAST and integrated
• security into a CI/CD workflow for a cruise ship in Miami & Miramar locations,Florida-USA as part of digital transformation for seamless boarding.
• Reviewed penetration testing reports and provided a mitigation strategy in first place (left
• shifting).
• Performed Application Security Architecture Reviews & implemented security in
• DevSecOps Environment.

Aug 2017 – Sep 2017 · 1 mo

Apr 2017 – Apr 2017 · 0 mo

• - Performed internal network penetration testing and vulnerability assessment for a leading European bank in Singapore

Oct 2016 – Mar 2019 · 2 yrs 5 mos

• Member & SME of the Attack and Penetration Testing Cyber Security Team working full-time as Senior Security Consultant in EY where he delivers Web Application Penetration Test, Mobile Penetration Test (iOS ,Android,Windows,Blackberry,Symbian,UWP platform), Vulnerability Assessment and Network Penetration Test for several enterprise companies and financial institutions worldwide.
• Collaborated with ASC (Advanced Security Centre) in Australia, Singapore, Israel, Poland, Ireland.
• Executed numerous Mobile,Web,Thick client Application,Network Penetration Testing for clients in USA,Australia,Germany,Austria,Singapore,Middle East (Jordan,Saudi Arabia,Abu Dhabi,Bahrain,Oman), Zimbabwe,Sudan,Ghana,Mauritius,Egypt, Mozambique, Hong Kong, Kazakhstan.
• Areas of Expertise :
• Attack and Penetration Testing
• Mobile Application (Android, iOS,Blackberry,Windows,Symbian,UWP,J2ME)
• Smart Watch Wearable Application(Apple Watch, Android Wearable)
• IoT - Zigbee & Bluetooth Low Energy Protocol using Ubertooth One & Atmel RzRaven USB Stick
• Web and Thick client (Rich Client) Application
• Web Services,API (RESTful/WADL ,SOAP/WSDL)
• SAP & Cloud Application ( AWS ,Microsoft Azure) -SaaS,PaaS,IaaS based Testing
• Wireless / Software Defined Radio -SDR/RF analysis using RTL-SDR, Yard Stick One, Wifi Pineapple nano
• Firmware Analysis/Embedded Software Security
• Network Discovery
• VOIP/IVR
• USSD(Unstructured Supplementary Service Data)
• Infrastructure
• Social Engineering Assessments & Phishing
• Host based Vulnerability Assessments
• Blockchain Application Penetration Testing
• GSM 2G ,GRX Router,GGSN(Gateway GPRS Support Node),SGSN(Serving GPRS Support Node)
• Secure Code Review (PHP,android & iOS)
• Application Security Architecture/Design Reviews
• DevSecOps -CI/CD process - SAST,DAST
• Threat Modelling
• Corporate Cyber Profiling -OSINT
• Configuration Reviews & Minimum Security Baseline (MSB) documents
• International Trainer & Speaker
• Client discussion & Consultation

Oct 2016 – Nov 2016 · 1 mo

Jul 2016 – Aug 2016 · 1 mo

• - Performed web,mobile(iOS and android) and thick client penetration testing for a big4 bank in Australia.

Mar 2016 – Apr 2016 · 1 mo

Aug 2015 – Sep 2015 · 1 mo

Aug 2015 – Sep 2015 · 1 mo

Aug 2015 – Sep 2015 · 1 mo

Jul 2015 – Aug 2015 · 1 mo

Aug 2013 – Sep 2016 · 3 yrs 1 mo

• Key Tasks:
• Performed External Application & Network Penetration Testing for multiple locations across the globe for the biggest Robotics firm in Germany( DACH region)
• Performed Thick client and Web Services Penetration Testing for a reputed government regulatory organization in Austria.
• Performed configuration reviews (OS, Database,Firewall) for various clients in Middle East
• Performed Network Penetration Testing for the following clients:
• Large Pharmaceutical company in Saudi Arabia.
• Reputed consulting organisation in Jordan.
• SAP & Wireless Penetration Testing for an Internet Service Provider
• Blockchain Application Penetration Testing for a marine insurance company in UK
• Performed Amazon AWS Cloud Security Assessment for a client in Middle East
• Performed Payment Gateway Application Penetration Testing for a largest bank in Abu Dhabi
• Served as consultant in pre-sales, including assessment of client needs, project scopes and proposal presentation

Jun 2012 – Jun 2013 · 1 yr · Mumbai Area, India

• Conduct hands-on training on ethical hacking for students and update the syllabus .
• Counsel the students on career opportunities
• Regular maintenance of configuration required for training.