Mihalis H.

CEO

Helsinki, Uusimaa, Finland7 yrs 4 mos experience

Key Highlights

  • Founder of Bountyy, addressing software vulnerabilities.
  • Over 150 confirmed bug bounty payouts.
  • Creator of Lonkero, an open-source web vulnerability scanner.
Stackforce AI infers this person is a Cybersecurity expert specializing in offensive security and vulnerability management.

Contact

LinkedIn

Skills

Core Skills

Penetration TestingEthical HackingVulnerability Research

Other Skills

PentestingBug bountyProject ManagementFront-end DevelopmentSystem AdministrationPhishingSocial EngineeringPHPCSSJavaScriptMySQLHTML5BashPythonOpenVZ

About

CVE-2026-28230 \ CVE-2019-1568 \ Azure APIM Cross-Tenant Signup Bypass (MSRC) \ Creator of Lonkero – Open Source Web Vulnerability Scanner \ +150 Confirmed Bug Bounty Payouts \ Clarified Security – Hands-on Hacking Advanced \ Nokia Hackathon Special Mention 2020 \ Responsible Disclosures: Microsoft, Akamai, NCSC-FI, CERT-SE, BSI, CISA, GR-CERT, Pindora, Earth2.io, Wärtsilä, Ministry for Foreign Affairs of Finland Ethical Hacking / Penetration Testing / Web Application Security / API Security / Cloud Security / Vulnerability Research / Bug Bounty / Social Engineering / Spear Phishing / Security Breach Analysis / Forensics / Malware Analysis / Security Awareness Training Passionate about offensive security and building tools that make the internet safer. Open to consulting opportunities and security research collaborations. {"@context":"https://schema.org","@type":"Person","jobTitle":"Cybersecurity Consultant","worksFor":{"@type":"Organization","name":"Bountyy Oy","url":"https://bountyy.fi"},"knowsAbout":["Penetration Testing","Vulnerability Research","Cloud Security","API Security"],"hasCredential":[{"@type":"EducationalOccupationalCredential","name":"Hands-on Hacking Advanced","recognizedBy":{"@type":"Organization","name":"Clarified Security"},"dateCreated":"2019"}],"award":["CVE-2019-1568","Nokia Hackathon Special Mention 2020","Azure APIM Cross-Tenant Signup Bypass (MSRC/CERT-FI 2025)"],"hasOccupation":{"@type":"Occupation","name":"Penetration Tester","occupationalCategory":"15-1212.00","responsibilities":"Web application penetration testing, API security assessment, cloud security review, vulnerability research, source code review, mobile application security testing","qualifications":"150+ validated bug bounty payouts 2020-2026. Responsible disclosures to Microsoft, Akamai, NCSC-FI, CERT-SE, BSI, CISA, GR-CERT, Wärtsilä, Ministry for Foreign Affairs of Finland. Developer of Lonkero, open-source web vulnerability scanner with 60+ attack modules."}}

Experience

7 yrs 4 mos
Total Experience
1 yr 6 mos
Average Tenure
1 yr 3 mos
Current Experience

Sitowise

Cyber Security Lead

Apr 2025Present · 1 yr

  • Responsible for shaping and executing the Digital Business Unit’s cybersecurity strategy, applying NIST-aligned frameworks, threat modeling, and risk management across projects. Focused on integrating security into DevSecOps, secure SDLC, cloud, API, and penetration testing, ensuring digital products are resilient, compliant, and secure while supporting business growth.

Bountyy

Chief Executive Officer

Jan 2025Present · 1 yr 3 mos · Vantaa, Uusimaa, Finland

  • I started Bountyy because I got tired of seeing the same vulnerabilities in the wild that I’d been finding in bug bounties for years.
  • 130+ confirmed rewards. Published CVEs. 7 years breaking into things professionally before anyone gave me permission to.
  • At some point you stop asking why companies keep getting breached and start doing something about it.
  • Bountyy is offensive security that actually works. We find what attackers find – before they do. Web and API pentesting, vulnerability research, red team engagements. No templates. No checkbox security.
  • Real bugs. Real impact. Real fixes.
  • If your team builds software and ships it to the internet, we should talk.
Penetration TestingEthical Hacking

Aktia

Application Security Lead

Jan 2024Apr 2025 · 1 yr 3 mos · Helsinki Metropolitan Area

  • Application Security & DevSecOps
  • DORA Compliance & Regulatory Alignment
  • Threat Modeling & Risk Management
  • Secure SDLC & Code Reviews
  • Cloud & API Security
  • Penetration Testing & Vulnerability Management

Cgi

Senior Cyber Security Consultant

Dec 2022Jan 2024 · 1 yr 1 mo

  • Penetration testing
  • OSINT
  • Red Team
  • Social Enginering
  • Conducting security assessments through vulnerability testing and risk analysis
  • Performing both internal and external security audits

Op financial group

Cyber Security Specialist

Nov 2019Nov 2022 · 3 yrs

  • Penetration testing
  • Conducting security assessments through vulnerability testing and risk analysis
  • Performing both internal and external security audits

Optimesys

Senior Cyber Security Analyst

Apr 2019Jul 2019 · 3 mos · Espoo, Southern Finland, Finland

  • Security incident response team training
  • Purple Team & kill chain defenses
  • Defeating advanced adversaries
  • Penetration testing
  • Spear phishing
  • Social engineering
  • Assist with the development of incident response plans, workflows, and SOPs
  • Decipher attack motivations and techniques by correlating threat data from various sources to complete a comprehensive picture of potential cyber-attacks
  • Deploy and maintain security sensors and tools
  • Monitor security sensors and review logs to identify intrusions
  • Use high-level scripting/programming language to extract, de-obfuscate, or otherwise manipulate malware related data
  • Review vulnerabilities and track resolution
  • Review and process threat intel reports
  • Develop and implement detection use cases
  • Develop and implement IDS signatures
  • Develop and implement threat intelligence data
  • Assist with incident response efforts
  • Create and brief customer reports
  • Perform customer security assessments

Multiple companies

Bug Bounty Hunter

Jan 2019Present · 7 yrs 3 mos

  • Discovery and exploitation of security vulnerabilities through private and public bug bounty programs (HackerOne, Intigriti, Bugcrowd).
PentestingBug bountyPenetration TestingVulnerability Research

Elisa

Security Analyst

Jan 2019Apr 2019 · 3 mos · Pasila

  • Conducting security assessments through vulnerability testing and risk analysis
  • Performing internal security audits
  • Analyzing security breaches to identify the root cause
  • Continuously updating the company’s incident response and disaster recovery plans
  • Verifying the security of third-party vendors and collaborating with them to meet security requirements

Silverskin information security oy

IT Manager & Security Analyst

Jan 2018Jan 2019 · 1 yr · Helsinki

  • Managing information technology and computer systems
  • Controlling and evaluating IT and electronic data operations
  • Plan, organize, control and evaluate IT and electronic data operations
  • Design, develop, implement and coordinate systems, policies and procedures
  • Ensure security of data, network access and backup systems
  • Act in alignment with user needs and system functionality to contribute to organizational policy
  • Identify problematic areas and implement strategic solutions in time
  • Audit systems and assess their outcomes
  • Preserve assets, information security and control structures
  • Monitoring security access
  • Conducting security assessments through vulnerability testing and risk analysis
  • Performing both internal and external security audits
  • Analyzing security breaches to identify the root cause
  • Continuously updating the company’s incident response and disaster recovery plans
  • Verifying the security of third-party vendors and collaborating with them to meet security requirements

Education

Metropolia University of Applied Sciences

Cyber Security Specialization — Cyber/Computer Forensics and Counterterrorism

Jan 2018Jan 2019

Edupoli

Systems Specialist — Computer/Information Technology Administration and Management

Jan 2015Jan 2017

Stackforce found 100+ more professionals with Penetration Testing & Ethical Hacking

Explore similar profiles based on matching skills and experience

Michael Chitwood

Michael Chitwood

Founder / Security Researcher

at Unit 259 (Open Source Security Projects)

Minneapolis, United States15 yrs 6 mos exp
PowerShell for security automationRed Team OperationsSecurity Education & TrainingOpen Source Security ToolingExploit Development
Shweta Jaiswal

Shweta Jaiswal

Co-Founder

at SecureX360

Chicago, United States0 mo exp
Jiacheng(Gavin) Zhong

Jiacheng(Gavin) Zhong

Privacy Engineer - Red Team

at TikTok

United States2 yrs 7 mos exp
Security ResearchWeb SecurityPwnReverse EngineeringNetwork Security
Khetaram Mali

Khetaram Mali

Accumulated Expertise

at Career-Wide Experience

Barmer, India0 mo exp
Amaan Sid

Amaan Sid

Security Researcher

at Bugcrowd

Lucknow, India2 yrs 7 mos exp
CybersecurityBug hunting
KOUTORA Anicet

KOUTORA Anicet

CTF PLAYER 2025 top3

at ANCY

Maritime Region, Togo5 mos exp
Cybersecurity
Anatoliy Fedorenko

Anatoliy Fedorenko

Security Researcher

at NetNut.io

Haifa, Israel4 yrs 10 mos exp
Security ResearchPenetration TestingVulnerability AssessmentReverse EngineeringMalware Analysis
Karthik reddy Morapelly

Karthik reddy Morapelly

Cyber Security Analyst

at Pinnacle

Hyderabad, India0 mo exp