Jan 2024 – Present · 2 yrs 4 mos

• What I deliver**
• + Comprehensive vulnerability scanning (automated + manual)
• + Exploit simulation and validation testing
• + Risk ranking using CVSS scoring
• + Executive-level and technical reporting
• + Clear remediation steps and live consultation
• What this service includes:**
• Comprehensive assessment of IT & OT infrastructure, applications, and cloud environments
• Threat modeling and impact analysis aligned to business operations
• Control maturity review against **ISO 27001**, **NIST CSF**, and **IEC/ISA 62443**
• Risk register with prioritization based on likelihood, impact, and business value
• Practical remediation guidance that teams can implement
• Book 1:1 Call.
• Services:
• 1) Vulnerability Assessment & Penetration Testing (VAPT)
• 2) Risk assessment and Risk management

Aug 2020 – Aug 2024 · 4 yrs · Berlin, Germany · Hybrid

• Building Security in the Age of 5G, IoT, and AI
• Every project I take on has one goal — making technology more secure and resilient without slowing innovation.
• I recently helped design a 5G-enabled security framework for hospital systems, projected to reduce data breach risks by 40%. This work demonstrated how healthcare infrastructures can embrace next-gen connectivity safely while protecting patient data.
• I led IoT penetration testing on MQTT Brokers, addressing Stack Overflow and DoS vulnerabilities, achieving a 95% closure rate on high-risk findings. Additionally, I conducted security testing on nine Firestore APIs, identifying and resolving four critical flaws, which reduced security tickets by 30%.
• In the cloud domain, I deployed a secure Azure Machine Learning solution and built Jenkins-based DevSecOps pipelines within codeBeamer ALM to strengthen monitoring and compliance.
• My research into AI security involved developing Generative Models (WGAN, VAE, Autoencoders), improving data synthesis quality by 15% for safer ML environments.
• Finally, I performed ISO 27001 risk assessments across core business processes, implementing 10+ new controls to ensure full audit compliance. I’ve also deepened my knowledge of ISO 21434, TARA, and stakeholder-driven security concepts.
• For me, cybersecurity isn’t a checklist—it’s a continuous process of learning, testing, and designing with purpose.
• Key Skills
• Cybersecurity Governance & Compliance – ISO 27001
• Risk Assessment & Management – Threat modeling, MITRE ATT&CK, STRIDE
• Vulnerability Management – Penetration testing
• SOC & SIEM Operations – Splunk, Wazuh, QRadar
• Cloud & DevSecOps Security – Azure, AWS, Jenkins, CI/CD integration
• ICS/OT Security – Purdue Model
• Incident Response & Forensics
• AI & Machine Learning Security – WGAN, VAE, data synthesis improvement
• Policy & Audit – Governance documentation

Apr 2019 – Sep 2020 · 1 yr 5 mos · Cottbus, Brandenburg, Germany

• Research and programming of machine learning (Using Algorithm e.g. SVM, KNN, CNN, YOLO)

Jan 2019 – Dec 2020 · 1 yr 11 mos · Germany

• Hunting Threats and Strengthening Digital Resilience
• Cybersecurity has always been more than just defense to me—it’s about staying one step ahead of attackers.
• In one of my key projects, I led threat hunting and digital forensics operations that helped reduce the average time-to-detection for critical threats by 20%, significantly improving our organization’s overall security posture.
• My work involved malware analysis using BRO IDS and SIEM tools like Graylog within virtualized environments, where I monitored and investigated suspicious network activities. Beyond analysis, I explored how signals such as ADS-B and DCF77 could be captured using HackRF and GNU Radio, uncovering unique insights into radio-based communication security—a growing concern in aviation systems.
• To ensure long-term resilience, I contributed to updating internal security standards and best practices, aligning them with ISO 27001, ISO 27002, ISO 27036, and the NIST Cybersecurity Framework (SP 800-30). These updates helped create a stronger compliance and governance structure.
• One of my most rewarding tasks was drafting a guideline titled “Aviation Software Security Process”, designed to help teams integrate security principles into software development and risk management for aviation technologies.
• Through this project, I learned that proactive threat hunting isn’t just about detecting attacks—it’s about designing smarter, more adaptive systems that evolve faster than the threats themselves.
• Key Skills
• Digital Forensics & Incident Response (DFRI)
• Threat Hunting & Risk Management
• Malware Analysis (BRO IDS, Graylog SIEM)
• Radio Communication Security (HackRF, GNU Radio)
• ISO 27001 / 27002 / 27036 / NIST SP 800-30 Compliance
• Aviation Software Security
• Security Governance & Best Practices
• Endpoint Detection & Response
• Cyber Threat Intelligence

Jan 2019 – Aug 2020 · 1 yr 7 mos · Germany

• A passive attack: Working with in-house data analysis project with python to measure how securely data can be transferred to MSP430 micro-controller device to avoid ROP attack.

Jan 2015 – Oct 2017 · 2 yrs 9 mos · Sun Moon Star Tower 37, Dilkusha C/A, Dhaka - 1000

• Strengthening Cybersecurity from the Core of Banking Systems
• When I first joined the Internal Audit & Inspection Department, my mission was clear — to build trust in technology through risk-based cybersecurity and IT governance.
• I supported the Head of Internal Audit in developing a comprehensive IT risk assessment methodology and annual audit plan that reduced high-risk findings by 15% within a year. My work focused on aligning every IT control with Bangladesh Bank’s ICT security guidelines while enhancing operational resilience across all branch systems.
• Over the years, I conducted 12 full-scale IT and system audits, reviewing 65+ branches and remediating 100+ audit recommendations. These actions strengthened our compliance and improved the organization’s overall security posture by more than 20%.
• One of my proudest achievements was securing core banking infrastructure — from T24 systems to network endpoints — through strategic control implementation and targeted penetration testing. This initiative resulted in a 45% reduction in detected system vulnerabilities and helped define a new benchmark for secure IT operations within the bank.
• Beyond audits, I advised senior management on critical security issues, developed actionable risk treatment plans, and supported IT governance strategies that reduced platform risk by 25%. I also led internal awareness programs, conducting over 10 IT security training sessions that empowered 200+ employees to identify, report, and mitigate cyber risks.
• True cybersecurity isn’t just about technology—it thrives on learning, collaboration, and protecting digital trust.
• Key Skills:
• IT Audit & Risk Management
• Cybersecurity Governance
• Vulnerability Management
• Penetration Testing
• Core Banking Security (T24)
• Information Security Compliance
• ISO 27001 | NIST CSF | Bangladesh Bank ICT Guidelines
• Policy Development
• Security Awareness Training
• IT Infrastructure Review
• Internal & External Audit Coordination

Dec 2013 – Dec 2014 · 1 yr · Eunoos Trade Center 52-53, Dilkusha C/A, Dhaka

• 1. Perform and conduct Risk Based IT and Systems Audit as per Audit plan
• 2. Analyze and evaluate the accuracy of accounting systems and procedures
• 3. Review, develop and recommend changes in accounting systems and controls of a business
• 4. Check and inspect the accuracy of accounts receivable and payable ledgers
• 5. Ensure the IT systems are properly protected and is free from unauthorized access, illegal tempering and malicious actions.
• 6. Ensure an acceptable standard for security on all the Bank’s Servers, Workstations, Routers, Switches, Network, Core Banking System (BankUltimus) and other IT systems.
• 7. Analyze and recommend changes in internal audit controls
• 8. Ensure compliance with Bank’s policies, National policies and Bangladesh Bank guidelines on ICT securities
• 9. Prepare audit paperwork in accordance with standards and requirements
• 10. Establish working relationships with company’s staff, business partners and clients

Aug 2007 – Dec 2013 · 6 yrs 4 mos · Shaheb Bazar, Rajshahi Branch, Rajshahi, Bangladesh

• 1. Configure and maintain the organization's internal computer network.
• 2. Manage network security tools, e.g., firewall, anti-virus and intrusion detection systems.
• 3. Identify, troubleshoot, solve and document network connectivity and performance issues.
• 4. Install, configure and maintain network hardware, for example, Cisco routers and switches.
• 5. Implement and maintain emergency backup and restore systems for mission-critical network servers.
• 6. Regulate user access to sensitive files to protect against internal security breaches.
• 7. Supports server, network and desktop hardware, software and applications.
• 8. Performs technology needs analysis.
• 9. Create, update and implement ICT guideline, policies and procedures according to Bangladesh Bank’s ICT Guideline.
• 10. Implement and supervise Disaster Recovery site and Business Continuity Plan of the organization as per Bangladesh Bank’s rules and regulations.
• 11. Maintain detail inventory of the installed hardware and software in the organization. Generate various reports about ICT inventory, make assumption about the future hardware and software use and recommend to the top management.
• 12. Maintain log about daily ICT related problems, identify and provide solutions accordingly. Maintain vendor log to communicate with appropriate vendors to get solutions of critical hardware related problems.
• 13. Co-operate with internal, external and Bangladesh Bank’s ICT Audit team.
• 14. Prepare and monitor compliance with audit reporting requirements.

Apr 2006 – Aug 2007 · 1 yr 4 mos · Camellia House, 22 Kazi Nazrul Islam Avenue, Dhaka 1000

• 1. Develop software and ensure the product quality considering data processing and presentation to serve the organization’s daily operation.
• 2. Write, modify, integrate, test and maintain software codes as per requirement to ensure smooth and secure data transaction by following software development, error correction and fault tolerance standards and guidelines.
• 3. Prepare operation and technical manuals of the developed software.
• 4. Develop Web applications in developer language PHP, JavaScript, HTML, ASP.Net using Database MySQL, MS SQL.
• 5. Database design, development, administration and management using MySQL, MS SQL.
• 6. Mapping out the conceptual design for a planned database;
• 7. Installing and upgrading the database server and application tools
• 8. Allocating system storage and planning future storage requirements for the database system
• 9. Establishing the needs of users and monitoring user access and security;
• 10. Monitoring performance and managing parameters to provide fast responses to front-end users;
• 11. Considering both back-end organization of data and front-end accessibility for end-users;
• 12. Controlling access permissions and privileges;
• 13. Developing, managing and testing back-up and recovery plans;
• 14. Provide solutions to daily ICT related problems and log the issues for future decisions.
• 15. Supervise ICT infrastructure of the various branch offices of the organization.
• 16. Working under the direction of the Line Manager, responsible for reviewing internal, external and Bangladesh Bank’s IT audit report of multiple areas including Information Security, Network Security, IT Operations & related processes, Data Center Operations, System Implementations, Business Continuity & Disaster Recovery, Privacy and ensuring Compliance of the report.