Impactful Contributions
Centre For Cybersecurity
May 2023 - Present
As a Business Developer at the Centre for Cybersecurity, I've championed transformative growth. My strategic insights, coupled with a talent for nurturing partnerships, have not only amplified our educational prominence but also fostered a thriving cybersecurity community.
KPMG ( Penetration tester, Advisory, Risk consulting)
Feb 2023 - Apr 2023
- Conducted a comprehensive range of security assessments for diverse clients, encompassing API VAPT, Network VAPT, Web VAPT, source code review, and Mobile VAPT.
- Utilized advanced methodologies (including regulatory-driven assessments like CBEST, and TBEST) and an array of tools such as Netspeaker, Burpsuite professional, Nessus, Frida, Postman, checkmark, various Kali Linux, open-source tools, and manual testing (e.g., address bar tampering) to conduct penetration testing.
- Provided detailed and insightful remediation recommendations based on complex system analysis and meticulous testing.
- Developed expertise in utilizing OSWASP and other industry-standard practices to assess and mitigate security risks.
Gained practical experience and enhanced technical skills in the constantly evolving field of cybersecurity, thereby demonstrating a strong commitment to professional development.
What I do at KPMG
SECURITY CONSULTANT (SSS)
March 2022 - June 2022
Unable to share information on this role due to NDA (non-disclosure agreement)
CyberProof ( SOC Analyst)
September 2021 - February 2022
Being a SOC analyst at CyberProof exposed me to the world of security operations in the enterprise environment with the skills, tactics, techniques, and procedures(TTPs) to tackle highly complex tasks using powerful tools such as Splunk, Azure Sentinel, and Q-Radar, as well as various managed detection and response tools such as SentinelOne. I also had the chance to communicate with global customers and prepare high-quality, detailed, synthesized security reports, metrics, & recommendations for them. I am also grateful to have had the chance to be team lead for 10 L1 soc analysts which allowed me to cultivate my leadership, communication, and planning skills.
All in all, my learning experience in UST, CyberProof has been a fulfilling and satisfying one as I not only had the chance to upgrade my technical skills, but I was also able to level up my soft skills.
what I do:
• Analyze security events & alerts from CDC(Cyberproof Defense center) and various SIEM(Security Information & Event Management) such as Splunk, Q-radar, and Azure sentinel. MDR( Managed Detection and Response), cloud-based EDR(Endpoint Detection & Response), Next-generation Anti-Virus and Firewalls platforms.
For global customers 24x7.
• Provide Incident Analysis & validation, triaging, IR(Incident response), Malware assessment, IOC extraction, and false-positive isolation.
• Prepare high-quality detailed synthesized security reports, metrics & recommendations for relevant stakeholders.
• Perform threat hunting activities and vulnerability scanning via MITRE ATT&CK Framework.
• Stayed updated on the latest vulnerabilities while ensuring that current tools are up to date.
• Enrich observables into company proprietary A.I to accelerate security operations.
• Created integrated platform and scripts to accelerate investigations and increase threat visibility.
• Lead a team to provide timely & accurate responses to security alerts. Achieved best team KPI for fastest MTTR (mean time to respond).
My team :)
Defence threat analyst
Unable to share information on this role due to OSA (Official Secrets Act)