Türkiye
I am a Senior Cyber Security Consultant at PwC, specializing in Red Team operations and deep-dive penetration testing. My background is rooted in vulnerability research, a journey that began in 2012 as an independent researcher and has since evolved into a career focused on high-impact security analysis and exploit development. Currently, my primary focus is on integrating Artificial Intelligence into offensive security workflows. I am actively working to leverage AI to automate complex security tasks, ranging from intelligent vulnerability discovery to the development of autonomous agentic systems that emulate sophisticated threat actors. My goal is to codify the 'off-the-beaten-path' researcher mindset I have cultivated over a decade, developing intelligent agents that transcend human limitations to identify and analyze critical security exposures at an exponential scale.
• Vulnerability Research: Focused on deep-dive vulnerability discovery and research methodologies. • Penetration Testing: Executing comprehensive assessments across diverse and complex tech stacks. • Red Teaming: Leading TTP-based adversary simulations and sophisticated offensive operations. • Attack Surface Management: Managing enterprise-wide asset discovery and exposure analysis. • Application Security: Securing complex software lifecycles through robust technical standards. • Cloud Security: Performing technical evaluations for AWS, Azure, and Google Cloud platforms. • Infrastructure Security: Conducting assessments for Active Directory enterprise systems. • Threat Modeling: Analyzing potential attack vectors through intelligence-driven threat modeling. • DDoS Resilience: Testing and developing mitigation strategies for high-availability infrastructures. • Compliance Assessments: Performing framework-based audits for GDPR, ISO 27001, and NIST. • Risk Management: Developing strategic roadmaps utilizing NIST RMF and FAIR methodologies. • Security Architecture: Reviewing and designing resilient enterprise-level security frameworks. • Cybersecurity Due Diligence: Providing technical assessments for strategic mergers and acquisitions. • Social Engineering: Executing authorized human-centric security simulations and awareness. • Team Leadership: Leading technical teams and managing complex cybersecurity engagements. • Project Management: Coordinating resource planning and delivery for high-stakes projects. • General Consulting: Providing strategic cybersecurity guidance to organizations in critical sectors.
• Target Intelligence: Performing deep attack surface mapping on large-scale global targets. • Attack Surface Management: Executing continuous asset discovery and external exposure analysis. • Vulnerability Research: Conducting deep-dive research into proprietary and open-source stacks. • Zero-Day Research: Investigating undisclosed vulnerabilities in widely used enterprise software. • Automation & Tooling: Developing specialized scripts for continuous monitoring and scanning. • Attack Methodologies: Developing novel exploitation techniques for hardened target systems. • Exploit Chaining: Developing multi-stage exploit chains across complex application architectures. • Logic & Architecture: Analyzing distributed microservices for systemic and business logic flaws. • PoC Development: Delivering actionable Proof-of-Concepts and strategic remediation guidance. • Team Collaboration: Coordinating with product teams to validate and resolve security findings.
• General Consulting: Providing strategic cybersecurity guidance to diverse enterprise clients. • Penetration Testing: Performing multi-vector security assessments across various tech stacks. • Vulnerability Research: Investigating and documenting undisclosed flaws in complex systems. • Active Directory: Auditing and hardening enterprise Active Directory infrastructures. • DDoS Resilience: Assessing and improving infrastructure availability against DDoS threats. • Cloud Security: Evaluating security postures for multi-cloud platform deployments. • Social Engineering: Executing authorized human-centric security simulations and training. • Lifecycle Management: Coordinating end-to-end security testing and reporting lifecycles. • Methodology Design: Developing standardized offensive security frameworks and workflows. • DevSecOps: Integrating security controls into CI/CD pipelines and software lifecycles. • Technical Mentorship: Mentoring junior researchers and fostering internal technical growth.