Gliwice, Śląskie, Poland
Purple Heart
Conducting penetration tests and red-team exercises.
Writing articles, tutorials, and news in field of IT Security.
• Identifying and resolving advanced threats at the corporate SOC • Formulating and coordinating security teams for incident response • Providing requirements for securing IT systems across the entire company based on the knowledge of current and past TTPs (Tactics, Techniques, Procedures) used by attackers against the organization • Developing security policies, procedures, and continuity plans • Conducting forensic analyses, reverse engineering of malicious software, securing digital evidence (CFIR) for C-levels and courts • Designing and executing complex social engineering scenarios to enhance employees’ awareness and resilience against deceptive phishing practices • Utilizing the Microsoft Security platform, Nessus, and Microsoft Power Platform to automate threat response processes • Implementing XDR/SIEM using the Microsoft 365 environments (Defender XDR/Endpoint/Cloud, Purview, Sentinel, Entra, Exchange...)
• Building from scratch a corporate Security Operation Center (SOC) to handle internal and external threats • Implementing security metrics at both the enterprise and project levels to monitor and continually improve the security posture • Conducting security analysis and performing hardening of public cloud infrastructures (AWS and Azure) • Undertaking audits, coordinating penetration tests, and inspections to improve the security level for particular projects • Leading internal ISO 27001 services to ensure company’s information security management systems (ISMS) remains compliant
• Performing manual penetration tests, OSINT investigations and automated vulnerability scans of software, network services, network infrastructure, and IoT devices • Conducting security testing for large and small clients across many sectors, including banking, computer gaming, insurance, travel, machine learning, cloud computing, fintech, and medical • Analysing security posture and hardening of many applications (native/cloud/mobile/hybrid) and related infrastructure • Implementing security concepts and measures in agile teams • Creating secure software architectures, performing devsec-ops, and full-stack development (as a part of an agile dev team) • Providing technical expertise • Conducting IT security training and workshops • Conducting internal audits in line with ISO/IEC 27001:2013
• Designing security trainings (red vs blue team exercises) for the Polish military (with formal security clearance) • Creating from scratch three security trainings (with lab environments and exercises) for the world-class security conferences (Hack In The Box, 44CON, Hack In Paris, BruCON, DeepSec, CanSecWest, SINCON, Hackfest, SIGS, NorthSec...) • Taking part in multiple private bug hunting programmes (Microsoft, Rockstar Games, Riot Games, ...) • Auditing internal security procedures at ING Bank Śląski • Installation of surveillance systems and smart home devices • Game designing and scriptwriting • Writing articles, tutorials, and news in the field of IT Security for Securitum (publications available on https://sekurak.pl) • Co-author of the book „Bezpieczeństwo aplikacji webowych”
- IT Security Analys and Consulting - Full Stack Developer - R&D