Adrian `Vizz` Michalczyk

#Cybersecurity #Pentesting #PurpleTeaming #Training | 15 years of professional experience |

Gliwice, Śląskie, Poland

About

Purple Heart

Experience

  • Senior Penetration Tester at ING Hubs Poland
    Aug 2024 - Present · 2 yrs

    Conducting penetration tests and red-team exercises.

  • Sekurak - Technical Article Writer at Securitum
    Nov 2013 - Present · 12 yrs 9 mos

    Writing articles, tutorials, and news in field of IT Security.

  • Future Processing (12 yrs 11 mos)
    • Senior Security Analyst and Threat Hunter (SOC L3)
      Jan 2023 - May 2024 · 1 yr 5 mos

      • Identifying and resolving advanced threats at the corporate SOC • Formulating and coordinating security teams for incident response • Providing requirements for securing IT systems across the entire company based on the knowledge of current and past TTPs (Tactics, Techniques, Procedures) used by attackers against the organization • Developing security policies, procedures, and continuity plans • Conducting forensic analyses, reverse engineering of malicious software, securing digital evidence (CFIR) for C-levels and courts • Designing and executing complex social engineering scenarios to enhance employees’ awareness and resilience against deceptive phishing practices • Utilizing the Microsoft Security platform, Nessus, and Microsoft Power Platform to automate threat response processes • Implementing XDR/SIEM using the Microsoft 365 environments (Defender XDR/Endpoint/Cloud, Purview, Sentinel, Entra, Exchange...)

    • Cybersecurity Team Leader
      Jan 2022 - Dec 2022 · 1 yr

      • Building from scratch a corporate Security Operation Center (SOC) to handle internal and external threats • Implementing security metrics at both the enterprise and project levels to monitor and continually improve the security posture • Conducting security analysis and performing hardening of public cloud infrastructures (AWS and Azure) • Undertaking audits, coordinating penetration tests, and inspections to improve the security level for particular projects • Leading internal ISO 27001 services to ensure company’s information security management systems (ISMS) remains compliant

    • Senior IT Security Engineer
      Jun 2014 - Dec 2021 · 7 yrs 7 mos

      • Performing manual penetration tests, OSINT investigations and automated vulnerability scans of software, network services, network infrastructure, and IoT devices • Conducting security testing for large and small clients across many sectors, including banking, computer gaming, insurance, travel, machine learning, cloud computing, fintech, and medical • Analysing security posture and hardening of many applications (native/cloud/mobile/hybrid) and related infrastructure • Implementing security concepts and measures in agile teams • Creating secure software architectures, performing devsec-ops, and full-stack development (as a part of an agile dev team) • Providing technical expertise • Conducting IT security training and workshops • Conducting internal audits in line with ISO/IEC 27001:2013

  • Owner at HackArt
    Mar 2017 - Dec 2021 · 4 yrs 10 mos

    • Designing security trainings (red vs blue team exercises) for the Polish military (with formal security clearance) • Creating from scratch three security trainings (with lab environments and exercises) for the world-class security conferences (Hack In The Box, 44CON, Hack In Paris, BruCON, DeepSec, CanSecWest, SINCON, Hackfest, SIGS, NorthSec...) • Taking part in multiple private bug hunting programmes (Microsoft, Rockstar Games, Riot Games, ...) • Auditing internal security procedures at ING Bank Śląski • Installation of surveillance systems and smart home devices • Game designing and scriptwriting • Writing articles, tutorials, and news in the field of IT Security for Securitum (publications available on https://sekurak.pl) • Co-author of the book „Bezpieczeństwo aplikacji webowych”

  • IT Security Consultant and Security Developer at Silesia Security Lab
    Jul 2014 - Dec 2021 · 7 yrs 6 mos

    - IT Security Analys and Consulting - Full Stack Developer - R&D