Security Engineer · London, UK

Abdul
Mujeeb

Cloud Security Network Security AI Security Web App Pentesting DevSecOps Incident Response Disaster Recovery CI/CD Security Windows Server Linux — RHCSA/RHCE

5+ years securing multi-cloud environments (AWS, Azure, GCP), enterprise networks, and AI systems. CCNA & CCNP-level network engineering. Windows & Linux systems administration. Web application penetration testing. Incident response. From Cisco and Palo Alto firewall architecture to securing LLM pipelines and AI agents — I cover the full stack.

View Experience Contact Me
5+Years Experience
15+Certifications
AWS · Azure · GCPCloud Platforms
CCNA / CCNPNetwork Level
01

Profile

I am a Cloud, Network & AI Security Engineer with 5+ years of hands-on experience protecting enterprise infrastructure across AWS, Azure, and GCP — and a deep foundation in network engineering built from the ground up: routing protocols, switching, firewalls, and network architecture using Cisco and Palo Alto technologies.

My expertise spans the full security spectrum — from architecting Zero Trust networks and securing Kubernetes workloads, to conducting web application penetration tests and building defences against emerging AI threats including prompt injection, LLM data poisoning, and AI agent compromise.

I hold CCNA and CCNP-level knowledge in routing and switching, network security, and firewall architecture — complemented by 15+ certifications across cloud, ethical hacking, forensics, and compliance.

LocationLondon, United Kingdom
Email[email protected]
Phone+44 7308 667966
LinkedInlinkedin.com/in/abdul-m-116215171
☁️Cloud Security
🌐Network Security
🤖AI Security
🔍Penetration Testing
Areas of Expertise
Multi-Cloud Security Architecture — AWS, Azure, GCP
Enterprise Network Security — Cisco, Palo Alto, Fortinet
Routing Protocols — BGP, OSPF, EIGRP, RIP, MPLS
Firewall Architecture — NGFW, IDS/IPS, DMZ Design
AI & LLM Security — Prompt Injection, Agent Compromise
Web Application Penetration Testing — OWASP Top 10
DevSecOps & CI/CD Pipeline Security
SOC Operations & Incident Response
Zero Trust Architecture & IAM
Windows Server & Active Directory Administration
Incident Response & Disaster Recovery Planning
Compliance — ISO 27001, Cyber Essentials+, GDPR
03

Projects

🔵 Blue Team · SIEM Engineering
Microsoft Sentinel — Advanced Threat Detection Lab
Built a fully operational Microsoft Sentinel environment from scratch, engineering custom detection rules, SOAR playbooks, and a threat intelligence integration pipeline to detect real-world attack patterns mapped to MITRE ATT&CK.
Microsoft SentinelKQLSOAR MITRE ATT&CKLog AnalyticsAzure Defender XDRThreat Intelligence
Objective

Design and deploy a production-grade SIEM environment capable of detecting lateral movement, credential theft, command-and-control activity, and cloud-based attacks — with automated response playbooks that reduce mean time to respond (MTTR) from hours to minutes.

Architecture
  • Deployed a Log Analytics Workspace in Azure as the centralised data ingestion layer, connected to Microsoft Sentinel
  • Onboarded data connectors — Microsoft Defender for Endpoint, Microsoft 365 Defender, Azure Activity Logs, Azure AD Sign-In Logs, Syslog (Linux), Windows Security Events, and a custom CEF connector for Palo Alto firewall logs
  • Integrated MITRE ATT&CK framework tagging across all analytics rules for consistent TTP mapping
  • Connected Microsoft Threat Intelligence (MDTI) and deployed TAXII feeds for IOC enrichment
Detection Rule — Brute Force & Credential Stuffing (KQL)
// Detect multiple failed sign-ins followed by a success — Credential Stuffing
let failureThreshold = 10;
let timeWindow = 30m;
SigninLogs
| where ResultType != "0"
| summarize FailureCount = count(), 
            FailedIPs = make_set(IPAddress),
            Apps = make_set(AppDisplayName)
    by UserPrincipalName, bin(TimeGenerated, timeWindow)
| where FailureCount >= failureThreshold
| join kind=inner (
    SigninLogs
    | where ResultType == "0"
    | project UserPrincipalName, SuccessTime = TimeGenerated, SuccessIP = IPAddress
) on UserPrincipalName
| where SuccessTime between (TimeGenerated .. TimeGenerated + timeWindow)
| project UserPrincipalName, FailureCount, FailedIPs, SuccessIP, SuccessTime
Detection Rule — Lateral Movement via PsExec (KQL)
// Detect PsExec lateral movement — remote service creation
SecurityEvent
| where EventID == 7045  // New service installed
| where ServiceName matches regex @"PSEXESVC|[a-zA-Z]{6,8}"
| where ServiceFileName has_any ("%systemroot%\PSEXESVC.exe",
                                   "\\127.0.0.1\", "admin$")
| join kind=leftouter (
    SecurityEvent
    | where EventID == 4624 and LogonType == 3
    | project Computer, LogonTime = TimeGenerated, 
              SourceIP = IpAddress, Account
) on Computer
| where LogonTime between (TimeGenerated - 5m .. TimeGenerated + 2m)
| project TimeGenerated, Computer, ServiceName, SourceIP, Account
| extend MitreAttack = "T1570 - Lateral Tool Transfer"
SOAR Playbook — Automated Account Lockout Response
  • Sentinel Analytics Rule triggers high-severity incident on credential stuffing detection
  • Logic App playbook fires automatically — queries Entra ID for account risk level via Microsoft Graph API
  • If risk level is High or Medium: automatically disables the account, revokes all active sessions, and forces MFA re-registration
  • Posts incident details to a dedicated Microsoft Teams security channel with full context — user, IPs, timestamps, ATT&CK TTP mapping
  • Creates a ServiceNow ticket automatically with evidence bundle attached
  • MTTR reduced from average 47 minutes (manual) to under 3 minutes (automated)
Additional Detections Built
  • Impossible Travel — sign-in from two countries within 2 hours
  • Azure privilege escalation — new Owner role assignment outside change window
  • DNS over HTTPS (DoH) tunnelling detection via proxy logs
  • Scheduled task created by non-admin account (T1053.005)
  • High-volume email forwarding rules — potential BEC indicator
  • Malicious OAuth app consent — detecting risky third-party app permissions
Outcomes
12 custom detection rules 4 automated SOAR playbooks MTTR reduced to <3 min Full MITRE ATT&CK coverage mapped 6 data connectors integrated
🌐 Network Engineering · Security Design
Enterprise Network Topology — Full Stack Design & Implementation
Designed and implemented a full enterprise network from scratch — covering routing protocols, switching, VPN architecture, firewall deployment, and Zero Trust segmentation across a multi-site topology using Cisco and Palo Alto.
Cisco IOSPalo Alto NGFWBGP OSPFDMVPNIPSec MPLSZero TrustVLANs
Objective

Build a fully documented enterprise network topology simulating a company with a Head Office (London), two Branch Offices (Manchester, Edinburgh), and a DMZ hosting public-facing services — with full routing, switching, firewall, VPN, and security controls implemented end-to-end.

Topology Overview
  • Head Office (London) — Core layer with Cisco Catalyst L3 switches, Palo Alto PA-820 NGFW, ISP edge routers running BGP, internal OSPF area 0
  • Branch Offices — Cisco ISR routers, OSPF area 1 (Manchester) and area 2 (Edinburgh), connected to HO via DMVPN over internet with IPSec encryption
  • DMZ Zone — Dedicated Palo Alto security zone hosting web servers, email relay, and reverse proxy — strict inter-zone policy, no direct access to internal LAN
  • Data Centre — Cisco Nexus switches, VRF-Lite for tenant separation, BGP route reflector, MPLS backbone between sites
  • Internet Edge — Dual ISP with BGP for redundancy, AS path prepending for traffic engineering, full route filtering with prefix lists
Routing Protocol Stack
  • OSPF — Internal IGP across all sites. Multi-area design: Area 0 (backbone/core), Area 1 (Manchester stub), Area 2 (Edinburgh NSSA). LSA filtering at ABRs, virtual-link for area continuity. Authentication via MD5
  • BGP — EBGP to both ISPs for internet redundancy. IBGP full mesh within data centre, route reflectors to eliminate full mesh requirement. BGP communities for traffic engineering. AS path prepending for primary/secondary ISP failover
  • EIGRP — Legacy branch segments retained EIGRP. Full redistribution between EIGRP and OSPF with route-maps and metric manipulation to control path selection and prevent routing loops
  • MPLS — MPLS LDP across the data centre core. VRF-Lite providing full routing separation between departments (Finance, HR, Engineering) without separate physical infrastructure
VPN Architecture — DMVPN Phase 3 with IPSec
! Hub Router — HO London — DMVPN Phase 3 Config
interface Tunnel0
 ip address 10.100.0.1 255.255.255.0
 ip nhrp network-id 100
 ip nhrp map multicast dynamic
 ip nhrp redirect          ! Phase 3 — enables spoke-to-spoke shortcut
 tunnel source GigabitEthernet0/0
 tunnel mode gre multipoint
 tunnel key 100
 tunnel protection ipsec profile DMVPN_PROFILE
!
crypto ikev2 proposal IKEv2_PROP
 encryption aes-cbc-256
 integrity sha512
 group 20               ! ECDH 384-bit
crypto ipsec transform-set TSET esp-aes 256 esp-sha512-hmac
 mode transport          ! Transport mode over GRE tunnel
Firewall — Palo Alto NGFW Policy Design
  • Security Zones — Trust (LAN), Untrust (Internet), DMZ, Branch-VPN, Management — strict inter-zone policy, deny-all default
  • App-ID Rules — Application-based policies replacing port-based rules. Only explicitly permitted applications allowed. Unknown traffic blocked and logged
  • URL Filtering — Custom URL categories for finance and HR. Malware / phishing / C2 categories blocked across all zones
  • IPS Profile — Critical and high severity signatures set to block. Medium severity set to alert. Custom signatures for internal asset CVEs
  • SSL Decryption — Outbound SSL inspection for all trust-to-untrust traffic excluding banking/healthcare categories. Certificate pinned sites excluded
  • NAT Policy — Dynamic PAT for LAN outbound. Static NAT for DMZ web server. Policy NAT for branch-to-branch traffic over DMVPN
Switching & Layer 2 Security
  • VLAN segmentation — Finance (VLAN 10), HR (VLAN 20), Engineering (VLAN 30), Guest WiFi (VLAN 40), Management (VLAN 99)
  • Inter-VLAN routing via L3 Cisco Catalyst switches with SVIs — routed up to Palo Alto for security policy enforcement
  • Spanning Tree — Rapid PVST+ with PortFast on access ports, BPDU Guard enabled, Root Guard on uplinks
  • Port Security — maximum 2 MACs per access port, violation shutdown, sticky MAC learning on fixed workstations
  • DHCP Snooping and DAI enabled on all access VLANs — ARP inspection trusts only DHCP snooping binding table
  • Dot1x authentication on all wired access ports via Cisco ISE as RADIUS server
High Availability
  • Palo Alto Active/Passive HA pair at HO with sub-second failover — config sync and session sync enabled
  • HSRP on all L3 SVIs — primary switch preempts with higher priority, tracking interface state
  • Dual ISP BGP failover — primary ISP preference via local-pref 200, secondary via local-pref 100. Automatic failover on BGP session drop with BFD detection
  • DMVPN spoke routers configured with dual hub for redundancy — primary hub HO London, secondary hub Manchester DR site
Outcomes
3-site full mesh topology BGP + OSPF + EIGRP + MPLS DMVPN Phase 3 + IPSec AES-256 Palo Alto NGFW — 5 security zones Zero Trust segmentation Sub-second HA failover Full Layer 2 security stack
04

Work Experience

Cloud Security Engineer
Kurt Geiger
May 2023 – Present 📍 London

Leading cloud security and DevSecOps across AWS, Azure, and GCP. Responsible for securing the entire technology estate — from cloud workloads and container environments to CI/CD pipelines, network perimeters, and endpoint fleets. Reduced incident response time by 40% and pre-deployment critical vulnerabilities by 95%.

  • Designed and implemented multi-cloud Zero Trust security architecture embedding DevSecOps controls into CI/CD pipelines using Snyk, GitHub Advanced Security, and Trivy.
  • Built custom detections, correlation rules, and automated SOAR playbooks in Microsoft Sentinel and CrowdStrike Falcon — reducing MTTR by 40%.
  • Secured cloud networks via VPC design, Security Groups, Network ACLs, Private Endpoints, and micro-segmentation aligned to Zero Trust principles.
  • Implemented container and Kubernetes security for EKS, AKS, and GKE using Aqua Security, Twistlock, Falco, and Kubernetes RBAC with CIS Benchmarks.
  • Automated remediation workflows from AWS GuardDuty, Security Hub, and Azure Defender using SOAR playbooks — reducing manual analyst workload significantly.
  • Conducted threat modelling sessions using MITRE ATT&CK, STRIDE, and PASTA methodologies for new product launches and infrastructure changes.
  • Delivered endpoint compliance and data protection via Microsoft Intune, Defender XDR, and Purview — aligned to ISO 27001 and SOC 2.
  • Advised engineering teams on AI/LLM integration security risks including prompt injection, model data leakage, and supply chain threats.
AWSAzureGCPZero TrustSentinelCrowdStrikeKubernetesDevSecOpsMITRE ATT&CKAI Security
SOC Analyst L2
Bluecube Technology Solutions
Jul 2022 – May 2023 📍 Milton Keynes

Supporting 24/7 SOC operations and client security engineering across 150+ UK clients spanning retail, healthcare, legal, and finance sectors.

  • Led L2 alert triage and investigation across SentinelOne, Azure Sentinel, Microsoft 365 Defender, and Sophos — handling complex multi-stage attack chains.
  • Designed and deployed Azure cloud security architectures for SME and enterprise clients including Defender for Cloud, Conditional Access, and Privileged Identity Management.
  • Managed vulnerability lifecycle using Tenable Nessus — from scanning and prioritisation to patching coordination and risk acceptance documentation.
  • Executed phishing simulation campaigns using KnowBe4, reducing average client susceptibility rates by over 60%.
  • Investigated and responded to BEC, ransomware precursor activity, and insider threat incidents using Recorded Future threat intelligence.
  • Hardened client network perimeters including firewall rule reviews, VPN configurations, and DNS security using Cisco and Fortinet platforms.
SOCSentinelOneAzure SentinelNessusKnowBe4Firewall HardeningThreat Hunting
Information Security Specialist
Valent Projects
Feb 2022 – Jul 2022 📍 London

Providing strategic and operational security support to a consultancy serving journalists, activists, and NGOs — environments with elevated threat profiles requiring practical, risk-proportionate controls.

  • Led the organisation through Cyber Essentials certification and prepared technical evidence for Cyber Essentials Plus assessment.
  • Reviewed and redrafted security policies covering acceptable use, data handling, BYOD, and third-party access.
  • Designed and implemented endpoint protection using Jamf for macOS fleet management, full-disk encryption, and MDM policy enforcement.
  • Developed business continuity and disaster recovery plans tested through tabletop exercises.
  • Delivered tailored security guidance to high-risk individuals including journalists and human rights activists working in hostile environments.
Cyber Essentials+JamfPolicyBCP/DRRisk Assessment
Cyber Security Consultant
Cyber Armed Security
Apr 2021 – Feb 2022 📍 London

Conducting vulnerability assessments and web application penetration tests for clients across financial services, healthcare, and e-commerce.

  • Performed web application penetration testing against OWASP Top 10 — identifying SQLi, XSS, IDOR, broken authentication, and SSRF vulnerabilities.
  • Conducted internal and external network penetration tests including Active Directory attack paths, lateral movement, and privilege escalation scenarios.
  • Used Burp Suite Pro, Nmap, Nikto, Metasploit, and manual testing techniques to simulate real-world adversary behaviour.
  • Delivered executive-level and technical remediation reports with CVSS-scored findings, reproduction steps, and fix recommendations.
  • Performed vulnerability scanning using Nessus and Qualys — correlating findings to CVE databases and business risk context.
Web App PentestingOWASP Top 10Burp SuiteMetasploitNetwork PentestingAD Attacks
Security Analyst
Accenture
Oct 2018 – Dec 2019 📍 India

Enterprise security monitoring and incident response for large-scale client environments. The foundation — where I learned how systems truly break, how attackers operate, and how networks actually behave under pressure.

  • Monitored enterprise security events using QRadar SIEM, IDS/IPS systems, and File Integrity Monitoring across multi-tier environments.
  • Conducted network forensics with Wireshark — analysing packet captures to detect exfiltration, C2 communications, and lateral movement.
  • Applied MITRE ATT&CK framework to map attacker TTPs and improve detection coverage.
  • Managed and maintained client network infrastructure including firewalls, VPNs, load balancers, and SIEM rule tuning.
  • Utilised deep TCP/IP, LAN/WAN, DNS, SMTP, and HTTP/S knowledge to correlate anomalous network behaviour with security incidents.
QRadar SIEMWiresharkNetwork ForensicsMITRE ATT&CKTCP/IPIDS/IPS
05

Technical Skills

Cloud Security
Multi-Cloud Platforms
Azure SentinelDefender for Cloud AWS GuardDutySecurity Hub MacieControl Tower GCP Security Command CenterEntraIDIAM
Network Security
Routing, Switching & Firewalls
Cisco IOSPalo Alto NGFW Fortinet FortiGateBGP OSPFEIGRPMPLS VLANs / STPIPSec VPN SD-WANDMZ Design
AI & LLM Security
Emerging AI Threats
Prompt Injection DefenceLLM Data Poisoning AI Agent SecurityRAG Security Model Supply Chain RiskOWASP LLM Top 10 MLOps SecurityAI Red Teaming
Web Application Security
Penetration Testing
Burp Suite ProOWASP Top 10 SQLi / XSS / IDORSSRF / XXE Broken AuthAPI Security Testing MetasploitNmapNikto
DevSecOps & CI/CD
Pipeline Security
SnykGitHub Advanced Security TrivyAzure DevOps JenkinsTerraform CloudFormationPolicy-as-Code
Container & Kubernetes
Container Security
Aqua SecurityPrisma Cloud TwistlockFalco EKS · AKS · GKE RBACCIS Benchmarks
SIEM, EDR & Detection
Security Operations
CrowdStrike FalconSentinelOne SplunkELK Stack QRadarSuricata WiresharkSOAR Playbooks
Identity & Endpoint
IAM & Endpoint Security
Active DirectoryAzure AD / EntraID Conditional AccessPIM IntuneDefender XDR JamfCyberArk PAM
Automation & Programming
Code & Scripting
PythonPowerShell BashAnsible TerraformKQL ARM Templates
Windows & Active Directory
Windows Systems
Windows Server 2016/2019/2022Active Directory Group Policy (GPO)DNS & DHCP PowerShellWSUS Event Log AnalysisRDP Hardening Windows DefenderBitLocker
Incident Response & Recovery
IR & Disaster Recovery
Incident Response LifecycleDigital Forensics Malware AnalysisMemory Forensics Log AnalysisChain of Custody BCP / DR PlanningTabletop Exercises AlienVault USMVirusTotal
Compliance & Governance
Frameworks & Standards
ISO 27001NIST CSF Cyber Essentials+GDPR CIS BenchmarksMITRE ATT&CK OWASP LLM Top 10
06

Certifications

Amazon Web Services
AWS
AWS Certified Security – Specialty
✓ Verified
Microsoft
Microsoft
Azure Security Engineer Associate
ID: I688-6147
✓ Verified
CSA
Cloud Security Alliance
Certificate of Cloud Security Knowledge (CCSK) v5
✓ Verified
CSA
Cloud Security Alliance
Certificate of Competence in Zero Trust (CCZT)
✓ Verified
Security Blue Team
Security Blue Team
BTL1 – Blue Team Level 1
ID: 462896193
✓ Verified
EC-Council
EC-Council
Computer Hacking Forensic Investigator (CHFI)
ID: ECC164793520
✓ Verified
Microsoft
Microsoft
Security Operations Analyst Associate
ID: I381-8167
✓ Verified
MITRE
MITRE ATT&CK
Foundations of Operationalizing MITRE ATT&CK
Issued Mar 2023
✓ Verified
EC-Council
EC-Council
Certified Ethical Hacker (CEH)
ID: ECC5309187246
✓ Verified
Microsoft
Microsoft
Information Protection Administrator Associate
ID: I451-2289
✓ Verified
Amazon Web Services
AWS
AWS Certified Cloud Practitioner
✓ Verified
Microsoft
Microsoft
Microsoft Azure Fundamentals (AZ-900)
ID: I686-0425
✓ Verified
Amazon Web Services
AWS
AWS Solutions Architect
✓ Verified
CompTIA
CompTIA
CompTIA Security+
COMP001022048618
✓ Verified
AttackIQ
AttackIQ
Foundations of Breach & Attack Simulation
Issued Mar 2023
✓ Verified
07

Education

MSc Information Security & Digital Forensics
University of East London
January 2020 – February 2022 · London, United Kingdom
IT LawDigital Forensics Computer SecurityInformation Security Network ForensicsKali Linux Burp SuiteWireshark MetasploitISO Standards NIST FrameworksMalware Analysis
Dissertation

Demonstrated the five phases of incident response — Preparation, Identification, Containment, Eradication, and Recovery — using AlienVault USM, VirusTotal, and Threat Miner. Produced a comprehensive end-to-end forensic analysis of a simulated multi-stage security incident, mapping findings to MITRE ATT&CK TTPs.

08

Knowledge Base

25Knowledge Domains
650+Topics Studied
CCNA · CCNPNetworking
AWS · Azure · GCPCloud
Linux · Win · MacOS Platforms
IR · Web AppSpecialisms
Currently Studying AI Red Teaming AI Blue Teaming Kubernetes Security Quantum Computing Security Post-Quantum Cryptography

A comprehensive record of every technology domain, protocol, tool, and concept I have studied in depth — from ground-up network engineering with Cisco and Palo Alto, to Linux systems administration, VPN architectures, and firewall platforms.

📶 1. Network Fundamentals — CCNA 40+ topics
Core Concepts
Communications & TypesBinary Language & ConvergenceIP Address ClassesSubnetting — FLSM & VLSMOSI Model (7 Layers)TCP/IP ModelRouter Physical StructureIOS Boot Process & Modes
Static & Basic Routing
Administrative DistanceLoad BalancingFloating Static RouteStatic Routing Configuration
RIP
RIPv1 vs RIPv2Route SummarizationPassive InterfaceUnicast RoutingInjecting Default RouteAuthentication
EIGRP
EIGRP Introduction & DUAL AlgorithmRoute SummarizationPassive InterfaceUnicast RoutingInjecting Default RouteAuthenticationRedistribution with RIPRedistribution across Different ASRoute Filtration
Additional Services
FHRP — HSRP / VRRP / GLBPIOS DHCP & Relay-Agent — DORA ProcessNTPDNSBasic Router & Switch SecurityTFTP ServerIP SLA MonitorTime-based ACLCabling
🌐 2. OSPF, BGP & MPLS — CCNP 45+ topics
OSPF — In Depth
Network Types — PTP / BMA / NBMARouter Types — DR / BDR / DROther / ABR / ASBR / IASBRLSA Type 1 — Router LSALSA Type 2 — Network LSALSA Type 3 — Summary LSALSA Type 4 — ASBR SummaryLSA Type 5 — External LSALSA Type 7 — NSSA ExternalArea Types — Stub / Totally Stub / NSSA / NSSA Stub / NSSA Totally StubRedistributionVirtual-LinkLSA3 SummarizationAuthenticationInjecting Default RouteMulti-Area CommunicationDetailed OSPF Operation & SPF Algorithm
BGP — In Depth
EBGP / IBGPIBGP Issues & SolutionsBGP Attributes — Weight / Local Pref / AS Path / MED / OriginBGP ParametersDistribute-list & Prefix-listBGP AuthenticationDirect & Non-Direct Connected NeighborsBGP Peer-GroupRoute ReflectorRoute SummarizationNext-Hop-SelfInjecting Default RouteBGP Design PatternsDetailed BGP Operation
MPLS
MPLS Foundation & LabelsVRF — Virtual Router & ForwarderVPNv4MPLS Label DistributionMPLS Traffic Engineering
🔀 3. Switching & VLANs — CCNA/CCNP 25+ topics
Switching Fundamentals
History of SwitchingEthernet Frame StructureVLANAccess / Trunk PortVTPPrivate VLANVLAN ACLs
Inter-VLAN Routing
Router with Physical InterfaceRouter on a StickL3 Switch
Spanning Tree & Redundancy
Spanning-Tree Protocol (STP)PortFastUplinkFastBackboneFastBPDU Guard / FilterRapid PVST+MST
Layer 2 Security
Port SecurityDot1x AuthenticationDHCP Snooping & DAIEtherChannel (LACP/PAgP)SPAN / RSPANStorm Control
📡 4. IPv6 12 topics
IPv6 Core
IPv6 Structure & FormatStatic & Dynamic RoutingAccess-listIPv6 Packet TypesEUI-64Global Unique AddressLocal Unique AddressMulticastLoopbackLink LocalOSPFv3BGP for IPv6
🛡️ 5. Cisco PIX / ASA 25+ topics
Core Configuration
Installation of ASAInterface ConfigurationTraffic Flow — Thru & To FirewallStatic & Default RoutesASA as DHCP / Relay-AgentNTP with AuthenticationManagement ProtocolsRedundant InterfacePort-ChannelRoute Tracking via SLAFile Backup & Recovery
Dynamic Routing on ASA
RIP with Auth & RedistributionEIGRP with Auth & RedistributionOSPF with Auth & RedistributionBGP with Auth & Redistribution
NAT
Dynamic NAT & Dynamic PATStatic NAT & Static PATBackup NAT with PATIdentity NATPolicy NAT
High Availability
FHRP — HSRP / VRRP / GLBPActive/Standby FailoverActive/Active FailoverMulti-Context / Security-ContextPhysical / Sub-interface / Shared InterfaceFailover with Multi-ContextZone-Based Firewall (ZBF)
🔥 6. Cisco FirePower — FTD / FMC 18 topics
Setup & Config
Installation of FTD / FMCCLI & GUI InitializationFTD Registration on FMCInterface ConfigurationStatic & Dynamic Routing ProtocolsInter-Zone Communication
NAT, VPN & HA
Auto-NATManual-NATHigh Availability
Next-Gen Features
Advanced ACPVPN ConfigurationGeo-Location BlockURL FilteringApplication Visibility Control (AVC)IPS — Intrusion Prevention
🦁 7. Palo Alto Firewall — NGFW 28 topics
Setup & Routing
Installation & GUI InitialisationInterface Config — IPv4/IPv6Inter & Intra-Zone CommunicationRIP with Auth & RedistributionOSPF — Multi-Area / Area Types / Virtual-Link / AuthBGP — EBGP/IBGP / Route Reflector / Next-Hop-Self / Summarization
NAT & VPN
DNAT / SNATDPAT / SPATU-Turn NATHigh AvailabilitySite-To-Site VPN (IPv4/IPv6)Multi-Vendor VPN
Next-Gen Firewall Features
APP-IDURL FilteringContent-IDUser-IDWildFireSSL DecryptionGlobalProtect
🔒 8. VPN Architectures 30+ topics
GRE & DMVPN
Point-to-Point GREmGRE — ManualDMVPN Phase IDMVPN Phase IIDMVPN Phase IIISingle & Dual Hub DMVPN
IPSec
Router to RouterRouter to ASA / ASA to ASARouter through ASA — LAN to LAN with NAT-TLAN to LAN without NAT-TIPv4 & IPv6 IPSecIPv6 over IPv4IKEv1 / IKEv2IPSec over PTPGRE — Tunnel & Transport ModeIPSec over PTPGRE — SVTIIPSec over DMVPNGET VPN
PKI & SSL VPN
RSA In DetailCA Server — Root & Intermediate CARoot Certificate / ID CertificateCertificate ChainTLS Handshake / Change Cipher / Alert / App Data RecordsSSL VPN — Remote AccessAnyConnect VPN
🐧 9. Linux — RHCSA / RHCE 60+ topics
Core Linux & Filesystem
Basic Commands & NavigationVi/Vim & Nano EditorsRunlevels & Systemd vs SysVinitOwnership & Permissions — chmod/chownFile System Hierarchy (FSH)Symlinks & HardlinksFdisk — Disk ManagementFIND / LOCATE / GREPBackup using cp / mv / rsync
Advanced Permissions & Users
ACLs — setfacl / getfaclAdvanced Permissions — SUID / SGID / Sticky BitSudoers File & ConfigurationUmask & PATH ManagementUser & Group Management — UID / GIDTypes — System / Regular / Root
System Administration
Process & Daemon Management (ps / top / kill)Cron Jobs & SchedulingArchive & Compression — tar / gzip / bzip2Shell Scripting — BashLVM — PV / VG / LVBoot Process — BIOS / UEFI / GRUB / Kernel InitSELinux — Enforcing / Permissive / MLS PoliciesTroubleshooting — Kernel Panic / fsck / Rescue ModeRPM & YUM / DNF Package Management
Networking & Services
Network Interface Config — ifconfig / ipSSH — Key Management & HardeningNTP ConfigurationPorts & ProtocolsAnsible — Playbooks / Vault / Roles / GalaxyNFS — Network File SharingFTP / SFTP / SambaDHCP ServerFirewall / iptablesDNSApache / NginxMySQL & MongoDBPostfix MailRAIDNagios / Zabbix MonitoringClustering & HAEthernet BondingHAProxy Load BalancerOpenVPNTomcatSAN / NASOS Hardening
🖥️ 10. Windows, macOS & Endpoint 25+ topics
Windows Server & AD
Windows Server 2016 / 2019 / 2022Active Directory — Installation & ConfigGroup Policy (GPO) ManagementDNS & DHCP on WindowsWSUS — Patch ManagementEvent Log AnalysisRDP HardeningPowerShell for SecurityWindows Defender & FirewallBitLocker EncryptionNTFS PermissionsTask Scheduler
macOS Administration
macOS ArchitectureFinder & TerminalUser & Group ManagementFileVault Full-Disk EncryptionGatekeeper & XProtectSystem Integrity Protection (SIP)Jamf — MDM & Fleet ManagementmacOS Firewall ConfigurationKeychain & Certificate ManagementSpotlight & Activity MonitorTime Machine BackupsHomebrew Package Management
Endpoint Security
Endpoint Detection & Response (EDR)Microsoft Intune — MDM/MAMDefender XDRCrowdStrike Falcon AgentSentinelOne AgentBaseline Hardening — CIS BenchmarksPatch Management Lifecycle
☁️ 11. AWS Security — Specialty + Solutions Architect 50+ topics
Identity & Access
IAM — Users / Groups / Roles / PoliciesIAM Policy Types — Identity / Resource / Permission BoundaryService Control Policies (SCPs)AWS Organizations & Control TowerAWS SSO / Identity CenterCognito — User Pools & Identity PoolsCross-Account Access & Role AssumptionAttribute-Based Access Control (ABAC)
Network Security
VPC — Subnets / Route Tables / IGW / NAT GWSecurity Groups vs Network ACLsVPC Flow LogsPrivateLink & VPC EndpointsAWS Network FirewallWAF — Web Application FirewallAWS Shield Standard & AdvancedRoute 53 DNS SecurityCloudFront SecurityTransit Gateway Security
Data Protection & Encryption
AWS KMS — Key Management ServiceCloudHSMS3 Bucket Policies & ACLsS3 Encryption — SSE-S3 / SSE-KMS / SSE-CS3 Block Public AccessMacie — Data ClassificationSecrets Manager vs Parameter StoreCertificate Manager (ACM)Data Classification in AWS
Detection & Monitoring
GuardDuty — Threat DetectionSecurity Hub — Aggregation & ComplianceAmazon Inspector — Vulnerability ScanningAWS Config — Compliance RulesCloudTrail — API Logging & AuditCloudWatch — Metrics / Alarms / LogsEventBridge — Security AutomationAmazon Detective — InvestigationVPC Traffic Mirroring
Incident Response & Governance
Incident Response in AWS — PlaybooksForensic Investigation in AWSAWS Audit ManagerTrusted Advisor — Security ChecksAWS BackupDisaster Recovery Strategies — Pilot Light / Warm Standby / Multi-SitePenetration Testing Policy in AWSCompliance Frameworks — PCI DSS / HIPAA / SOC 2 in AWSWell-Architected Framework — Security Pillar
Container & Serverless Security
EKS Security — RBAC / Pod Security / Network PoliciesECR — Image ScanningLambda Security — Execution Roles / VPCECS Task IAM RolesAWS Fargate SecurityAPI Gateway Security — Auth / Throttling / WAF
🔷 12. Azure Security — AZ-500 + AZ-900 50+ topics
Identity & Access — Entra ID
Azure AD / Entra ID ArchitectureUsers / Groups / Service Principals / Managed IdentitiesAzure RBAC — Roles / Scopes / AssignmentsConditional Access PoliciesMulti-Factor Authentication (MFA)Self-Service Password Reset (SSPR)Privileged Identity Management (PIM)Azure AD Identity ProtectionPassword Protection & Smart LockoutB2B & B2C CollaborationAzure AD Connect — Hybrid IdentitySeamless SSO & Pass-Through Auth
Network Security
Virtual Network (VNet) — Subnets / PeeringNetwork Security Groups (NSGs)Application Security Groups (ASGs)Azure Firewall — DNAT / SNAT / Network RulesAzure Firewall Premium — IDPS / TLS InspectionDDoS Protection StandardAzure Front Door & WAFPrivate Endpoints & Private LinkService EndpointsVPN Gateway — Site-to-Site / P2SExpressRoute SecurityBastion Host
Data & Key Management
Azure Key Vault — Keys / Secrets / CertificatesAzure Disk Encryption — ADE / SSEStorage Account Security — SAS / Access Keys / Private EndpointsAzure Information Protection (AIP)Microsoft Purview — Data GovernanceSQL Database — TDE / Always Encrypted / Dynamic Data MaskingDefender for SQLStorage Firewall & Network Rules
Threat Protection & Monitoring
Microsoft Defender for Cloud — Secure ScoreDefender for Servers / Containers / App ServiceMicrosoft Sentinel — SIEM & SOARLog Analytics WorkspaceAzure Monitor — Metrics / Alerts / DashboardsDefender for Endpoint (MDE)Defender XDRMicrosoft Defender Vulnerability ManagementActivity Logs & Diagnostic SettingsWorkbooks & Hunting Queries in Sentinel
Governance & Compliance
Azure Policy — Definitions / Initiatives / AssignmentsManagement Groups & SubscriptionsAzure BlueprintsMicrosoft Defender for Cloud Regulatory ComplianceCost Management SecurityAzure Security BenchmarkISO 27001 / SOC 2 / PCI DSS in AzureCompliance ManagerSecurity Alerts & Recommendations
Container & Application Security
AKS Security — RBAC / Network Policies / Azure Policy for K8sAzure Container Registry (ACR) SecurityApp Service Security — Auth / TLS / Network RestrictionsAPI Management SecurityFunction Apps — Managed Identity / AuthDevOps Security — Azure DevOps / GitHub ActionsDefender for ContainersDefender for App Service
🟢 13. GCP Security 20+ topics
Identity & Network
IAM — Roles / Service Accounts / Workload IdentityOrganization PoliciesVPC Security — Firewall Rules / Private Google AccessVPC Service ControlsCloud Armor — WAF & DDoSCloud DNS SecurityIdentity-Aware Proxy (IAP)
Data & Detection
GCP Security Command Center (SCC)Cloud KMS & Cloud HSMCloud Audit LogsCloud Monitoring & LoggingContainer Analysis & Binary AuthorizationAssured WorkloadsChronicle SIEMBeyondCorp — Zero Trust
🎯 14. Certified Ethical Hacker — CEH 40+ topics
Reconnaissance
Footprinting & ReconnaissancePassive Reconnaissance — OSINTActive ReconnaissanceGoogle DorkingWHOIS / DNS EnumerationShodan & Maltego
Scanning & Enumeration
Network Scanning — NmapVulnerability Scanning — Nessus / QualysPort Scanning Techniques — SYN / FIN / XMASOS FingerprintingEnumeration — SNMP / LDAP / SMB / NFS
System & Network Attacks
System Hacking — Password Cracking / Privilege EscalationMalware Threats — Trojans / Viruses / Ransomware / RootkitsSniffing — Wireshark / Ettercap / ARP PoisoningSocial Engineering — Phishing / Vishing / PretextingDoS / DDoS Attacks & MitigationSession Hijacking — TCP / Cookie
Web & Application Attacks
Web Server Attacks — IIS / ApacheWeb Application Hacking — OWASP Top 10SQL Injection — Blind / Error / UnionXSS — Reflected / Stored / DOMCSRF / SSRF / XXE / IDORBroken Authentication & Session MgmtAPI Security Testing
Advanced Topics
Evading IDS / Firewalls / HoneypotsHacking Wireless Networks — WPA2 / WPA3Mobile Platform Security — Android / iOSIoT SecurityCloud Security AttacksCryptography — Symmetric / Asymmetric / HashingSteganography
🔬 15. Computer Hacking Forensic Investigator — CHFI 35+ topics
Investigation Fundamentals
Digital Forensics Investigation ProcessFirst Responder ProceduresChain of CustodyComputer Forensics Lab SetupLegal & Ethical ConsiderationsTypes of Evidence — Direct / Hearsay / Best
Data Acquisition & Analysis
Hard Disk & File System Forensics — FAT / NTFS / EXTData Acquisition — Live / DeadAnti-Forensics Techniques & Defeating ThemOS Forensics — Windows / Linux / macOS ArtefactsRegistry AnalysisVolatile Data Collection — RAM / Running Processes
Network & Application Forensics
Network Forensics — Packet AnalysisLog Analysis — IDS / Firewall / Web ServerInvestigating Web AttacksEmail Forensics — Header AnalysisDatabase ForensicsBrowser Forensics — Cache / History / Cookies
Specialised Forensics
Cloud Forensics — AWS / Azure Evidence CollectionMalware Forensics — Static & Dynamic AnalysisMobile Forensics — Android / iOSIoT ForensicsMemory Forensics — VolatilitySteganography DetectionIncident Reconstruction
Tools
AutopsyFTK — Forensic ToolkitVolatilityWiresharkAlienVault USMVirusTotalEnCaseCellebrite (Mobile)
🔵 16. Blue Team Level 1 — BTL1 & SOC Operations 30+ topics
Phishing Analysis
Email Header AnalysisURL & Attachment AnalysisSandboxing Suspicious FilesIdentifying Phishing IndicatorsReporting & Remediation
Threat Intelligence
Threat Intelligence LifecycleIOCs — Indicators of CompromiseMITRE ATT&CK Framework MappingThreat Feeds & Platforms — VirusTotal / MISP / OpenCTIDiamond Model & Kill ChainRecorded Future
SIEM Operations
Log Sources & IngestionAlert Triage & InvestigationWriting Detection RulesKQL — Kusto Query LanguageSPL — Splunk Query LanguageDashboard & ReportingAlert Fatigue & Tuning
Digital Forensics (SOC)
Artefact CollectionMemory & Disk TriageTimeline AnalysisBrowser & Registry Forensics
Incident Response
Incident Response Lifecycle — Preparation / Identification / Containment / Eradication / Recovery / Lessons LearnedSOAR Playbook AutomationEscalation ProceduresPost-Incident ReportingTabletop Exercises
☁️ 17. CCSK & CCZT — Cloud & Zero Trust 35+ topics
CCSK — Cloud Security Knowledge
Cloud Architecture — IaaS / PaaS / SaaSCloud Reference ArchitectureGovernance & Risk Management in CloudLegal & Compliance IssuesAudit & AssuranceInformation Management & Data SecurityInfrastructure SecurityVirtualisation & Container SecurityIncident Response in CloudApplication SecurityIdentity & Access ManagementSecurity as a Service (SECaaS)Related Technologies — DevSecOps / SIEM in Cloud
CCZT — Zero Trust
Zero Trust Concepts & PrinciplesZero Trust Architecture (ZTA)NIST SP 800-207 — Zero Trust ArchitectureIdentity-Centric SecurityNetwork-Centric Zero Trust — Micro-SegmentationData-Centric Zero TrustWorkload & Application SecurityDevice TrustContinuous Verification — Never Trust Always VerifyZero Trust Maturity ModelImplementing ZTA in CloudZero Trust in Hybrid Environments
📋 18. CompTIA Security+ & Compliance 30+ topics
Security+ Domains
Threats, Attacks & VulnerabilitiesSocial Engineering & PhishingMalware Types & IndicatorsApplication & Network AttacksCryptography & PKIWireless Security ProtocolsCloud & Virtualisation SecurityAuthentication & AuthorisationIncident Response ProceduresRisk ManagementGovernance, Risk & Compliance
Compliance Frameworks
ISO 27001 — ISMSNIST Cybersecurity Framework (CSF)Cyber Essentials & Cyber Essentials PlusGDPR — Data ProtectionCIS Controls & BenchmarksPCI DSSSOC 2HIPAAMITRE ATT&CK OperationalisationOWASP Top 10 & OWASP LLM Top 10
🤖 19. AI & LLM Security 20+ topics
AI Threat Landscape
OWASP LLM Top 10Prompt Injection — Direct & IndirectLLM Data PoisoningModel Inversion AttacksAI Agent Compromise & Tool AbuseRAG Security — Retrieval Augmented GenerationModel Supply Chain RiskInsecure Plugin DesignExcessive AgencyTraining Data Exposure
AI Security Controls
AI Red TeamingMLOps Security PipelineModel Access ControlOutput Filtering & GuardrailsAI Monitoring & ObservabilityAdversarial Robustness TestingResponsible AI & Model GovernanceSecuring AI APIsLLM in DevSecOps Pipelines
🔴 20. AI Red Teaming — Currently Studying 20+ topics
Adversarial AI Attacks
Prompt Injection — Direct & IndirectJailbreaking TechniquesAdversarial Examples & EvasionModel Extraction & InversionMembership Inference AttacksData Poisoning & Backdoor AttacksGradient-Based Attacks
LLM-Specific Red Teaming
Red Teaming LLMs — OWASP LLM Top 10Automated Red Teaming PipelinesMulti-Turn Attack ChainsSystem Prompt ExtractionContext Window ManipulationTool & Plugin Abuse in AgentsInsecure Output HandlingAI Supply Chain Attacks
Tooling & Frameworks
Garak — LLM Vulnerability ScannerPyRIT — Python Risk Identification ToolkitPromptBenchAI Red Team PlaybooksAzure AI Red Team Framework
🔵 21. AI Blue Teaming — Currently Studying 18+ topics
AI Defence Controls
Input Validation & Sanitisation for LLMsOutput Filtering & Content ModerationGuardrails — NeMo / Llama GuardPrompt Shield — Azure AISystem Prompt HardeningRate Limiting AI APIsLLM Firewalls
AI Monitoring & Detection
LLM Observability — Logging & TracingDetecting Prompt Injection AttemptsAnomaly Detection in AI OutputsAI SIEM IntegrationMonitoring AI Agent BehaviourAbuse Pattern DetectionModel Drift & Degradation Monitoring
Governance & Responsible AI
AI Risk Management Framework — NIST AI RMFResponsible AI PrinciplesModel Cards & TransparencyBias Detection & FairnessAI Incident Response PlaybooksEU AI Act Compliance
22. Kubernetes Security — Currently Studying 25+ topics
Cluster Hardening
CIS Kubernetes BenchmarksAPI Server Security — Auth / Audit Logsetcd Encryption at RestNode Security — OS Hardening / SeccompRBAC — Roles / ClusterRoles / BindingsService Account Least PrivilegeAdmission Controllers — OPA / Gatekeeper
Workload Security
Pod Security Standards (PSS)Pod Security Admission (PSA)Secrets Management — Vault / External SecretsContainer Image Scanning — Trivy / SnykSupply Chain Security — SLSA / Sigstore / CosignNetwork Policies — Calico / CiliumRuntime Security — Falco
Cloud K8s Platforms
EKS Security — IAM Roles for Service AccountsAKS Security — Azure Policy / Defender for ContainersGKE Security — Workload Identity / Binary AuthService Mesh Security — Istio mTLSKubernetes Secrets EncryptionMulti-Tenancy Security
⚛️ 23. Quantum Computing Security — Currently Studying 15+ topics
Quantum Fundamentals
Qubits & SuperpositionQuantum EntanglementQuantum Gates & CircuitsQuantum Algorithms — Shor's & Grover'sQuantum Key Distribution (QKD)
Post-Quantum Cryptography
Threat of Quantum to RSA & ECCNIST Post-Quantum Standards — CRYSTALS-Kyber / CRYSTALS-DilithiumLattice-Based CryptographyHash-Based SignaturesCrypto-Agility — Preparing for MigrationHarvest Now Decrypt Later (HNDL) AttacksTimeline of Quantum Threat
🔑 24. Authentication, IAM & Identity Protocols 30+ topics
Authentication Fundamentals
Authentication vs Authorisation vs Accounting (AAA)Factors — Something You Know / Have / ArePassword Hashing — bcrypt / Argon2 / PBKDF2Credential Stuffing & Brute Force DefenceMFA — TOTP / FIDO2 / Hardware KeysPasswordless Authentication
Identity Protocols
OAuth 2.0 — Authorization Code / Client Credentials / Device FlowOpenID Connect (OIDC) — ID Tokens / UserInfo / DiscoverySAML 2.0 — Assertions / Bindings / ProfilesSCIM — User ProvisioningJWT — Structure / Signing / Validation / Common AttacksPKCE — Proof Key for Code ExchangeToken Rotation & Refresh Token Security
SSO & Federation
Single Sign-On (SSO) ArchitectureEnterprise SSO — Azure AD / Okta / PingLDAP & Active Directory FederationWS-FederationCross-Domain SSOSSO Security Risks — Token Theft / Session Fixation
Advanced IAM
Zero Trust Identity — Continuous VerificationPAM — Privileged Access ManagementCyberArk / BeyondTrustJust-In-Time (JIT) AccessAttribute-Based Access Control (ABAC)Policy-Based Access Control (PBAC)Identity Governance & Administration (IGA)Decentralised Identity — W3C DIDs / Verifiable Credentials
⚙️ 25. DevSecOps — Shift Left Security 35+ topics
DevSecOps Fundamentals
DevSecOps Principles & CultureShifting Security LeftThreat Modelling in SDLC — STRIDE / PASTA / DREADSecurity Champions ProgrammeDevSecOps Maturity Model (DSOMM)OWASP SAMM — Software Assurance Maturity Model
CI/CD Pipeline Security
Pipeline Hardening — Least Privilege / Branch ProtectionSecrets Detection — GitLeaks / TruffleHog / GitHub Secret ScanningSAST — Static Application Security Testing — SonarQube / SemgrepDAST — Dynamic Application Security Testing — OWASP ZAP / Burp CISCA — Software Composition Analysis — Snyk / OWASP Dependency CheckContainer Image Scanning — Trivy / Grype / AnchoreIaC Security Scanning — Checkov / Terrascan / tfsecLicense Compliance Scanning
Supply Chain Security
Software Supply Chain Attacks — SolarWinds / XZ UtilsSLSA Framework — Supply Chain Levels for Software ArtefactsSBOM — Software Bill of MaterialsSigstore — Cosign / Fulcio / RekorDependency Pinning & VerificationArtefact Signing & VerificationPrivate Registry Security
Infrastructure & Platform
GitOps Security — ArgoCD / FluxPolicy-as-Code — OPA / ConftestInfrastructure as Code Security — Terraform / CloudFormationSecrets Management — HashiCorp Vault / AWS Secrets ManagerEnvironment Isolation — Dev / Staging / ProdRuntime Security — Falco / eBPFService Mesh — Istio / Linkerd mTLS
Toolchain
GitHub Advanced SecurityAzure DevOps SecurityGitLab Security ScanningJenkins SecurityKubernetes RBAC in CI/CDSecurity Gates & Quality GatesCompliance as Code
09

Resources

📋
Checklist
Multi-Cloud Security Architecture Checklist
Practical checklist for securing AWS, Azure, and GCP environments from day one.
 🌐
Guide
Network Security Hardening Guide
Step-by-step hardening for Cisco, Palo Alto, and Fortinet deployments — routing, VLANs, firewall rules, and VPN.
 🤖
Framework
AI & LLM Security Threat Model
Threat modelling framework for AI systems — covering prompt injection, agent compromise, RAG poisoning, and supply chain risks.
 🔍
Playbook
Web App Pentest Methodology
My personal pentest methodology for web applications — OWASP Top 10 mapped, with tooling and payload references.
 🗺️
Workbook
MITRE ATT&CK Detection Mapping
Ready-to-use workbook mapping detections to ATT&CK techniques across network, cloud, and endpoint.
 🎓
Study Notes
AWS Security Specialty Exam Notes
Condensed study notes and tips for the AWS Certified Security – Specialty exam.
10

Blog

01
AI Security
Apr 20258 min read
Securing AI Agents: Prompt Injection, Tool Abuse & the New Attack Surface

As autonomous AI agents proliferate across enterprise environments, attackers are learning to exploit them. Here's what the threat looks like and how to defend against it.

Read article
02
Network Security
Mar 20257 min read
Zero Trust Network Segmentation with Palo Alto NGFWs

A practical walkthrough of implementing micro-segmentation using Palo Alto security policies, App-ID, and User-ID to enforce least-privilege at the network layer.

Read article
03
Web App Pentesting
Feb 20256 min read
IDOR Vulnerabilities in 2025: Still Everywhere, Still Devastating

Insecure Direct Object Reference remains one of the most commonly missed and highest-impact vulnerabilities I find on engagements. Here's how to find them — and fix them.

Read article
08

Contact Me

Open to cloud security roles, network security positions, AI security consultancy, and penetration testing engagements. Let's talk.

Email[email protected]
📞
Phone+44 7308 667966
🔗
LinkedInlinkedin.com/in/abdul-m-116215171
CVDownload my CV (PDF)
What I Bring

A rare combination of deep network engineering knowledge, cloud security expertise, AI threat awareness, and practical offensive security experience — all in one hire.

Multi-cloud security architecture from first principles
Enterprise network design — routing, switching, firewall, VPN
AI & LLM security — threat modelling and red teaming
Web application and network penetration testing
DevSecOps — security built into pipelines, not bolted on
SOC leadership and incident response at enterprise scale
ISO 27001, Cyber Essentials+, GDPR compliance delivery