a
asikuzzaman9

Asikuzzaman

@asikuzzaman9

Cyber Security Consultant, VAPT, IT Security Audit Specialist

Bangladesh
Inglés
Parte de la información aparece en idioma inglés.
Sobre mí
Welcome to a holistic, one-stop solution for fortifying your organization's digital assets. I am a seasoned Cybersecurity Consultant with proven experience in securing government infrastructures, corporate networks, and complex web applications. My approach bridges the gap between technical exploitation and strategic compliance, offering tailored assessments that go beyond basic scanning to provide actionable, high-impact security improvements. I combine hands-on technical expertise with a comprehensive understanding of industry regulations to protect your business from different threats.... Lee más

Habilidades

a
asikuzzaman9
Asikuzzaman
desconectado • 

Revisa mis servicios

Programación y tecnología
I will identify and fix security vulnerabilities with an advanced vapt
DeUSD 35 / proyectoMás información
Programación y tecnología
I will conduct an IT audit and risk assessment for your business
DeUSD 40 / proyectoMás información

Experiencia laboral

Security Analyst

Sami Tech Ltd. • Tiempo completo

Jan 2022 - Present4 yrs 4 mos

Comprehensive Security Assessments & Audits: - Conducted holistic security engagements encompassing both Vulnerability Assessment & Penetration Testing (VAPT) and IT Audits for diverse clients, including critical government infrastructures and enterprise organizations. - Performed ISO 27001, PCI DSS, and GDPR compliance audits, including full gap analyses, policy reviews, and implementation guidance for Information Security Management Systems (ISMS). - Executed configuration and architecture reviews for network devices (firewalls, routers, switches) to ensure hardening against attacks and alignment with best practice benchmarks. Technical Vulnerability Assessment & Penetration Testing: - Delivered comprehensive VAPT for high-value targets, including two government websites, utilizing both black-box and white-box methodologies to identify and exploit vulnerabilities across networks, servers, and web applications. - Mapped findings to industry standards such as the OWASP Top 10, uncovering critical flaws including SQL Injection, XSS, CSRF, and authentication bypasses. - Leveraged industry-standard tools (Burp Suite, Nessus, Acunetix, Nmap, Metasploit) for automated scanning, while manually validating results to eliminate false positives and uncover complex business logic flaws. Policy, Governance & Risk Management: - Assessed and enhanced security policies, access controls, and user privilege frameworks to strengthen overall governance and reduce the organization's attack surface. - Provided strategic consulting to management on IT risk management, governance, and the effectiveness of existing security measures (firewalls, IDS/IPS). -Evaluated Disaster Recovery (DR) and Business Continuity Planning (BCP) to ensure organizational resilience against potential security incidents. DevSecOps & Remediation: Fostered a DevSecOps culture by collaborating directly with development teams to reproduce, understand, and effectively remediate identified vulnerabilities.