Resume

Ehsan Nezami
[Application Security Engineer - Cybersecurity Specialist - DevSecOps]
[ehsan@nezami.me][ehsan.nezami@owasp.org] [nezami.me


SUMMARY
Cyber Security Team Lead with expertise in Application Security, DevSecOps, IAM, Penetration Testing, and Governance, Risk, and Compliance. Proven track record in integrating security into development cycles, performing comprehensive penetration tests, streamlining workflows, and ensuring robust security postures. Adept at fostering a strong organizational cyber security culture to enhance awareness and resilience.


WORK EXPERIENCE

[2019] - [2024]
[Cyber Security Lead]
  • In my role as Cyber Security Lead at DigiKala, I lead a comprehensive security strategy covering application security, infrastructure security, IAM, DevSecOps, and penetration testing.
[2016] - [2019]
[Senior Security Consultant]
  • As the founder and Senior Security Consultant of my consulting project, I provide specialized security consulting services to a diverse range of enterprise clients, including those in banking, transportation, healthcare, and telecommunications.
[2017] - [Present]
[CYBERSECURITY RESEARCHER] [ZDRESEARCH LLC]
[ZDResearch (ZD) is an advanced vulnerability research / penetration testing team and I start working from 2017 as a Senior Security Researcher and Full Stack Developer] [zdresearch.com]
  • Exdemy (Online Training System with Automated DRM Service) [exdemy.com]
  • National Collegiate Cyber Defense Competition [zdresearch.com]
  • AntiPHP (Novel PHP Dynamic Sandbox and Malware Detector) [antiphp.com] [R&D Phase]
  • Scadapot ICS Honeypot Framework [https://scadapot.com/#slider]
[2016] - [2016]
[Senior Security Engineer]
  • At Faranegar, I served as a Senior Security Engineer, where I was instrumental in enhancing the company's digital security, particularly through extensive penetration testing.

[2015] - [Present]
[OWASP Contributor]
[Worked as IT Security Expert Volunteer, Open Source Developer, Security Researcher and contributor in OWASP Iran chapter.] [https://www.owasp.org/]
  • [Contributor of OWASP Nettacker Project - OWASP Nettacker is an open source software in Python language which lets you automated penetration testing and automated Information Gathering. This software can be run on Windows/Linux/OSX under Python.] [https://www.owasp.org/index.php/OWASP_Nettacker] [OWASP Honeypot]
  • [OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux.] [https://www.owasp.org/index.php/OWASP_Python_Honeypot]

[2014] - [Present]
[SECURITY RESEARCHER – VOLUNTEER] [OFFSEC RESEARCH OPEN COMMUNITY]
[Security Researcher at OFFSEC Research, First Iranian Cyber Security Magazine. Offensive cybersecurity researching group comprised of world-renowned hackers and security experts.] [offsec.ir]
  • Online Magazine
  • Security Researching
  • Blogging
  • First Annual Cyber Security Conferences
  • Workshop Organizing
[2013] - [2015]
[PENTESTER] [RED TEAM] [FREELANCE]
[Worked as penetration tester leader and red teamer with multiple companies, banks and datacenters]

[2010] - [2012]
[PENTESTER] [RED TEAM] [FREELANCE]
[Consultant and guides as security management for server email systems and penetration testing in CICT of Iran]

EDUCATION
[2016] – [2017]
[INFORMATION SECURITY TECHNOLOGY ENGINEERING] [uast.ac.ir INSTITUTE]
[Bachelor's degree]
[2009] – [2014]
[INFORMATION TECHNOLOGY ENGINEERING] [uast.ac.ir INSTITUTE]
[IT Associate Degree]
[2006]

[SOFTWARE TECHNOLOGY ENGINEERING] [Diploma]

CERTIFICATION
[2013]
Certified Ethical Hacker (CEH 7)

ACTIVITIES

·         Accepted for Black Hat Asia Arsenal 2019 [blackhat.com]
·         GSoC 2019 mentor (Google Summer of Code) [owasp.org]
·         OWASP Honeypot Leader [github.com]
·         OWASP Nettacker Contributor [github.com]
·         Sqlmap Contributor [github.com]
·         WPscan Contributor [github.com]
·         Organize OFFSECCONF 2017 [offsec.ir]
·         Organize Hack Dat Kiwi CTF 2015 [2015.hack.dat.kiwi]
·         Reverse engineering on PHP files [nezami.me]
·         Programming  full automate WIFI security testing tool with Python,QT,Zenity,Yad  (WPS/Crack)
·         make new Linux like Kali with new squash files and boot also persistence mode capability
·         Configuration of ciphered currency mining systems using RIG and ASIC devices
·         Website Security Testing and Vulnerability Reporting :
       - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17220
       - https://nvd.nist.gov/vuln/detail/CVE-2019-17220?cpeVersion=2.2
       - https://www.exploit-db.com/exploits/17807/
-  https://cxsecurity.com/issue/WLB-2011050028
-  https://cxsecurity.com/issue/WLB-2012010230
-  https://cxsecurity.com/issue/WLB-2012040070
-  http://irfantoor.com/exploits/show?id=18045
- https://packetstormsecurity.com/files/154701/Rocket.Chat-Cross-Site-Scripting.html
- https://packetstormsecurity.com/files/100511/CMS-Of-Saudi-SQL-Injection.html
- https://packetstormsecurity.com/files/100516/W-Techno-Shell-Upload.html
- https://packetstormsecurity.com/files/100812/Saudisoftech-SQL-Injection.html
- https://packetstormsecurity.com/files/130588/vBulletin-4.2.2-Remote-Code-Injection.html
- https://vulners.com/zdt/1337DAY-ID-16027

EXPERTISE
Penetration Testing (White/Black Box) (Web, Mobile Apps, API, Network, etc.), Securing Services, Security Code Review, Research and Development, Monitoring and Network Security, Programming and Creating Tools, Data Integrity & Disaster Recovery, Backup Services, Virtualization & Cloud Technologies, Risk Assessment & Impact Analysis. 

HOBBIES
GitHub, CTF, writing code, listening to music, Watching movies, Driving, Social networks, and Thinking.

SKILLS
Application Security Engineer
Cybersecurity Specialist
DevSecOps
Penetration Testing
Web and Network Penetration Testing
Network Security Analysis
Compliance
Employee Training
Threat Analysis
Identity and Access Management (IAM)
XDR/EDR
Arduino Programming 
RF Hacking and Signal Analysis
Strategic Leadership
Continuous Improvement