a
asikuzzaman9

Asikuzzaman

@asikuzzaman9

Cyber Security Consultant, VAPT, IT Security Audit Specialist

Bangladesh
Engels
Sommige informatie wordt in het Engels weergegeven.
Over mij
Welcome to a holistic, one-stop solution for fortifying your organization's digital assets. I am a seasoned Cybersecurity Consultant with proven experience in securing government infrastructures, corporate networks, and complex web applications. My approach bridges the gap between technical exploitation and strategic compliance, offering tailored assessments that go beyond basic scanning to provide actionable, high-impact security improvements. I combine hands-on technical expertise with a comprehensive understanding of industry regulations to protect your business from different threats.... Lees meer

Skills

a
asikuzzaman9
Asikuzzaman
offline • 

Bekijk mijn diensten

Programmering en technologie
I will identify and fix security vulnerabilities with an advanced vapt
VanafUS$ 35 / projectMeer informatie
Programmering en technologie
I will conduct an IT audit and risk assessment for your business
VanafUS$ 40 / projectMeer informatie

Werkervaring

Security Analyst

Sami Tech Ltd. • Fulltime

Jan 2022 - Present4 yrs 4 mos

Comprehensive Security Assessments & Audits: - Conducted holistic security engagements encompassing both Vulnerability Assessment & Penetration Testing (VAPT) and IT Audits for diverse clients, including critical government infrastructures and enterprise organizations. - Performed ISO 27001, PCI DSS, and GDPR compliance audits, including full gap analyses, policy reviews, and implementation guidance for Information Security Management Systems (ISMS). - Executed configuration and architecture reviews for network devices (firewalls, routers, switches) to ensure hardening against attacks and alignment with best practice benchmarks. Technical Vulnerability Assessment & Penetration Testing: - Delivered comprehensive VAPT for high-value targets, including two government websites, utilizing both black-box and white-box methodologies to identify and exploit vulnerabilities across networks, servers, and web applications. - Mapped findings to industry standards such as the OWASP Top 10, uncovering critical flaws including SQL Injection, XSS, CSRF, and authentication bypasses. - Leveraged industry-standard tools (Burp Suite, Nessus, Acunetix, Nmap, Metasploit) for automated scanning, while manually validating results to eliminate false positives and uncover complex business logic flaws. Policy, Governance & Risk Management: - Assessed and enhanced security policies, access controls, and user privilege frameworks to strengthen overall governance and reduce the organization's attack surface. - Provided strategic consulting to management on IT risk management, governance, and the effectiveness of existing security measures (firewalls, IDS/IPS). -Evaluated Disaster Recovery (DR) and Business Continuity Planning (BCP) to ensure organizational resilience against potential security incidents. DevSecOps & Remediation: Fostered a DevSecOps culture by collaborating directly with development teams to reproduce, understand, and effectively remediate identified vulnerabilities.