Abdul Wasay

Tel: Email: Abdul Wasay (92)-- Introduction • My passion is to know about latest trends In Information Security and applications to make them more secure. I like to find out Security Loop holes for their Elimination. • I have over 7 years of experience in information Security with renowned international certifications i.e. OSCP, CISM (Q), C)PTE and C)VA. I also acknowledged by several big giants i.e. Google, Microsoft, Oracle, GitHub, EC-Council and etc. for identifying vulnerabilities into their websites. • Currently working in A.F Ferguson (PwC) as an Assistant Manager in Technology Consulting & Risk Department. • My Cyber Security Consulting experience includes but not limited to Banking Sectors, Insurance Sectors, Education sectors, and as well as other National and Multi-National companies for Vulnerability Assessment & Exploitation of Systems, Web, Mobile, Desktop Applications and AWS Services. • My Consulting experience also includes Compromise Assessments, Incident Response, Risk Assessments, ISO 27001 Readiness, Forensics (imaging), Stress Testing and Malware Analysis. Education BS in Computer Science IQRA University 2016 Professional Certification • • • • • CISM (Certified Information Security Manager) OSCP (Offensive Security Certified Professional) C) PTE (Penetration Testing Engineering) C) VA (Certified Vulnerability Assessor) C) SS (Certified Security Sentinel) (Qualified) (Certified) (Certified) (Certified) Acknowledgements Google Security Researcher Acknowledgement Microsoft Security Researcher Acknowledgement GitHub Hall of Fame and Security Researcher Reward BlackBerry Security Researcher Acknowledgement Ifixit Security Researcher Acknowledgement SAP Security Researcher Acknowledgement Oracle Security Researcher Acknowledgement Eventbrite Security Researcher Wall of Fame Honeybadger Security Researcher Acknowledgement FoxyCart Security Researcher Acknowledgement Ec-Council Security Researcher Acknowledgement Freelancer Security Researcher Hacker Badge EBay Security Researcher Hall of Fame ESET Acknowledgement Certificate and License AT&T Security Researcher Acknowledgement Automatic Security Researcher Acknowledgement AVG Acknowledgement Certificate Splitwise Researcher Acknowledgement Tictail Security Researcher Acknowledgement Work Experience A. F. Ferguson & Co. (PWC) – July 2016 - Present Assistant Manager - April 2020 – Present Senior Associate Consultant – January 2019 – April 2020 Associate Consultant – July 2017 – Dec 2018 Consulting Associate – July 2016 – June 2017 Internship at United Bank Limited (UBL) Head Office • • • • Performed grey and white box application security assessments internally against OWASP Top 10. Performed network penetration testing. Drafting reports against the identified vulnerabilities with their impact and mitigation recommendations. Present the identified vulnerabilities to the CISO of the Bank Responsibilities • Lead, manage and perform incident response, compromise assessment, malware analysis, penetration testing (black, white and grey-box) on information systems, networks and applications. • Conduct, review and perform compromise assessments to identify ongoing or past attacker activity. • Perform memory analysis, system analysis and network analysis. • Perform hunting for malicious activity across the network and digital assets. • Conduct review and perform cyber incident response initiating from preparation to lesson learned. • Actively participate in high impact cyber breaches and manage Incident Response workflow and activities to support response and remediation. • Triage of escalated security events that require in depth review and analysis, including ability to troubleshoot an event, research the potential cause, and recommend a course of action. • Communicate incident response actions to both technical and non-technical management. • Perform malware reverse engineering and behavioral analysis. • Detonate malware to understand its impacts into the systems. • Improve the detection, escalation, containment and resolution of incidents / malware. • Conduct, review and perform application stress testing using industry standard tools i.e. StresStimulus and Apache Jmeter to identify reliability, stability and the breaking point of an application under extremely high load over a period of time. • Review and perform forensics image acquisition using industry standard tool i.e., Encase and maintain the full chain of custody evidence documentation. • Perform and IT security risk assessments and management to ensure corporate compliance. • Perform ISO 27001 readiness. • Evaluate the external / internal environment to identify the best possible vulnerabilities that may lead to exploitation and lateral movement into the environment • Review and analyze security vulnerability data to identify applicability and false positives. • Meeting and discussion with the top management to set / arrange the scope of cyber security assessments within their environment. • RFP understating and proposal development, working with clients to understand the needs and requirement to provide the best results of the assessment and to fulfill the needs of the client’s environment. • Research, evaluate business impact of the identified vulnerabilities and create draft reports detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures. • In depth report discussions with the IT professionals and top management including executive summary to technical area. • Work closely with research and development teams for vulnerability remediation. • Finalizing of reports and presentation for effective representation of the overall project. • Present the overall status and current exposure of the environment to the client’s BOD. Skills • • • • • • • • • • • Web/Mobile/Network Penetration Testing Vulnerability Assessment & Management AWS Vulnerability Assessment and Penetration Testing Application Architecture Review Precise and Descriptive Report Writing Compromise Assessment Incident Response Handling Forensics (Acquisition, Imaging, Documentation) Risk Assessment & Management Application Stress Testing Configuration Reviews Personal Profile Father’s Name: Date & Place of Birth: Nationality: C.N.I.C. # Languages: LinkedIn: Abdul Razzak 28-July-1991 (Karachi, Pakistan) Pakistani- English, Urdu and Guajarati. https://pk.linkedin.com/in/awasayrazzak