Summary
Information security professional with proven track record in the design, delivery and leadership of consulting services, across the offence/defence spectrum. Demonstrated challenge-driven attitude with an always expanding technical skillset, while not hesitating to undertake key business roles and responsibilities. Always seeking opportunities to perform in-depth technical research, which has led to the discovery of significant vulnerabilities against reputable vendors, published in the domain and awarded CVE IDs.
Experience
WithSecure -
Manchester, United Kingdom
Senior Security Consultant
- Leading the Attack Path Mapping service, designing and executing collaborative adversary simulations
- Conducting technical research that produced open-source tooling and identified vulnerabilities, presenting findings at security conferences worldwide
- Undertaking active line management, guiding consultants at different experience levels
- Leading large scale attack detection exercises covering all surfaces of client organisations' digital estate
Cyber Peace Institute -
Globally
Cyber Piece Builder
- Offered pro-bono security consulting services to NGOs around the world with small or no IT departments
- Earned the Cyber Sentinel award for 5 "missions" completed and recognised as Top Builder for January 2024
- Volunteered independently to help charities in healthcare, education and sustainable development defend against threats
- Liaised, scheduled and delivered ad-hoc engagements such as security awareness training and proactive threat hunting
Professional Education Provider -
(Confidential)
Training Instructor
- Contracted by a cyber security education provider to deliver onsite security training to a foreign government department
- Delivered 5 day training course "Systems and Networks Auditing and Monitoring"
- Designed materials and hands-on exercises covering Web Applicatons, Networks, Windows and Unix systems
Hellenic Army -
Hellenic Ministry of Defence
Cyber Defence Department (Red Team)
- Conducted internal security assessments
- Participated in international cyber-readiness exercises commissioned by NATO
- SOC duties on a weekly basis
- Contributed tooling, automation scripts and improved pentest workflow procedures
F-Secure Consulting (MWR Infosecurity) -
Manchester, United Kingdom
Security Consultant
- Led and delivered security assessments for domestic and global organisations
- Experienced across all core service areas (appsec/netsec/mobsec), also delivered bespoke services such as design reviews and threat modelling exercises
- Continuously supported F-Secure's delivery pipeline by frequently taking up scoping opportunities (2nd top scoper in the UK as of leaving date)
- Served as the technical lead for a strategic telecommunications organisation, establishing solid relationships with client contacts and greatly improving F-Secure's business presence in the sector while raising significant revenue. Responsibilities also included oversight of all relevant projects and leading of key assessments
- Contributed significantly to the mobile security service area, including delivery of internal mobile security training
- Developed internal tools and methodologies to automate testing and share knowledge among the team
NSO Group (CS Circles) -
Limassol, Cyprus
Information Security Researcher
- Member of the Research and Reverse Engineering (RARE) team focusing on vulnerability discovery against mobile and WiFi platforms
- Established a versatile reverse engineering approach combining a thorough static analysis skillset and proficiency with dynamic instrumentation frameworks
- Developed thorougly documented Proof of Concent (PoC) deliverables in several programming/scripting languages, accompanied by write-ups/HowTos both detailing efforts and concisely summarising research activities
- Led a team of 3 researchers, preserving efficient communication with the upper management while keeping the team motivated and curating their training
- Volunteered in and created challenges for "Pentest Cyprus" a regional CTF competition co-hosted by UClan Cyprus and the University of Cyprus
Intracom Telecom -
Athens, Greece
Software Engineer
- Worked on Intracom's proposed solution for management of multiple WiFi Access Points, built on top of the OpenStack Cloud platform
- Contributed in the development (Python & Java), deployment, and end-to-end testing/automation processes, while familiarising with cloud and SDN fundamentals
- Investigated OpenStack's authentication mechanism ("Keystone"), identified and corrected bad security practices including passwords disclosed in the logs and web interface
- Wrote Bash and Puppet scripts to automate the working environment setup
Certifications
Offensive Security Experienced Penetration Tester (OSEP) -
by Offensive Security
Certificate ID: OSEP-26733
Offensive Security Certified Professional (OSCP) -
by Offensive Security
Certificate ID: OS-101-036020
OffSec Defense Analyst (OSDA) -
by Offensive Security
Certificate ID: OSDA-14780
AWS Certified Cloud Practitioner -
by Amazon Web Services
Education
University of Athens (BSc)
Department of Informatics and Telecommunications
- Specialisations in "Communications and Networking" and "Signal and Information Processing"
- Certificate degree 8.93 / 10 : "Excellent"
- 1.000€ Scholarship awarded by the Greek Post Offices (ELTA)
- Notable software created as part of course assignments include: a C/C++ rainbow table-based password cracking tool (PassCrack), an ebay-like web marketplace written in Java (3bay), and a distributed network scanner system for Android devices (DistributedScanner)
Antisyphon Trainings
(3 day training sessions) -Online/Remote
"SOC Core Skills with John Strand"
"Active Defense and Cyber Deception with John Strand"
Hack in Paris Trainings
(3 day training) -Paris, FR
"Hacking IPv6 Networks"
CanSecWest Dojos
(2 day training) -Vancouver, CA
"Reversing for the JVM and Android"
Systems and Networks Training Ltd
(2 day training) -Limassol, CY
"Radio Frequency Fundamentals"
Intracom Telecom & EESTEC LC Athens
(3 day training) -Athens, GR
"Java Enterprise Edition Workshop"
Publications
"IBM Sterling B2B Integrator - Remote Code Execution
- Security Advisory - TBC
- Presented talk at DistrictCon Year 0 districtcon.org
"Kubernetes Attack Simulation: The Definitive Guide"
- Presented talk at DEFCON 32 Adversary Village defcon.org & adversaryvillage.org
- Delivered hands-on technical workshop at DEATHCon 2024 deathcon.io
- Presented talk at the WithSecure UK Briefing 2024 consulting.withsecure.com
CVE-2021-22269
CVE-2021-22270
CVE-2021-22271
"Click Here For Free TV! - Chaining Bugs to Takeover Wind Vision Accounts"
- Security Advisory labs.withsecure.com, Technical Blog Post labs.wihsecure.com
- Presented talk at ROOTCON rootcon.org & Security BSides Athens bsidesath.gr
CVE-2020-26063
Cisco IMC Server - Authorisation Bypass and Username Enumeration
- Security Advisory labs.withsecure.com
Xiaomi Redmi 5 Plus - Second Space Password Bypass
- Security Advisory labs.withsecure.com
- Bug Bounty Awarded via HackerOne platform (private report)
Languages
English
- Excellent / Near-Native Level"Certificate of Profieciency in English" -
The University of Michigan
German
- Intermediate Level"Goethe-Zertifikat B2" -
Goethe Institut Athen
Greek
- Native Languange