Career Profile
Dedicated Cyber Security professional with 7 years of diverse experience, specializing in Banking Identity, Blockchain Security, ISO27001, Web & Mobile Application Pentesting/Audits, and Smart Contract Audits. Proficient in code reviews and a significant contributor to the OWASP MSTG project. Proudly ranked #6 at Defcon 2019’s Capture The Coin competition. Holder of credentials including OSWE, OSCP, and CBSP. Recognized with numerous CVEs and esteemed security reports for major firms like Apple, Viettel, Telia, Blockchain, and TransferWise. Authored several acclaimed security research papers. Fluent in English and Vietnamese with a foundational understanding of Chinese.
Experiences
- Carry out any technical related audits, such as cybersecurity audits on crypto-exchanges, electronic money institutions and similar entities, or other similar technical audit engagements.
- Ccarry out any technical related audits, such as blockchain technology audits on behalf of the Malta Digital Innovation Authority (MDIA), Malta Financial Services Authority (MFSA), carrying out ISO27001 or similar ISO standards’ based audits, or other similar technical audit engagements.
- Manage smart contract audits, applications pen-testing projects (web, mobile).
- Carry out penetration testing and similar tests and preparing reports accordingly.
- Carry out RNG Testing, ISO 27001.
- Founder of Kubertu
- Provides cyber security services: Penetration Testing, Cyber Security Solutions, SOC, Smart Contract Audits, Smart Conrtact Development, DApp Development.
- Security penetration testing & security audit for web applications & mobile applications (IOS, Android) in Blockchain.
- Develop a smart contract audit checklist and smart contract security research in both Ethereum and NEO blockchain network
- Bug hunting, search for vulnerabilities in the software built and owned by the company then analyze and evaluate the impact of risks
- Develop automatic security scanning tools for services & daily activities.
- Participates in internal & external projects. Solve 3 levels of incidents and problems Perform penetration testing on Android, iOS. Identify risks and provide suggestions on how to improve on the security based on the vulnerabilities identified
- Participate in the secure design of new products and features. Participate in the definition of the official mobile security process for the mobile teams
- Perform security code reviews on mobile software products, and document Security research
- Security developments in protecting privileged accounts, authentication & authorization, health check & monitoring, etc.
- Implement penetration testing for windows active directory (attack vectors, malware analysis, Kerberos etc.) Solve level 3 incidents & problems and sets-up infrastructure and application operational requirements, methodologies & procedures.
- Plan, build, test and run diagnostics for the above-mentioned services, sub-services and infrastructure component.
- Analyses and performs capacity and performance management for the services, sub-services and infrastructure components.
- Ensure development and maintenance of services, sub-services and infrastructure components for all platforms within contractual SLA.
- Responsible for Windows AD security including privileged accounts, authentication & authorization, health check & monitoring and other services.
- Build and develop platform infrastructure and/or application infrastructure. Sets-up framework and guidelines for platform infrastructure and/or application infrastructure.
Certifications
Certified OSWEs have a clear and practical understanding of white box web application assessment and security. They’ve proven their ability to review advanced source code in web apps, identify vulnerabilities, and exploit them. They use creative and lateral thinking to determine innovative ways of exploiting web vulnerabilities OSWEs are able to assist web development teams in creating and maintaining web apps that are secure by design.
The Certified Blockchain Security Professional (CBSP) exam is an elite way to demonstrate the knowledge and skills in Blockchain Security
- Advanced Blockchain Security Mechanisms of Ethereum Security, Hyperledger Security and Corda Security. - Smart Contract Security
- Vulnerabilities and Attacks of Network-Level, System-Level and Smart Contract.
The contest had 438 registered users and 154 active participants both online and during Defcon 27’s Blockchain Village.
An OSCP has demonstrated the ability to use persistence, creativity, and perceptiveness to identify vulnerabilities and execute organized attacks under tight time constraints. OSCP holders have also shown they can think outside the box while managing both time and resources.
Projects
CVE
Publications
My publications and personal security research