Summary
Overview
Work History
Education
Skills
sections.external_links.name
Certification
Accomplishments
Proof of Concepts (PoCs)
Personal Information
Languages
Affiliations
Timeline
Generic
Mohd Badrudduja

Mohd Badrudduja

BUQAYQ,Saudi Arabia

Summary

Experienced cybersecurity professional with a strong background in penetration testing, ethical hacking, risk management, BCP/DRP planning and testing, and threat modelling. Proficient in asset management, security policies, and change management. Skilled in using advanced tools such as KALI Linux, Wireshark, NMAP/ZENMAP, NESSUS, JOHN/Hashcat, Hydra, BloodHound, Mimikatz, Python3, Impacket, Burpsuite, Windows/Linux systems, SQLMAP, Metasploit, DNSPY and GHIDRA. Demonstrates expertise in the MITRE ATT&CK framework. Recognised for calmness under pressure and exceptional problem-solving abilities. Strong communication skills combined with strategic planning and leadership capabilities.

Overview

12
12
years of professional experience
3
3
years of post-secondary education
1
1
Certification

Work History

Penetration tester

United Aarab Technology
BUQAYQ, Saudi Arabia
07.2020 - Current
  • Develop the cybersecurity policies and procedures aligned with best practices
  • Design, implement and maintain a risk management program
  • Ensure the effectiveness of the security mechanism for the protection of organization data, systems and networks
  • Responsible for developing and implementing the organization's information security strategy, ensuring compliance, and managing customer communications regarding security matters
  • Conduct security assessments, risk analysis and root cause analysis of security incidents
  • Identify, analyze, and prioritize security risks and vulnerabilities
  • Develop and implement risk mitigation plans
  • Collaborate with IT, HR, Legal, engineering teams and other stakeholders to integrate security into system, application and organization critical business functions
  • Leading security operations, including threat management and incident response
  • Communicate security policies and incidents to customers and stakeholders
  • Plan and execute full life cycle offensive operation
  • This includes project scoping, resource assignment recommendations
  • Creating Rules of Engagements (ROE) for clients
  • Perform application penetration tests
  • Application pentests often include API, web applications from blackbox, graybox, and Code review (if available) whitebox perspectives
  • Perform network penetration tests
  • External as well as internal
  • Capable of penetrating multiple platforms in enterprise environments
  • Familiarity attacking Active Directory
  • Performing vulnerability scanning NMAP/Qualys/NESSUS/Manage Engine Vulnerability Management Professional
  • Searching, manipulating and customizing public exploits to work in required conditions
  • Writing high-level programs in python to exploit business logics and other custom weakness in applications
  • Creating virtual environments/Sandboxing for testing to avoid any damage on production mission critical assets
  • Meetings with application development team
  • Meetings with System/Network team
  • Open-Source Intelligence (OSINT)
  • Active Directory Infrastructure security and testing
  • Enumerating Active Directory domain infrastructure with Impacket
  • Enumerating Active Directory domain infrastructure with BloodHound
  • Lateral movements and Privilege Escalation
  • Persistence for Proof of Concept if not excluded in ROE
  • Reviewing cybersecurity appliance configurations
  • Writing reports and debriefing to management and clients
  • Excelled in communicating technical data to non-technical stakeholders.
  • Managed vulnerability assessments with advanced knowledge of hacking methodologies.
  • Implemented secure network architecture designs based on threat modelling outcomes.
  • Maintained professional growth through continuous learning about latest cyber threats and countermeasures-vital for staying ahead in the constantly evolving cybersecurity landscape.
  • Maintained system compliance with legal requirements and company security standards.
  • Coordinated emergency disaster recovery, minimising data loss and supporting business continuity.

Network security engineer

United Arab Technology
BUQAYQ, Saudi Arabia
06.2017 - 06.2020
  • Oversaw secure network architecture design to bolster overall system integrity.
  • Analyzed complex technical issues, providing effective solutions in a timely manner.
  • Implemented strong user authentication procedures, reducing chances of unauthorized access attempts.
  • Maintained network stability through consistent monitoring and troubleshooting efforts.
  • Working with BlueCoat Proxy and creating policies as per requirement.
  • Maintain Web Filtering for network and watch out the privileges for categorized users.
  • Strong Security configuration for Gateway Level security with Dell Sonicwall Firewalls, CISCO ASA and Cyberoam UTM.
  • Configuring and managing VPN connections in both ways such as Site-to-Site VPN & Client/Server VPN.
  • Configuring Backup Firewall and load balancing.
  • Configuring IPS/IDS with Cisco Router and create ACLs for traffic management.
  • Implementing the Cisco Switch Domain with loop free and collision less response.
  • Configuring VLANs (Virtual Local Area Network) to make separation of collision Domain according to the Departments.
  • Configuring and Managing VTP, PVST to manage the route of traffic in switching environment.
  • Advocated for best practice adherence amongst colleagues, fostering a culture of cybersecurity consciousness.
  • Supported disaster recovery efforts by creating reliable backup processes and procedures.
  • Enhanced network security by implementing advanced firewall configurations.
  • Optimised security parameters on all hardware devices for enhanced protection level against threats.
  • Orchestrated training sessions on latest cybersecurity trends, raising employee awareness and skill levels.
  • Partnered with security professionals to identify and address problems through incident validation and action synchronization.

Network engineer

United Arab Technology
BUQAYQ, Saudi Arabia
05.2015 - 05.2017
  • Assisted team members in understanding complex networking concepts, enhancing team productivity.
  • Managed multiple projects simultaneously whilst maintaining high standards of workmanship.
  • Designed efficient network structures for enhanced data flow and communication.
  • Conducted routine audits on network usage to ensure compliance with company policies and regulations.
  • Reconfigured systems following best practices improving overall efficiency.
  • Improved overall system stability with preventative maintenance measures.
  • Optimised network performance by troubleshooting and resolving complex technical issues.
  • Collaborated with cross-departmental teams to integrate new software applications into existing network environments seamlessly.
  • Stayed abreast of latest industry trends by attending workshops and subscribing to relevant publications, thereby bringing innovative ideas to the table.
  • Coordinated with vendors during hardware procurement process ensuring timely project completion.
  • Reduced downtime through regular monitoring and proactive system checks.
  • Configured routers, switches and firewalls to deploy and support LAN, WAN and wireless networks.
  • Troubleshot network issues and provided rapid solutions to limit downtime.
  • Maintained network configuration, mapping and service records for accurate documentation.
  • Optimised network operation through focused configuration and monitoring.
  • Provided smooth communications by configuring LAN technology, wireless access points and controllers.
  • Guided and assisted users with technical issues, improving network performance and usability.
  • Assisted various departments in maintaining network security and configured remote routers and firewalls.
  • Evaluated long- and short-term network needs and implemented required updates to achieve them.
  • Devised and maintained suitable firewalls and access settings to uphold data security.
  • Contributed planning abilities and use forecasts to development of long-term network road map.
  • Reconfigured networks for enhanced performance.
  • Approved external network access to meet remote working demands.
  • Installed new hardware and software outside of office hours for minimal service disruption.
  • Evaluated bandwidth requirements and implemented required network updates.
  • Set up virtual private networks for secure remote connections.
  • Resolved service user requests within agreed timeframes for optimized staff productivity.

Network technician

United Arab Technology
BUQAYQ, Saudi Arabia
12.2012 - 04.2015
  • Conducted routine inspections of hardware, ensured longevity and optimal performance.
  • Streamlined communication process with effective cabling and routing procedures.
  • Resolved complex network issues in a timely manner due to adept problem-solving skills.
  • Ensured high levels of customer satisfaction with prompt resolution of their queries or issues related to the network systems.
  • Coordinated with IT team frequently to update them on network status and changes made.
  • Provided technical support to staff, resolved all reported issues swiftly.
  • Stayed abreast about latest industry trends through continuous professional development-helped incorporate best practices in current systems efficiently.
  • Undertook responsibility of managing IP addresses, minimised conflicts effectively.
  • Maintained up-to-date documentation of all networks for easy reference during troubleshooting.
  • Installed networking equipment for improved connectivity in various offices.
  • Carried out repairs to faulty hardware, reduced downtime significantly.
  • Installed well-functioning LAN/WAN and managed IP, servers and other network components.
  • Maintained scanners, printers and other computer peripheral equipment.
  • Performed regular upgrades to keep systems updated and in good working order.
  • Troubleshot system failures or bugs and provided solutions to restore functionality.
  • Set up and installed new hardware and software systems to customer requirements.
  • Performed routine maintenance to prevent system outages and failures.
  • Offered technical support on-site, via phone or email for enhanced customer service.
  • Monitored and managed repair parts inventory, promptly ordering low-stock items to maintain service efficiencies.
  • Kept records of fixes and repairs for future reference.
  • Created and removed user network accounts following guidelines.
  • Kept high levels of customer satisfaction, explaining complex technical concepts in layman terms for easy comprehension.
  • Assisted employees with general administrative needs relating to passwords, application access and forms and policies.
  • Updated operating systems regularly to meet operational needs.
  • Installed new hardware and software outside of office hours for minimal service disruption.

Education

Bachelor of Science - Electronics & Mathematics

Chhatrapati Shahu Ji Maharaj University
India
07.2006 - 06.2009

Diploma - Networking & System Security

Centre for Development of Advanced Computing
India
07.2009 - 01.2010

Skills

  • Risk Management
  • BCP/DRP planning & testing
  • Threat modeling
  • Asset Management
  • Security Policies
  • Change management
  • KALI Linux
  • Wireshark
  • NMAP/ZENMAP
  • NESSUS
  • JOHN/Hashcat
  • Hydra
  • BloodHound
  • Mimikatz
  • Python3
  • Impacket
  • Burpsuite
  • Windows/Linux
  • SQLMAP
  • Metasploit
  • DNSPY
  • GHIDRA
  • MITRE ATT&CK
  • Calm under pressure
  • Problem-solving
  • Communication skills
  • Strategic planning
  • Leadership

Certification

  • Certified Information System Security Professional (ISC2-CISSP), 1485742
  • Certified in Cybersecurity (ISC2-CC), 1485742
  • Practical Network Penetration Tester (PNPT), TCM-Security
  • Certified QUALYS VMDR-2.0
  • Cisco Certified Specialist - Enterprise Core
  • Cisco Certified Network Professional (CCNP)
  • Cisco Certified Network Associate Security (CCNA Security)
  • Cisco Certified Network Associate (CCNA)

Accomplishments

  • CVE-2022-37190, 8.8, Authenticated RCE
  • CVE-2022-37191, 6.5, Authenticated LFI

Proof of Concepts (PoCs)

  • Https://github.com/badru8612/Authenticated-RCE-CuppaCMS
  • Https://github.com/badru8612/CuppaCMS-Authenticated-LFI-Vulnerability

Personal Information

  • Date of birth: 07/05/89
  • Nationality: India

Languages

English
Fluent
Arabic
Fluent
Hindi
Native

Affiliations

  • Cooking
  • Reading tech books and articles
  • Hacking

Timeline

Penetration tester

United Aarab Technology
07.2020 - Current

Network security engineer

United Arab Technology
06.2017 - 06.2020

Network engineer

United Arab Technology
05.2015 - 05.2017

Network technician

United Arab Technology
12.2012 - 04.2015

Diploma - Networking & System Security

Centre for Development of Advanced Computing
07.2009 - 01.2010

Bachelor of Science - Electronics & Mathematics

Chhatrapati Shahu Ji Maharaj University
07.2006 - 06.2009

Similar Profiles

  • Gauhly Xiong

    Gauhly XiongGauhly Xiong

    Production Lead at United Protective TechnologyProduction Lead at United Protective Technology

    View Profile
  • Ahmed Mohammed Basuony Arafah

    Ahmed Mohammed Basuony ArafahAhmed Mohammed Basuony Arafah

    Technical & Operational Manager at United Arab TechnologyTechnical & Operational Manager at United Arab Technology

    View Profile
  • Aya Ahmed

    Aya AhmedAya Ahmed

    Business Development Manager at United Delta for Information TechnologyBusiness Development Manager at United Delta for Information Technology

    View Profile
Mohd Badrudduja