Professional Experience
present
-
04.2020
-
04.2020
Principal IT Security Consultant
RM Information Security, Manchester, United Kingdom
---=== Details Soon ===---
03.2020
-
12.2014
-
12.2014
Senior Penetration Tester (VP)
Barclays, Knutsford, United Kingdom
- Penetration Testing and Vulnerability Assessments for numerous internal and 3rd party clients including
- infrastructure testing
- web application assessments
- mobile security testing
- cloud system assessments
- web services testing
- VPN and remote access assessments
- Security assessments of various systems/products including
- Trading Platforms
- Payments
- Single Sign-On
- Building Management Systems
- Building Access Systems
- Database Change Control
- Active Directory
- Network Access Control
- Scheduling/Workload Automation
- Reverse Engineering of Thick Clients and Android/iOS Mobile applications including cracking weak encryption mechanisms, local authentication and extracting sensitive information
- Firewall, router and switch configuration reviews
- MS SQL and Oracle database configuration reviews
- Operating System build and hardening reviews
- Architecture and design security reviews
- Developing the ButterFly 2.0 Security Project; an updated educational environment intended to give an insight into common web application vulnerabilities based on a payment system, written in C#/ASP.NET, MVC, HTML5 and CSS3
- Acting as mentor to other team members
11.2014
-
02.2006
-
02.2006
Senior IT Security Consultant
Pentest Limited, Manchester, United Kingdom
- A large number of Penetration Tests and Vulnerability Assessments for numerous customers including:
- web application testing
- network security assessment
- web services testing
- wireless network testing
- mobile application testing
- cloud system assessment
- mobile device management solution assessment
- social engineering
- VPN and remote access assessment
- Architecture and design security reviews
- Firewall, router and switch configuration reviews
- Acting as mentor to other team members
- The author of the ButterFly Security Project - educational environment intended to give an insight into common web application vulnerabilities. The project
is based on applications written in:
- PHP
- ASP.NET
- J2EE/Struts
- Adobe Coldfusion
- Preparing and delivering web application security training in the UK, Ireland and Germany
- Developing tools for penetration testing
- Reverse engineering and exploit development
- Operating System build and hardening reviews
01.2006
-
10.2004
-
10.2004
IT Security Specialist/Security Officer
National Bank of Poland, Warsaw, Poland
- Penetration Testing activities (devising methodologies, penetration test execution, authoring reports; member of European Central Bank (ECB) Penetration Test Team)
- Local coordinator of TARGET (pan-European payment system) risk analysis
- Control and assessment of the bank's systems security
- Evaluation of security measures in IT projects
- Hardening of systems security
- Cooperation with IT Department in order to create secure IT solutions
- Creating and administration of a testing environment (based on Linux Debian, FreeBSD, Microsoft Windows 2000/XP/2003 + AD2003)
- Development of the Central Log Server Project based on open-source software
09.2004
-
12.2001
-
12.2001
Administrator/Internet programmer
Data Bank of Engineers, Warsaw, Poland
- Configuring and securing internal networks, servers/gateways and remote access systems
- Securing personal data processed by the company
- Project planning and implementation of Active Directory infrastructure
- Project planning and implementation of the 2-layer Public Key Infrastructure; creating a Single Sign-On solution, which provides application users with access to their accounts, secure email and internal web system (based on Apache and PHP) via Smartcard technology
- Design and automation of backup procedures within the company
- Creating the company internet website
- Creating complex internal website system to manage candidate data, job offers and company's documents; advanced statistics in textual and graphical form
- Creating CV Generator application in VB .NET
- Support of company customers and employees
- Troubleshooting of software and hardware problems
11.2001
-
12.2000
-
12.2000
Internet programmer/Administrator
Safenet, Lublin, Poland
- dynamic website creation based on PHP and relational database MySQL
- FreeBSD 4.x server administration (including account management, quota management, virtual servers, firewall)
- technical support of company customers
Certificates and Exams
Titles:
02.2013 | Tiger Scheme Senior Tester (recertification) |
01.2010 | Tiger Scheme Senior Tester |
06.2005 | CompTIA Security+ |
02.2005 | Microsoft Certified Systems Engineer (MCSE) on Windows 2003 |
11.2004 | Microsoft Certified Systems Administrator (MCSA) on Windows 2003 |
04.2004 | Microsoft Certified Systems Engineer (MCSE) on Windows 2000 |
02.2004 | Cisco Certified Network Associate (CCNA) |
08.2003 | Microsoft Certified Systems Administrator (MCSA) on Windows 2000 |
07.2002 | Microsoft Certified Professional (MCP) |
Exams:
02.2013 | Tiger Scheme Senior Tester (recertification) |
01.2010 | Tiger Scheme Senior Tester |
06.2005 | CompTIA SY0-101 Security+ |
02.2005 | 70-296: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Environment for an MCSE |
11.2004 | 70-292: Managing and Maintaining a Microsoft Windows Server 2003 Environment for an MCSA |
04.2004 | 70-220: Designing Security for a Microsoft. Windows. 2000 Network |
02.2004 | 640-801: Cisco Certified Network Associate (CCNA) |
11.2003 | 70-217: Implementing and Administering a Microsoft. Windows. 2000 Directory |
09.2003 | 70-216: Implementing and Administering a Microsoft. Windows. 2000 Network Infrastructure |
06.2003 | 70-218: Managing a Windows 2000 Network Environment |
02.2003 | 70-228: Installing, Configuring, and Administering Microsoft. SQL Server. 2000 Enterprise Ed. |
08.2002 | 70-210: Installing, Configuring, and Administering Microsoft. Windows. 2000 Professional |
08.2002 | 70-215: Installing, Configuring, and Administering Microsoft. Windows. 2000 Server |
06.2000 | First Certificate in English (FCE) |
Skills
- Knowledge of Penetration Tests activities:
- creating and following methodology
- white, grey and black box testing approaches
- privilege escalation and pivoting techniques
- ability of recognizing false positives in penetration testing
- ability of manual checking of vulnerabilities, customizing exploits and shellcodes
- using pentesting tools (including xprobe2, nmap, amap, nikto, Nessus, Burp Suite, Nexpose, Retina, ISS Internet Scanner, Spike, Metasploit, Canvas, Core Impact, NCC SQuirreL suite)
- Ability to test significantly complex systems, products and environments, consisting of multiple components (infrastructure, network, web, mobile UI) and using custom network communication protocols.
- Knowledge of web application vulnerabilities (for example: Blind and Time based SQL Injection, DOM Cross-Site Scripting, XML External Entity (XXE), Session Fixation, CRLF injection and many more)
- Knowledge of cryptography: public key and symmetric cryptography, signatures, message digests, MAC
- Reverse Engineering of Thick Clients and Android/iOS Mobile applications
- Knowledge of software vulnerabilities and attack techniques (including Stack, Heap, BSS-based buffer overflows, format string bugs, race conditions, symlink attacks)
- Knowledge of the following operating systems:
- Linux Debian, RedHat, Gentoo, Ubuntu
- Windows Workstation and Server OS
- Cisco IOS
- FreeBSD
- OpenBSD
- Knowledge of installation and configuration of the following services and functions of a network server:
- Firewall (iptables,ipfw,ipf), NAT
- Network Intrusion Detection System (NIDS) - Snort+pgsql plugin+acid console
- WWW Server (Apache, IIS)
- File-based Server (Samba, FTP)
- Proxy Server (Squid)
- Mail Server (Qmail, Postfix, Sendmail) + servers POP3 and IMAP
- DNS (Bind)
- Relational databases (MySQL, PostgreSQL, MS SQL)
- Public Key Infrastructure (PKI)
- Virtual Private Network (VPN), IPSEC
- Quality of Service (QoS): ipfw, CBQ, HTB, HFSC, IMQ
- Chroot, jail of services and users
- Knowledge of the following programming languages:
- PHP
- J2EE/Struts
- SQL/Stored Procedures
- C# and Visual Basic .NET (ASP.NET)
- C/C++ (network programming in UNIX systems, Visual Studio .NET)
- HTML, XML, CSS, Javascript
- Knowledge of many types LAN and WAN networks, routing protocols and network switching
- Driving licence
- Knowledge of the foreign languages:
- Polish - native
- English - fluent
Interests
- Photography - http://elessar.smugmug.com
- Freshwater aquarium
- Sport : F1 and motorcycles racing
- Playing a guitar, RPG games, simulators, Gran Turismo, Diablo, The Witcher
- Cinema and literature