a
asikuzzaman9

Asikuzzaman

@asikuzzaman9

Cyber Security Consultant, VAPT, IT Security Audit Specialist

Bangladesh
English
About me
Welcome to a holistic, one-stop solution for fortifying your organization's digital assets. I am a seasoned Cybersecurity Consultant with proven experience in securing government infrastructures, corporate networks, and complex web applications. My approach bridges the gap between technical exploitation and strategic compliance, offering tailored assessments that go beyond basic scanning to provide actionable, high-impact security improvements. I combine hands-on technical expertise with a comprehensive understanding of industry regulations to protect your business from different threats.... Read more

Skills

a
asikuzzaman9
Asikuzzaman
Offline • 

See my services

Programming & Tech
I will identify and fix security vulnerabilities with an advanced vapt
From$35 / projectMore details
Programming & Tech
I will conduct an IT audit and risk assessment for your business
From$40 / projectMore details

Work experience

Security Analyst

Sami Tech Ltd. • Full-time

Jan 2022 - Present4 yrs 4 mos

Comprehensive Security Assessments & Audits: - Conducted holistic security engagements encompassing both Vulnerability Assessment & Penetration Testing (VAPT) and IT Audits for diverse clients, including critical government infrastructures and enterprise organizations. - Performed ISO 27001, PCI DSS, and GDPR compliance audits, including full gap analyses, policy reviews, and implementation guidance for Information Security Management Systems (ISMS). - Executed configuration and architecture reviews for network devices (firewalls, routers, switches) to ensure hardening against attacks and alignment with best practice benchmarks. Technical Vulnerability Assessment & Penetration Testing: - Delivered comprehensive VAPT for high-value targets, including two government websites, utilizing both black-box and white-box methodologies to identify and exploit vulnerabilities across networks, servers, and web applications. - Mapped findings to industry standards such as the OWASP Top 10, uncovering critical flaws including SQL Injection, XSS, CSRF, and authentication bypasses. - Leveraged industry-standard tools (Burp Suite, Nessus, Acunetix, Nmap, Metasploit) for automated scanning, while manually validating results to eliminate false positives and uncover complex business logic flaws. Policy, Governance & Risk Management: - Assessed and enhanced security policies, access controls, and user privilege frameworks to strengthen overall governance and reduce the organization's attack surface. - Provided strategic consulting to management on IT risk management, governance, and the effectiveness of existing security measures (firewalls, IDS/IPS). -Evaluated Disaster Recovery (DR) and Business Continuity Planning (BCP) to ensure organizational resilience against potential security incidents. DevSecOps & Remediation: Fostered a DevSecOps culture by collaborating directly with development teams to reproduce, understand, and effectively remediate identified vulnerabilities.