I'm a cybersecurity professional based in Dhaka, Bangladesh operating at the intersection of Governance, Risk & Compliance and Offensive Security โ a combination most security teams are still missing. The compliance frameworks I design aren't just documented; they're verified against the attacker mindset trying to break them.
"Most security professionals defend or audit. I do both โ and build the frameworks that prevent breaches before they happen."
| # | Certification | Issuer | Domain |
|---|---|---|---|
| ๐ฅ | ISO/IEC 27001:2022 Lead Auditor | Mastermind Assurance | ISMS Auditing ยท Risk Management |
| ๐ฅ | ISO/IEC 27001:2022 Security Associateโข | SkillFront | Information Security ยท Risk Assessment |
| ๐ | Governance, Risk, Compliance & Data Privacy | IBM SkillsBuild | GRC ยท Data Privacy ยท Compliance |
| ๐ | Ethical Hacker | Cisco | Penetration Testing ยท Offensive Security |
| ๐ | Certified Cybersecurity Educator (CCEP) | Red Team Leaders | Security Training ยท Architecture |
๐ Cybersecurity Consultant โ GRC & Offensive Security ย |ย 2025 โ Present ย ยทย Remote
Designing ISO 27001 and NIST CSF-aligned security programs for clients, with every control set verified โ not just documented โ under realistic attack conditions.
Deliverables: Statement of Applicability (SoA) ยท Risk Registers ยท Gap Assessment Reports ยท Control Implementation Roadmaps ยท Audit-Ready Evidence Packages
ISO 27001 NIST CSF GRC Ethical Hacking Risk Register
๐ก Service Account Manager โ Genex Infosys ยท Grameenphone Enterprise ย |ย 2023 โ 2025 ย ยทย Dhaka
Managed enterprise service delivery for Bangladesh's largest telecom, overseeing SLA compliance, KPI reporting, and cross-functional coordination across major corporate accounts.
๐ Attrition Warrior Award โ September 2023 ยท Awarded for outstanding performance under high-pressure operational conditions.
SLA Management KPI Monitoring Enterprise Accounts Service Delivery
๐งช Penetration Tester & Security Researcher ย |ย 2022 โ 2023 ย ยทย Mist Leetcon ยท Riot Center ยท Independent
Conducted penetration testing and vulnerability research across CTF environments and live targets. All findings documented with CVSS scoring and structured reports, directly informing defensive hardening decisions.
Red Teaming Penetration Testing CVSS Scoring Vulnerability Research CTF
| ๐ก๏ธ Compliance & GRC | โ๏ธ Offensive Security | ๐ฌ Detection & Defense | ๐๏ธ Architecture |
|---|---|---|---|
| ISO 27001 Lead Auditing | Penetration Testing | SOC Operations | ISMS Design |
| Gap Assessments | Metasploit ยท Burp Suite | Splunk ยท Sentinel | Risk Registers & SoA |
| NIST ยท GDPR ยท HIPAA | OSINT & Reconnaissance | Sigma Rule Engineering | Policy Frameworks |
| BCP / DR Planning | Threat Modeling | IAM ยท Digital Forensics | Audit-Ready Controls |
Compliance & Frameworks
Offensive Security
Detection & Defense
๐ข ISO 27001:2022 gap assessments for SME clients [Remote ยท Ongoing]
๐ข Detection engineering โ custom Sigma rules for SOC [Personal Project]
๐ข CTF challenges on TryHackMe (Rahat404x) [Active]
๐ก Public GRC template library for Bangladeshi orgs [In Progress]
If you're building or auditing a security program and need someone who can read a risk register and run a Metasploit module โ that's the conversation worth having.
Open to: GRC Consulting ยท ISO 27001 Gap Assessments ยท Penetration Testing ยท Detection Engineering ยท Security Research
ย
โฆ Open to remote / hybrid opportunities in cybersecurity, GRC, and offensive security โฆ