I'm a cybersecurity professional based in Dhaka, Bangladesh operating at the intersection of Governance, Risk & Compliance and Offensive Security — a combination most security teams are still missing. The compliance frameworks I design aren't just documented; they're verified against the attacker mindset trying to break them.
"Most security professionals defend or audit. I do both — and build the frameworks that prevent breaches before they happen."
| # | Certification | Issuer | Domain |
|---|---|---|---|
| 🥇 | ISO/IEC 27001:2022 Lead Auditor | Mastermind Assurance | ISMS Auditing · Risk Management |
| 🥈 | ISO/IEC 27001:2022 Security Associate™ | SkillFront | Information Security · Risk Assessment |
| 🏅 | Governance, Risk, Compliance & Data Privacy | IBM SkillsBuild | GRC · Data Privacy · Compliance |
| 🏅 | Ethical Hacker | Cisco | Penetration Testing · Offensive Security |
| 🏅 | Certified Cybersecurity Educator (CCEP) | Red Team Leaders | Security Training · Architecture |
🔐 Cybersecurity Consultant — GRC & Offensive Security | 2025 – Present · Remote
Designing ISO 27001 and NIST CSF-aligned security programs for clients, with every control set verified — not just documented — under realistic attack conditions.
Deliverables: Statement of Applicability (SoA) · Risk Registers · Gap Assessment Reports · Control Implementation Roadmaps · Audit-Ready Evidence Packages
ISO 27001 NIST CSF GRC Ethical Hacking Risk Register
📡 Service Account Manager — Genex Infosys · Grameenphone Enterprise | 2023 – 2025 · Dhaka
Managed enterprise service delivery for Bangladesh's largest telecom, overseeing SLA compliance, KPI reporting, and cross-functional coordination across major corporate accounts.
🏆 Attrition Warrior Award — September 2023 · Awarded for outstanding performance under high-pressure operational conditions.
SLA Management KPI Monitoring Enterprise Accounts Service Delivery
🧪 Penetration Tester & Security Researcher | 2022 – 2023 · Mist Leetcon · Riot Center · Independent
Conducted penetration testing and vulnerability research across CTF environments and live targets. All findings documented with CVSS scoring and structured reports, directly informing defensive hardening decisions.
Red Teaming Penetration Testing CVSS Scoring Vulnerability Research CTF
| 🛡️ Compliance & GRC | ⚔️ Offensive Security | 🔬 Detection & Defense | 🏗️ Architecture |
|---|---|---|---|
| ISO 27001 Lead Auditing | Penetration Testing | SOC Operations | ISMS Design |
| Gap Assessments | Metasploit · Burp Suite | Splunk · Sentinel | Risk Registers & SoA |
| NIST · GDPR · HIPAA | OSINT & Reconnaissance | Sigma Rule Engineering | Policy Frameworks |
| BCP / DR Planning | Threat Modeling | IAM · Digital Forensics | Audit-Ready Controls |
Compliance & Frameworks
Offensive Security
Detection & Defense
🟢 ISO 27001:2022 gap assessments for SME clients [Remote · Ongoing]
🟢 Detection engineering — custom Sigma rules for SOC [Personal Project]
🟢 CTF challenges on TryHackMe (Rahat404x) [Active]
🟡 Public GRC template library for Bangladeshi orgs [In Progress]
If you're building or auditing a security program and need someone who can read a risk register and run a Metasploit module — that's the conversation worth having.
Open to: GRC Consulting · ISO 27001 Gap Assessments · Penetration Testing · Detection Engineering · Security Research
✦ Open to remote / hybrid opportunities in cybersecurity, GRC, and offensive security ✦