Offensive Security Experienced Penetration Tester (OSEP) -

by Offensive Security

Certificate ID: OSEP-26733

Offensive Security Certified Professional (OSCP) -

by Offensive Security

Certificate ID: OS-101-036020

AWS Certified Cloud Practitioner -

by Amazon Web Services

Hellenic Army -

Hellenic Ministry of Defence

Cyber Defence Department (Red Team)

• Conducted internal security assessments
• Participated in international cyber-readiness exercises commissioned by NATO
• SOC duties on a weekly basis
• Contributed tooling, automation scripts and improved pentest workflow procedures

F-Secure Consulting (MWR Infosecurity) -

Manchester, United Kingdom

Security Consultant

• Led and delivered security assessments for companies in the UK and around the world
• Experienced across all core service areas (appsec/netsec/mobsec), also delivered bespoke services such as design reviews and threat modelling exercises. Established testing methodologies which align with well-known standards such as the OWASP Security Testing Guides or CIS benchmarks
• Interfaced directly with client Subject Matter Experts (SMEs) on a daily basis, effectively communicating status updates and explaining any critical issues. Focused on the continuous improvement of reporting skills, with an aim to abstract technical details to key stakeholders while proposing high level, yet to-the-point remedial plans
• Avid and ongoing support to F-Secure's delivery pipeline by frequently taking up scoping opportunities (2nd top scoper in the UK as of leaving date) and performing Quality Assurance (QA) reviews on fellows' reports
• Served as the Tech Lead for a strategic telecommunications organisation, establishing solid relationships with client contacts and greatly improving F-Secure's business presence in the sector while raising significant revenue. Responsibilities also included oversight of all relevant projects and leading of key assessments
• Participated in advanced threat actor simulations such as Purple Team assessments and Attack Path Mapping exercises, against large Active Directory environments. Used frameworks such as Cobalt Strike and the MITRE ATT&CK matrix alongside veteran Red Teamers. Supported setting up Red Team Infrastructure
• Vital, ongoing contributions to the mobsec service area - Delivered mobile security training internally
• Developed internal tools and methodologies to automate testing and share knowledge among the team

NSO Group (CS Circles) -

Limassol, Cyprus

Information Security Researcher

• Member of the Research and Reverse Engineering (RARE) team focusing on vulnerability discovery against mobile and WiFi platforms
• Established a versatile reverse engineering approach combining a thorough static analysis skillset and proficiency with dynamic instrumentation frameworks
• Developed thorougly documented Proof of Concent (PoC) deliverables in several programming/scripting languages, accompanied by write-ups/HowTos both detailing efforts and concisely summarising research activities
• Led a team of 3 researchers, preserving efficient communication with the upper management while keeping the team motivated and curating their training
• Volunteered in and created challenges for "Pentest Cyprus" a regional CTF competition co-hosted by UClan Cyprus and the University of Cyprus

Intracom Telecom -

Athens, Greece

Software Engineer

• Worked on Intracom's proposed solution for management of multiple WiFi Access Points, built on top of the OpenStack Cloud platform
• Contributed in the development (Python & Java), deployment, and end-to-end testing/automation processes, while familiarising with cloud and SDN fundamentals
• Investigated OpenStack's authentication mechanism ("Keystone"), identified and corrected bad security practices including passwords disclosed in the logs and web interface
• Wrote Bash and Puppet scripts to automate the working environment setup

University of Athens (BSc)

Department of Informatics and Telecommunications

• Specialisations in "Communications and Networking" and "Signal and Information Processing"
• Certificate degree 8.93 / 10 : "Excellent"
• 1.000€ Scholarship awarded by the Greek Post Offices (ELTA)
• Notable software created as part of course assignments include: a C/C++ rainbow table-based password cracking tool (PassCrack), an ebay-like web marketplace written in Java (3bay), and a distributed network scanner system for Android devices (DistributedScanner)

Antisyphon Training

(3 day training) -

Online/Remote

"SOC Core Skills with John Strand"

Hack in Paris Trainings

(3 day training) -

Paris, FR

"Hacking IPv6 Networks"

CanSecWest Dojos

(2 day training) -

Vancouver, CA

"Reversing for the JVM and Android"

Systems and Networks Training Ltd

(2 day training) -

Limassol, CY

"Radio Frequency Fundamentals"

Intracom Telecom & EESTEC LC Athens

(3 day training) -

Athens, GR

"Java Enterprise Edition Workshop"

"Click Here For Free TV! - Chaining Bugs to Takeover Wind Vision Accounts"

• Security Advisory labs.f-secure.com, Technical Blog Post labs.f-secure.com
• Presented talk at ROOTCON rootcon.org & Security BSides Athens bsidesath.gr

Cisco IMC Server - Authorisation Bypass and Username Enumeration

• Security Advisory labs.f-secure.com

Xiaomi Redmi 5 Plus - Second Space Password Bypass

• Security Advisory labs.f-secure.com
• Bug Bounty Awarded via HackerOne platform (private report)

English

- Excellent / Near-Native Level

"Certificate of Profieciency in English" -

The University of Michigan

German

- Intermediate Level

"Goethe-Zertifikat B2" -

Goethe Institut Athen

Greek

- Native Languange