Summary
8+ years combined operational work experience in penetration tests of enterprise networks and web application, physical social engineering and privilege escalation.
As a member of the Enterprise Security and Risk Team, I conduct enterprise wide security risk assessments by infiltrating its systems and breach its physical perimeters. This highlights gaps in the organization’s technical security that require fixing as well as being involved in executing the security awareness plan.
Knowledge of Bash Scripting, PHP, SQL, Python and C-based program languages allows me to create my own applications for automation and optimization company’s security.
Passed both the CEH knowledge-based MCQ and the CEH Practical exam on 92,8% and 90% respectively allowed me to become the TOP 10 in the World Global Ethical Hacking LeaderBoard!
I am the offensive security and my goal does not end at gaining full access – that is only a starting point.
Professional experience
Deloitte
Senior manager (Cyber Risk Advisory), October 2021 – till now
- Cooperated with the company’s key account clients across the Globe leaded to sign contracts for penetration test and information security audit with global companies from the United States, Germany, Japan, Kazakhstan, and other
- Managed projects and developed cross-counties interconnections with cooperation with Deloitte Global Red Team from North America, Europe, and the Middle East
- Performed clients’ penetration tests and found an unintended way to evade antivirus protection which led to harvesting critical confidential data and getting complete control over the domain
- Oversaw, leaded, mentored and taught subordinates who were able to pass one of the most complicated and demanding cybersecurity exams - OSCP
- Developed tools to aid penetration test automation and effectiveness such as AutoSUID and ShellDAVpass
MegaFon
Cyber Security Analysis Expert, December 2020 – October 2021 (remotely)
- Created development plans for the customer’s infrastructures, oversee its implementation and support it with automation and efficiency tools of his own
- Figured out all potential vulnerabilities in MegaFon client’s infrastructure, systems, software, and operations
- Developed mitigation plans to counteract or eliminate cyber security risks before any actual incidents
- Created educational plans and events to raise security awareness among the client’s employees
DataMe (AGGA Empire)
Information Security Manager, June 2017 – October 2021
- Cooperated with key account clients like Deloitte, Unilever, Valio, Miro, Heinemann, IFF Frutarom
- Developed tools to aid penetration test automation and effectiveness such as Fast-Google-Dork-Scan, CA “Hydra”, Host- and Port Enumeration
- Performed internal and external pentest, web application testing (OWASP Top 10), and full-scope red teams
- Created threat models that result in more secure application design
- Wrote comprehensive and accurate reports, test plan documents, and mitigation recommendations
TRANSNEFT, JSC
Lead Information Security Analyst, December 2014 – July 2017
- Coached and managed a team of company’s security up to 12 people
- Developed and implemented policies and procedures throughout the life cycle of the automatic leak detection system which prevented of unauthorized user’s actions
- Developed information systems and databases for automation and optimization company’s security officers
Senior Information Security Analyst, June 2013 – December 2014
- Tested the company’s information systems for penetration using BackTrack and Kali Linux applications like NMap, WFuzz, John the Ripper, SQLMap, Metasploit, Burpsuite, Wireshark, etc.
- Recognized and safely utilized attacker tools, tactics, and procedures
- Develop policies, procedures and contingency plans to minimize the effects of security breaches from client's staff and criminals
Investigative Committee of Russia
Investigator, August 2009 – June 2013
- Monitored and investigated suspicions situations and unusual activities in state's information systems
- Managed team of three detectives to investigate information technology criminal cases
- Prepared cases for trial, attended court and testified as a witness
- Carried out crime prevention work with the citizens
Education
- The Russian Presidential Academy of National Economy and Public Administration | ECE and WES approved as Master’s degree | IT Management for Business | 2015 – 2018
- Military University of the Ministry of Defense | ECE and WES approved as Master’s degree | Jurisprudence | 2004 – 2009
Certification
- Certified Chief Information Security Officer (CCISO), 2022-2023
- EC-Council Information Security Manager (EISM), 2022-2025
- Offensive Security Certified Professional (OSCP), 2021
- Certified Ethical Hacker (Master), 2020-2023
- Certified Ethical Hacker (Practical), 2020-2023
- Certified Network Defense Architect (CNDA), 2020-2023
- Certified Ethical Hacker (CEH), 2020-2023
- Certified Network Defender (CND), 2020-2023
Publications
- AutoSUID – Splunk (Approaching Linux Post-Exploitation with Splunk Attack Range), 01.2022 - https://www.splunk.com/en_us/blog/security/approaching-linux-post-exploitation-with-splunk-attack-range.html
- The Russian Kerbrute - Hakin9 (IT Security Magazine), 11,2021 - https://hakin9.org/the-russian-kerbrute-by-ivan-glinkin/
- Data leaks without hacking - Hakin9 (IT Security Magazine), 02.2021 - https://hakin9.org/data-leaks-without-hacking/
- Fast Google Dork Scan – KitPloit (PenTest Tools for your Security Arsenal), 06.2020 - https://www.kitploit.com/2020/06/fast-google-dorks-scan-fast-google.html