Summary

I am an experienced information security and software development consultant and researcher who can perform web and mobile application penetration tests, automated and manual code reviews, software debugging, security testing on smartphone platforms such as iOS and Android, and develop security-aware web and mobile applications. I have a masters degree in Computer Security from Columbia University, New York.


Experience


Senior Security Engineer

VMware

Apr 2016 - Present
San Francisco Bay Area, CA
VMware virtualizes computing, from the data center to the cloud to mobile devices, to help our customers be more agile, responsive, and profitable. My job functions include finding new vulnerabilities in VMware products, analyzing externally reported vulnerabilities, developing demonstration exploits, developing vulnerability mitigations and workarounds, act as the technical reviewers for external security communications such as VMware Security Advisories, security response engineering and tools development.


Senior Security Consultant

IOActive, Inc.

Oct 2014 - Apr 2016
Seattle, WA
IOActive is an industry leading security services firm. My essential job function is to perform security services for IOActive's Global client portfolio. These can include penetration testing, vulnerability assessments, reverse engineering, fuzzing, exploit development, and more. The focus of my work is to provide leadership on mobile penetration testing for Android and iOS platforms. Other important job functions include participation in the business development process, performing research and delivering talks at industry events.


Security Consultant

IOActive, Ltd.

Apr 2013 - Sep 2014
London, U.K.
The essential job functions include vulnerability assessments and analysis, penetration testing and source code review of web and mobile applications and platforms, reporting and documentation of all security findings, and travel to customer site locations as required.


Freelance Consultant

Secursive

Feb 2012 - Jan 2014
A freelance Information Security Consultancy and Secure Software Development agency. I provide Secure Software development, Web and Mobile Applications penetration-testing, automated and manual code reviews for security vulnerabilities. Security testing on smartphone platforms such as iOS and Android, is what I love to do. I also provide Security-aware Web and Mobile applications development, Operating System development and Software debugging services. References from clients can be provided on request.


Research Engineer / Mobile App Development Manager

Next Generation Intelligent Networks Research Center

Mar 2012 - Feb 2013
Islamabad
Development of Secure SMS and Secure VoIP applications on Android and iPhone. The core task was to help the programmers apply the theory of information security, cryptography and secure development in real world mobile applications. I managed a team of mobile application developers to achieve these tasks. I was also responsible for completing reports and deliverables to meet requirements of the funding agency.


Visiting Faculty

National University of Computer & Emerging Sciences

Aug 2012 - Dec 2012
Islamabad
Courses Taught: Data Communication & Networking


Mobile Development, Security and Testing - Intern

Cigital

May 2011 - Dec 2011
New York, NY
The concentration of my work was on penetration testing of a number of iPhone, iPad applications for some of the fortune 50 companies. I also worked on image assessment, and some linux based embedded system pen-testing.


Research Engineer / Team Lead

Next Generation Intelligent Networks Research Center

Apr 2008 - Jul 2010
Islamabad
The aim of this project is to develop an intelligent Bio-inspired self-defending/ self-healing security frame work for IP Multimedia System (IMS) and Next Generation All-IP Networks, which will complement existing authentication and encryption mechanisms to protect infrastructure nodes and subscribers against the attacks launched by malicious nodes in the network. These unique and real-time vulnerabilities which need to be addressed in the IMS network include: IMS framework-related vulnerabilities, SIP protocol vulnerabilities, VoIP/ video/ PoC/ Messaging/ Presence/ Conferencing application vulnerabilities; and voice spam, media plane related vulnerabilities. This framework is expected to become a cardinal component that will protect against the misuse of the network resources of an operator. The goal is that our system will ultimately become integral part of security for IMS and Next Generation All-IP networks.


Education

MS - Computer Science (Security)

Columbia University - Fu Foundation School of Engineering and Applied Science

2010 - 2011
New York, NY

BE - Electrical Engineering

National University of Science and Technology

2004 - 2008
Islamabad