I am an experienced information security and software development consultant and researcher who can perform web and mobile application penetration tests, automated and manual code reviews, software debugging, security testing on smartphone platforms such as iOS and Android, and develop security-aware web and mobile applications. I have a masters degree in Computer Security from Columbia University, New York.


Staff Security Engineer @ VMware, San Francisco Bay Area, CA. (Nov 2017 — Present)

Senior Security Engineer @ VMware, San Francisco Bay Area, CA. (Apr 2016 — Oct 2017)

VMware virtualizes computing, from the data center to the cloud to mobile devices, to help our customers be more agile, responsive, and profitable. My job functions include finding new vulnerabilities in VMware products, analyzing externally reported vulnerabilities, developing demonstration exploits, developing vulnerability mitigations and workarounds, act as the technical reviewers for external security communications such as VMware Security Advisories, security response engineering and tools development.

Senior Security Consultant @ IOActive, Inc., Seattle, WA. (Oct 2014 — Apr 2016)

IOActive is an industry leading security services firm. My essential job function is to perform security services for IOActive's Global client portfolio. These can include penetration testing, vulnerability assessments, reverse engineering, fuzzing, exploit development, and more. The focus of my work is to provide leadership on mobile penetration testing for Android and iOS platforms. Other important job functions include participation in the business development process, performing research and delivering talks at industry events.

Security Consultant @ IOActive, Ltd., London, U.K. (Apr 2013 — Sep 2014)

The essential job functions include vulnerability assessments and analysis, penetration testing and source code review of web and mobile applications and platforms, reporting and documentation of all security findings, and travel to customer site locations as required.

Freelance Consultant @ Secursive. (Feb 2012 — Jan 2014)

A freelance Information Security Consultancy and Secure Software Development agency. I provide Secure Software development, Web and Mobile Applications penetration-testing, automated and manual code reviews for security vulnerabilities. Security testing on smartphone platforms such as iOS and Android, is what I love to do. I also provide Security-aware Web and Mobile applications development, Operating System development and Software debugging services. References from clients can be provided on request.

Research Engineer / Mobile App Development Manager @ Next Generation Intelligent Networks Research Center, Islamabad. (Mar 2012 — Feb 2013)

Development of Secure SMS and Secure VoIP applications on Android and iPhone. The core task was to help the programmers apply the theory of information security, cryptography and secure development in real world mobile applications. I managed a team of mobile application developers to achieve these tasks. I was also responsible for completing reports and deliverables to meet requirements of the funding agency.

Visiting Faculty @ National University of Computer & Emerging Sciences, Islamabad. (Aug 2012 — Dec 2012)

Courses Taught: Data Communication & Networking

Mobile Development, Security and Testing — Intern @ Cigital, New York, NY. (May 2011 — Dec 2011)

The concentration of my work was on penetration testing of a number of iPhone, iPad applications for some of the fortune 50 companies. I also worked on image assessment, and some linux based embedded system pen-testing.

Research Engineer / Team Lead @ Next Generation Intelligent Networks Research Center, Islamabad. (Apr 2008 — Jul 2010)

The aim of this project is to develop an intelligent Bio-inspired self-defending/ self-healing security frame work for IP Multimedia System (IMS) and Next Generation All-IP Networks, which will complement existing authentication and encryption mechanisms to protect infrastructure nodes and subscribers against the attacks launched by malicious nodes in the network. These unique and real-time vulnerabilities which need to be addressed in the IMS network include: IMS framework-related vulnerabilities, SIP protocol vulnerabilities, VoIP/ video/ PoC/ Messaging/ Presence/ Conferencing application vulnerabilities; and voice spam, media plane related vulnerabilities. This framework is expected to become a cardinal component that will protect against the misuse of the network resources of an operator. The goal is that our system will ultimately become integral part of security for IMS and Next Generation All-IP networks.


MS — Computer Science (Security) @ Columbia University — Fu Foundation School of Engineering and Applied Science, New York, NY. (2010 — 2011)

BE — Electrical Engineering @ National University of Science and Technology, Islamabad. (2004 — 2008)