Cybersecurity Expert & Penetration Tester

Cybersecurity expert with 15+ years’ experience in Red Team operations, web & network penetration testing, DFIR and cloud security (AWS/Azure/GCP). Skilled in Python tooling, exploit development and automation. Experienced aligning programs with ISO 27001, NIST, GDPR. Secured 100+ enterprise systems; led incident response and Zero Trust implementations.

Emailelagha@yaani.com

LocationTripoli, Libya

Core Competencies

Web / Network / Wireless pentesting — OWASP Top 10, SQLi, XSS, SSRF
Red Team operations & adversary emulation
Incident response & digital forensics (DFIR)
Cloud security (AWS/Azure/GCP); CI/CD & container hardening
Exploit development & vulnerability management
Automation (Python, Bash, PowerShell)

Education & Certifications

B.Sc. in Computer Science — University of Tripoli
Certified Penetration Tester
Advanced courses: AI Security, Cloud Security, IoT Security

Professional ExperienceSelected roles

Senior Cybersecurity Consultant — Freelance

Led Red Team engagements for banks and telecoms; simulated APT tactics (phishing, C2, lateral movement).
Conducted full-scope web application pentests; delivered remediation plans and retest validation.
Built Python tooling for reconnaissance, scanning and PoC exploits; automated security checks in CI pipelines.
Advised on Zero Trust, MFA and baseline hardening; reduced critical risk exposure by >35%.

Stack: Burp Suite, Nmap, Metasploit, Wireshark, Python, Bash, AWS/Azure

Security Analyst — SOC / DFIR

Monitored SIEM alerts, triaged incidents, and performed memory & disk forensics and root-cause analysis.
Created detection rules and playbooks; improved MTTR by 28% and reduced false positives by 18%.
Worked with legal / compliance on evidence preservation and audit trails (GDPR / ISO 27001).

Stack: Splunk, ELK, Volatility, Sysinternals, Suricata

Highlighted ProjectsClient-safe details

Banking Web Apps Pentest

Identified critical authentication bypass and misconfigured object storage; produced remediation roadmap and verified fixes.

Risk reduced from Critical to Medium within 6 weeks.
Introduced SAST / DAST gates into CI to prevent regressions.

Cloud Hardening & Zero Trust

Hardened IAM, applied least-privilege, implemented segmentation, enabled MFA and centralized logging & guardrails.

Certifications & Training

Certified Penetration Tester
Network Defense & DFIR workshops
Cloud Security Foundations
Python for Offensive Security