My name is Damian, an Ethical Hacker/Penetration Tester with years of experience in the Cybersecurity field and interest in Web 3 Security. In my spare time, I take on CTF challenges and build projects in the Rust Programming Language. I particularly test the security of web applications and networks, coupled with my experience with cloud services.
In addition, I am an educator and an ex Instructor at the CyBlack x Cisco Academy.

Experience 🏢

Independent Security Researcher

Self-employed

Remote, United Kingdom | May. 2024 — Present

  • Conducting ongoing vulnerability research across web applications, APIs, and open source software with the goal of responsible CVE disclosure.
  • Performing manual code audits and black-box testing on open source projects, focusing on authentication flaws, insecure deserialisation, and injection vulnerabilities

Cisco Academy Instructor

Cisco Networking Academy x CyBlack

Remote, United Kingdom | Jan. 2024 — Jun. 2024

  • Selected to deliver Cisco NetAcad’s Cybersecurity Essentials and Networking courses to a cohort of >100 students, translating complex technical concepts into accessible instruction for early-career learners.
  • Designed and produced all instructional slides, assessments, and supplementary materials from scratch, reducing course preparation.
  • Tracked student progress and ran targeted interventions, contributing to a >70% cohort completion rate across the programme.

Ethical Hacking Instructor

CyBlack

Remote, United Kingdom | Aug. 2023 — Oct 2023

  • Tasked with preparing 50 students for the Datakirk Summit, designed and delivered a structured ethical hacking curriculum covering reconnaissance, exploitation, post-exploitation, and reporting over 12 weeks.
  • Built a purpose-built CTF-style penetration testing lab from scratch to serve as the programme’s final assessment, simulating real-world attack scenarios across web and network targets.

  • 90% of students were capable of fully assessing the security of the lab and delivering detailed reports.

Penetration tester & Cybersecurity Analyst

Cybarik

Remote, United Kingdom | May 2023 — June. 2023

  • Assessed the security of a fintech processing over $3B in annual transactions before and during production; conducted black-box API and web application penetration tests across dozens of endpoints and subdomains.
  • Identified and exploited critical authentication, authorisation, and injection vulnerabilities across REST APIs, directly reducing exposure of live payment infrastructure.
  • Authored detailed technical reports mapping findings to severity ratings and remediation steps, enabling the client to close numerous critical and medium vulnerabilities before wider rollout.
  • Reviewed security policies and practices end-to-end, delivering a risk-scored posture assessment that gave stakeholders a clear view of their attack surface.

Penetration Tester & Content Writer

Fezzant

Remote, United Kingdom Oct. 2022 — Feb. 2023

  • Web Security: Evaluated and addressed web app vulnerabilities, applying remediation for enhanced security. Performed routine security tests and monitoring to safeguard client cloud-based apps.
  • Researched cybersecurity subjects to enrich web content for client initiatives. Developed and edited content according to project parameters and guidelines.

Cyber Security Intern

CyBlack

Remote, United Kingdom | Sept. 2022 — Dec. 2022

  • Team Lead - Managed report compilation by synthesising individual contributions into cohesive team reports for the following tasks:
  • Threat Intelligence: Researched diverse organisational threats, crafting comprehensive reports with mitigation recommendations.
  • Cloud Security with Microsoft Azure (IAM): Enforced cloud security controls through Azure tools and best practices, ensuring robust infrastructure defence.
  • Human Element in Cyber Security: Analyzed human behaviour’s impact on cybersecurity, creating employee training resources on security best practices.
  • GRC/Security Auditing: Engaged in GRC efforts, encompassing security audits and risk assessments for effective governance.
  • Incident Response: Supported security incident handling, collecting, analysing evidence, and suggesting remedial actions.
  • Ethical Hacking/Penetration Testing: Executed simulated attacks on systems, pinpointing vulnerabilities and offering enhancement suggestions.

Personal Experience 🕹️

CTF Competitions:

  • picoCTF 2022 & 2023
  • Hackpocalypse 2023
  • Ecowas CTF 2023

Labs:

  • HackTheBox (Hacker Rank)
  • TryHackMe
  • Portswigger (Solved 10% of labs)
  • Offsec Proving Grounds

Projects:

  • Fast and simple port scanner (Rust) - here
  • Intrusion Detection System written in (BASH) - here
  • Discord Bot. Posts Cybersecurity News every hour using Google API (Python) - here

Hobbies 🎮

Outside of Cybersecurity, I like playing Chess, listening to music, playing video games and watching anime.