Hassan Abdullahi
Melbourne,Australia
Summary
Seasoned Principal Security Engineer with a proven track record at ITSEC Australia, enhancing organizational defenses through pioneering Red Team engagements and advanced penetration testing. Expert in Kali Linux and Python, demonstrating leadership and adaptability. Achieved significant vulnerability reductions, mentoring teams to embed best practices in security operations.
Overview
11
11
years of professional experience
1
1
Certification
Work History
Principal Security Engineer
Threat Intelligence
01.2023 - Current
- Pioneered advanced physical and goal-driven Red Team engagements, emulating sophisticated threat actors to rigorously evaluate and enhance organizational defenses.
- Engineered and executed custom IoT exploitation techniques, targeting hardware, firmware, and communication protocols, to identify and mitigate vulnerabilities in embedded environments.
- Performed comprehensive internal and external infrastructure penetration assessments, pinpointing critical weaknesses across on-premises, cloud-based, and hybrid architectures.
- Led deep-dive web application and API security evaluations, leveraging both manual methodologies and dynamic analysis tools to detect complex vulnerabilities, and ensure compliance.
- Conducted forensic malware analyses, reverse-engineering malicious code to uncover threat actor tactics, and develop targeted, intelligence-driven remediation strategies.
- Delivered expert cloud security reviews for AWS, Azure, and GCP, ensuring adherence to best practices in IAM policies, network segmentation, and configuration management.
- Utilized advanced exploit development techniques (including Metasploit, custom scripts, and reverse engineering) to replicate sophisticated breach scenarios and validate defensive controls.
- Produced executive-level security assessment reports, translating technical findings into actionable, strategic recommendations that align with organizational risk tolerance.
- Mentored and coached junior penetration testers, fostering advanced offensive skill sets, and establishing standardised, repeatable testing methodologies across engagements.
Principal Penetration Tester
ITSEC Australia
08.2022 - 01.2023
- Executed Comprehensive Security Assessments, Performed penetration tests, DFIR, and red team engagements with strict adherence to ethical and legal standards
- Built & Led a High-Performing SOC Coordinated with stakeholders to simulate realistic incident response scenarios and enhance organizational readiness
- Drove Continuous Improvement Established standardized testing processes, developed specialized systems, produced in-depth reporting, conducted ongoing threat research, and provided comprehensive training and mentorship to new team members
- Maintained strict adherence to industry regulations and ethical guidelines throughout red team engagements
- Identified and leveraged security gaps to illustrate potential breaches and inform strategic remediation priorities
- Scoped, scheduled, and defined resource requirements for penetration testing projects, ensuring timely and efficient execution
Senior Penetration Tester
Deloitte
10.2020 - 08.2022
- Led end-to-end penetration testing engagements by defining scope, developing test strategies, and managing execution for complex network, cloud, and application environments.
- Mentored and trained junior penetration testers, sharing best practices in vulnerability discovery, exploitation techniques, and secure coding principles.
- Implemented advanced threat modeling and risk assessment methodologies to identify critical weaknesses and prioritize remediation efforts.
- Leveraged both automated and manual testing tools (e.g., Metasploit, Nmap, Burp Suite Pro, Nessus, Wireshark) to uncover and exploit critical vulnerabilities.
- Coordinated with cross-functional teams (DevOps, Infrastructure, Compliance) to ensure that security controls are embedded throughout the software development lifecycle.
- Authored detailed technical reports and executive summaries, providing remediation recommendations aligned with industry standards (OWASP, NIST, PCI-DSS).
- Conducted secure code reviews using static and dynamic analysis tools to detect early-stage issues, and reduce overall risk.
- Performed in-depth cloud security assessments (AWS, Azure, GCP), evaluating configurations, IAM policies, and network security groups.
- Developed custom scripts and exploits (Python, PowerShell, Bash) to automate testing processes and demonstrate the potential business impacts of identified vulnerabilities.
- Integrated continuous security testing into CI/CD pipelines, enabling faster detection and remediation of newly introduced vulnerabilities.
- Led Red Team exercises, simulating advanced persistent threats (APTs), and employing adversarial tactics, techniques, and procedures (TTPs) to strengthen organizational defenses.
- Stayed current with emerging threats, security trends, and vulnerability research through continuous learning, industry publications, and conference participation.
Senior Security Engineer, Penetration Tester
Health Scope Ltd
01.2017 - 10.2020
- Deployed and managed security tools such as SIEM, EDR, and firewalls to monitor and analyze threats in real time.
- Led incident response efforts by analyzing logs, coordinating remediation, and conducting post-incident reviews.
- Performed vulnerability assessments, prioritized remediation activities, and ensured compliance with relevant regulations (e.g., PCI-DSS, HIPAA).
- Hardened systems and applications through secure configurations, patch management, and continuous monitoring.
- Collaborated with cross-functional teams (Network, DevOps, Operations) to establish and maintain robust security controls.
- Developed security policies, procedures, and guidelines aligned with frameworks like NIST and ISO 27001.
- Integrated threat intelligence into security operations to proactively detect, contain, and mitigate emerging threats.
- Provided mentorship on defensive best practices, log analysis, and incident handling techniques to junior team members.
Security Analyst
Austin Health Ltd
12.2016 - 12.2017
Security Analyst
Business Risk International Ltd
02.2014 - 10.2016
Education
Advanced Diploma -
Network Engineer
Master of Business - SAP ERP
ERP Systems
Skills
- Penetration Testing & Offensive Security Comprehensive mastery in Penetration Testing & Offensive Security across web applications, APIs, network infrastructure, mobile, and thick/thin client environments, complemented by advanced OSINT, social engineering, physical red teaming, and phishing capabilities Proficient in vulnerability assessments, exploit development, and password auditing, while delivering executive-level reporting, QA reviews, scoping, and stakeholder communication
- Tools Kali Linux, Burp Suite, Metasploit, Nmap, Nessus, Wireshark, OWASP ZAP, Hashcat, John the Ripper, Mimikatz, Bloodhound, Nikto, OpenVAS, SQLmap, Netcat, Ghidra, IDA Pro, Aircrack-ng, and Qualys
- Programming & Scripting: - Python, Bash, C, PowerShell
- Soft Skills - Communication, Collaboration, Coaching & Mentorship, Adaptability, Problem-Solving, Leadership, Project Delivery, Stakeholder Management
- Standards - MITRE ATT&CK, NIST, OSSTMM, OWASP, OWISAM, PTES
Certification
- Offensive Security, Offensive Security Certification Expert 3 (OSCE3)
- Offensive Security, Offensive Security Exploit Developer (OSED)
- Offensive Security, Offensive Security Evasion Professional (OSEP)
- Offensive Security, Offensive Security Certification Expert (OSCE)
- Offensive Security, Offensive Security Web Expert (OSWE)
- Offensive Security, Offensive Security Certification Professional (OSCP)
- Pentester Academy, X86_64 Assembly Language and Shell Coding on Linux (SLAE X86_64)
- Cisco, Cisco Certified Network Associate in Routing and Switching (CCNA R&S)
- Microsoft, Microsoft Certified Professional (MCSA WS-2008)
- CompTIA, CompTIA Linux Certified (LX0-103)
Accomplishments
- BLACKHAT & DEFCON, USA, 08/2023, Trainer
- BLACKHAT & DEFCON, USA, 08/2024, Trainer
References
Available Upon Request
Clearances
AGSVA, Negative Vetting Level 1 (NV1), SECRET, 01/2021
Personal Information
- Total Experience: 9+ years of specialized experience in offensive security and a total of 16+ years in Information Technology spanning Network Engineering, Systems Administration, and Security Operations.
- Title: Principal Security Engineer and Penetration Tester
Languages
English
Full Professional
Arabic
Elementary
References
References available upon request.
Timeline
Principal Security Engineer
Threat Intelligence
01.2023 - Current
Principal Penetration Tester
ITSEC Australia
08.2022 - 01.2023
Senior Penetration Tester
Deloitte
10.2020 - 08.2022
Senior Security Engineer, Penetration Tester
Health Scope Ltd
01.2017 - 10.2020
Security Analyst
Austin Health Ltd
12.2016 - 12.2017
Security Analyst
Business Risk International Ltd
02.2014 - 10.2016
Advanced Diploma -
Network Engineer
Master of Business - SAP ERP
ERP Systems
Similar Profiles
Johnnie OukoJohnnie Ouko
Safety Alert Writer at Beakon | Threat IntelligenceSafety Alert Writer at Beakon | Threat Intelligence
Güler Gün TolanGüler Gün Tolan
Enterprise Account Manager at SOCRadar® Extended Threat IntelligenceEnterprise Account Manager at SOCRadar® Extended Threat Intelligence
Brittany DunnBrittany Dunn
Account Manager at Jeff Threat Drywall Company Inc.,Account Manager at Jeff Threat Drywall Company Inc.,