Meet Our Expert Team
Below you will find short bio’s of our consultants profiles. Depending on the project we also cooperate with other security experts not listed here.Get a quote
Chairman of the Board
Possesses broad technical competence in cyber security, both from attack and defense. Comprehensive professional experience as: systems administrator (Onet.pl), computer forensics specialist, IT security specialist in CERT/CSIRT team (ComCERT, now Asseco) and SOC (Exatel, now Ministry of National Defence), penetration tester (RBS – The Royal Bank of Scotland), senior cyber security consultant in red team (Deloitte) and threat hunter in an US startup building SIEM/IDS software (Collective Sense, now Sumo Logic). IT Expert Witness (Court Expert) in computer science, listed by the District Court in Warsaw. Author of the book entitled “Practical post-breach analysis”. Co-author of many publications of the European Network and Information Security Agency (ENISA) on topics such as digital forensics, incident response and threat intelligence (2013). Member of the three-person winning team at Europe's largest cybersecurity exercise – ENISA Cyber Europe 2014. He is also a part of MalwareMustDie, a non-profit organization fighting against cybercrime. In 2019, he was recognised by European national CERTs for stopping the largest badWPAD attack, which was also highlighted in the SANS Institute podcast. Author of numerous public security analyses, which were appreciated among others by CERT Polska, CERT Orange, Splunk and BleepingComputer. He is the chief architect of RedEye. Since 2012, bug hunter recognized by dozens of well-known companies for reported security vulnerabilities including among others Adobe, Apple, BlackBerry, Harvard University, Netflix, Nokia, VMware, Yahoo and Yandex. He holds recognized technical cybersecurity certifications: Offensive Security Certified Professional (OSCP) – since May 2015, Offensive Security Wireless Professional (OSWP) – since February 2016, eLearnSecurity Web application Penetration Tester (eWPT) – since January 2016, X-Ways Forensics – since March 2012.
Member of the Board
For many years he has been involved in the cyber security industry, with a particular focus on offensive aspects. He worked in many different sectors, including IT, banking and consulting, where he held positions related to penetration testing and offensive security research. As an IT security consultant he executed many projects for companies that are part of the critical infrastructure. Since 2010 as an independent security researcher he has found many vulnerabilities in well-known software among others Apple, Microsoft and Google. Since 2014 he was the lead penetration tester and mentor of the pentesting team at the international banking group The Royal Bank of Scotland (RBS). In 2015, he started as a security researcher at COSEINC, where he worked on the topics of fuzzing and finding security bugs in the most popular web browsers. He co-founded the acclaimed international conference WarCon focused on offensive aspects of cyber security, which has been held annually in Warsaw since 2016. In 2014, he presented his research on mobile browser security at the SyScan360 international conference held in Beijing. In 2019/2020 he discovered a number of critical vulnerabilities in the Chrome browser, for which Google awarded him with public acknowledgement and a bounty totaling $68,000. In 2020, he also discovered a vulnerability in Apple's Safari browser, which was highlighted in a Forbes Magazine article and a podcast by the SANS Institute. He holds recognized technical cybersecurity certifications: Offensive Security Certified Professional (OSCP) – since June 2014, GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) – since March 2014.
For over 10 years he works as a forensics expert, including management positions in that field. He is an IT Expert Witness in Poland, in the field of computer science. Focused mostly on criminal forensics, he delivered over 200 individual expert opinions for law enforcement and justice authorities, over 800 collective opinions with other expert witnesses. As a head of computer forensics laboratory he oversaw the making of over 3500 expert opinions. Author of trainings in the field of computer forensics, hacking and cybercrime. Holds the following certificates: EC-Council Certified Ethical Hacker (CEH), Cellebrite Certified Physical Analyst (CCPA), Cellebrite Certified Logical Operator (CCLO)
He started as a software developer, next he moved to Security Operations Center (SOC) in IBM, where he was responsible for identification and defending against attacks on the infrastructure for companies around the world. Architect of one of the first polish cyber training grounds on which as a red team he trained blue teams responsible for security in banks and critical infrastructure. He holds NATO Secret, EU Secret, PL secret security clearances and the following certificates: Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP).
Has many years of experience in conducting penetration tests (web applications, API, mobile applications), configuration reviews (systems, networks, cloud) and widely understood cyber security consulting. He has performed around 400 penetration tests working as a pentester in Sony, and before as a lead penetration testing specialist in The Royal Bank of Scotland (RBS). He holds the following certificates: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), eLearnSecurity Web application Penetration Tester eXtreme (eWPTX), eLearnSecurity Mobile Application Penetration Tester (eMAPT).
Great experience as both application developer and as a person analysing their security issues. Comprehensive look on risk, not only technical, experience in its mitigation. Worked with small projects as well as with the biggest e-commerce in Eastern Europe as a senior IT security specialist in Allegro auction portal. Author of PKI and mobile application security trainings. Has the following certificates: Offensive Security Certified Professional (OSCP), EC-Council Certified Ethical Hacker (CEH).
Has over 10 years of experience in penetration testing, phishing campaigns, source code audits and DevOps. Worked as a senior consultant in FortConsult (part of NCC Group), Trustwave (elite SpiderLabs team) and as a penetration tester in The Royal Bank of Scotland (RBS). He is the core developer of widely known tool called Browser Exploitation Framework Project (BeEF). Co-author of “The Browser Hacker’s Handbook” and “X41 Browser Security White Paper”. Presented on conferences such as WarCon, KiwiCon, RuxCon, ZeroNights, OWASP AppSec, CONFidence and Secure. Holds the following certificate: Offensive Security Certified Professional (OSCP).
For over a decade he gains experience in the IT security field. Worked as a senior consultant in FortConsult (part of NCC Group), Trustwave (elite SpiderLabs team) and as a lead penetration testing specialist in The Royal Bank of Scotland (RBS). Performed hundreds of penetration tests, audits and reviews of IT systems security for one of the largest companies in the banking and public sector. Has broad knowledge technical knowledge and experience in networks, mobile and web application technologies. Holds the following certificates: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE).
Has over 10 years of experience in the IT security field. Graduated from the Cybernetics department in the Military University of Technology in Warsaw. Specializes in reverse engineering software dedicated for systems working on x86, amd64, ARM and MIPS architectures. In years 2011-2015 he was a CEO of a polish international chapter of the non-profit Honeynet project dealing with software development in the IT/Telco security field. Founder of the TProbe project, software dedicated to maintain complex multiplatform environment for software analysis.
In the IT security field since many years, recently focused mostly on SIEM technology (monitoring security events) and SOC. Worked for the ING banking group (SIEM implementation, threat hunting), next for the UBS banking group (designing monitoring scenarios), after that as a consultant for Hewlett Packard Enterprise (SIEM related activities) with projects for banks and other international corporations, also for government institutions inside the EU. As an independent consultant he worked for Sony (threat hunting, monitoring scenarios and incident response), McKesson and BGZ BNP Paribas (SIEM implementation). Has broad knowledge about tools, processes, design, implementation and development of SOC. Holds the following certificates: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), EC-Council Certified Ethical Hacker (CEH), ArcSight Security V1 - Security Administrator and Analyst (HP ATP), Microsoft Certified IT Professional (Windows Server 2008), Microsoft Certified Solutions Associate (MCSA: Windows Server 2008).
Has more than 10 years of experience in cybersecurity, earlier worked as a .NET developer of systems for public health care. Since many years focused on distributed systems, cloud environments (OpenStack, AWS, Azure) and artificial intelligence (AI). During many years in Scandinavian corporation F-Secure analysed security of IT systems for multiple industries e.g. finance, aviation, gambling, retail, critical infrastructure and telecommunication. Has broad experience in penetration testing, infrastructure security, including cloud environments, web applications, mobile applications and offensive security (red teaming). Has vast knowledge of the whole software development cycle as well as threat modeling, attack simulation and monitoring. At F-Secure co-founded threat detection solution and later supported the operations center (blue team). He worked as a mentor and a leader of teams conducting security audits. Currently focused mainly on the offensive security, cloud environments and security of solutions based on the blockchain technology (crypto, decentralized finances, smart contracts).