Meet Our Team
Below you will find short bio’s of our consultants profiles. Depending on the project we also cooperate with other security experts not listed here.
Chairman of the Board
Has a broad technical experience in IT security, both attack and defense. Worked full time as a: IT systems administrator in Onet.pl, computer forensics expert, IT Security specialist in CERT/CSIRT team, penetration tester in The Royal Bank of Scotland (RBS), senior cybersecurity consultant in red team Deloitte and a threat hunter in an american startup building a SIEM/IDS solution. IT Expert Witness in Poland, in the field of computer science at the District Court in Warsaw, with emphasis on general computer forensics, forensic analysis, hacking and cybercrime. Author of the book titled “Practical computer forensics analysis”. Co-author of many European Network and Information Security Agency (ENISA) publications on the subjects of digital forensics, incident response and threat intelligence. Member of a team that won the ENISA Cyber Europe 2014 – largest civilian exercises about protecting cyberspace. He is also a part of MalwareMustDie, a non-profit organization fighting against cybercrime. Has received numerous thanks from known companies for reporting security issues including: Adobe, Apple, BlackBerry, Netflix, Nokia and VMware. He is a holder of several IT security certificates: Offensive Security Certified Professional (OSCP) – since May 2015, Offensive Security Wireless Professional (OSWP) – since February 2016, eLearnSecurity Web application Penetration Tester (eWPT) – since January 2016, X-Ways Forensics – since March 2012.
Member of the Board
Has been in the IT security field for many years, specializing in offensive security aspects. Worked as a: penetration tester in a SAP consulting company, lead penetration testing specialist in The Royal Bank of Scotland (RBS) and as a browser security researcher in COSEINC. Apart from that since 2010 he was an independent security researcher. He has discovered multiple security vulnerabilities in popular software including vendors like Apple, Microsoft and Google. He has experience in fuzzing and exploit development, recently mostly dealing with mainstream browsers. Co-founder and organizer of a international IT security conference WarCon, focused on offensive security and research, happening since 2016 every year in Warsaw, Poland. In 2014 he has presented about the iOS mobile browsers security on an international conference SyScan360 in Beijing, China. He is a holder of the following certificates: Offensive Security Certified Professional (OSCP) – since June 2014, GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) – since March 2014.
He has many years of solid experience on the both sides of IT security. First of all an experienced security engineer, secondly penetration testing and security audit veteran. He has conducted over 250 penetration tests and authored trainings about hacking and defense. Worked as a senior red teaming specialist in Cisco and a pentester in UBS banking group. In the earlier years he worked as a senior IT security specialist in Interia.pl portal and systemts administrator in 3S. He holds the following certificates: Offensive Security Certified Professional (OSCP), eLearnSecurity Mobile Application Penetration Tester (eMAPT), EC-Council Certified Ethical Hacker (CEH).
Great experience mostly in offensive cyber security: red teaming, penetration testing, security research for finding and exploiting zero-day vulnerabilities. Wide competences in reverse engineering, fuzzing and static code analysis. Practical knowledge in software engineering (PHP, Python and Ruby), including implementing secure development processes such as Secure SDLC or DevSecOps. Has discovered security vulnerabilities in many popular applications from vendors such as Apple, Google, Adobe and Mozilla. Worked as a IT security architect in Center for Informatics Technology (Ministry of Digital Affairs) and in the earlier years as a cyber security consultant. He holds the following certificate: Offensive Security Certified Professional (OSCP).
Has many years of experience in conducting penetration tests (web applications, API, mobile applications), configuration reviews (systems, networks, cloud) and widely understood cyber security consulting. He has performed around 300 penetration tests working as a pentester in Sony, and before as a lead penetration testing specialist in The Royal Bank of Scotland (RBS). He holds the following certificates: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), eLearnSecurity Web application Penetration Tester eXtreme (eWPTX), eLearnSecurity Mobile Application Penetration Tester (eMAPT).
Great experience as both application developer and as a person analysing their security issues. Comprehensive look on risk, not only technical, experience in its mitigation. Worked with small projects as well as with the biggest e-commerce in Eastern Europe as a senior IT security specialist in Allegro auction portal. Author of PKI and mobile application security trainings. Has the following certificates: Offensive Security Certified Professional (OSCP), EC-Council Certified Ethical Hacker (CEH).
Has over 10 years of experience in penetration testing, phishing campaigns, source code audits and DevOps. Worked as a senior consultant in FortConsult (part of NCC Group), Trustwave (elite SpiderLabs team) and as a penetration tester in The Royal Bank of Scotland (RBS). He is the core developer of widely known tool called Browser Exploitation Framework Project (BeEF). Co-author of “The Browser Hacker’s Handbook” and “X41 Browser Security White Paper”. Presented on conferences such as WarCon, KiwiCon, RuxCon, ZeroNights, OWASP AppSec, CONFidence and Secure. Holds the following certificate: Offensive Security Certified Professional (OSCP).
For over a decade he gains experience in the IT security field. Worked as a senior consultant in FortConsult (part of NCC Group), Trustwave (elite SpiderLabs team) and as a lead penetration testing specialist in The Royal Bank of Scotland (RBS). Performed hundreds of penetration tests, audits and reviews of IT systems security for one of the largest companies in the banking and public sector. Has broad knowledge technical knowledge and experience in networks, mobile and web application technologies. Holds the following certificates: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE).
Has over 10 years of experience in the IT security field. Graduated from the Cybernetics department in the Military University of Technology in Warsaw. Specializes in reverse engineering software dedicated for systems working on x86, amd64, ARM and MIPS architectures. In years 2011-2015 he was a CEO of a polish international chapter of the non-profit Honeynet project dealing with software development in the IT/Telco security field. Founder of the TProbe project, software dedicated to maintain complex multiplatform environment for software analysis.
Since 10 years he works as a forensics expert, including management positions in that field. He is an IT Expert Witness in Poland, in the field of computer science. Focused mostly on criminal forensics, he delivered over 200 individual expert opinions for law enforcement and justice authorities, over 800 collective opinions with others expert witnesses. As a head of computer forensics laboratory he oversaw the making of over 3500 expert opinions. Author of trainings from the field of computer forensics, hacking and cybercrime. Holds the following certificates: EC-Council Certified Ethical Hacker (CEH), Cellebrite Certified Physical Analyst (CCPA), Cellebrite Certified Logical Operator (CCLO)
In the IT security field since many years, recently focused mostly on SIEM technology (monitoring security events) and SOC. Worked for the ING banking group (SIEM implementation, threat hunting), next for the UBS banking group (designing monitoring scenarios), after that as a consultant for Hewlett Packard Enterprise (SIEM related activities) with projects for banks and other international corporations, also for government institutions inside the EU. As an independent consultant he worked for Sony (threat hunting, monitoring scenarios and incident response), McKesson and BGZ BNP Paribas (SIEM implementation). Has broad knowledge about tools, processes, design, implementation and development of SOC. Holds the following certificates: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), EC-Council Certified Ethical Hacker (CEH), ArcSight Security V1 - Security Administrator and Analyst (HP ATP), Microsoft Certified IT Professional (Windows Server 2008), Microsoft Certified Solutions Associate (MCSA: Windows Server 2008).
He started as a software developer, next he moved to Security Operations Center (SOC) in IBM, where he was responsible for identification and defending against attacks on the infrastructure for companies around the world. Architect of one of the first polish cyber training grounds on which as a red team he trained blue teams responsible for security in banks and critical infrastructure. He holds NATO Secret, EU Secret, PL secret security clearances and the following certificates: Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP).