NixSec Labs | About

// 03 — The Operators

The Team

// Identities redacted per operational security policy. Credentials and track record speak for themselves.

OPERATOR // 01 — RED TEAM

Senior Security Consultant
Head of Offensive Operations

// Active since 2015

ENGAGED

A senior security consultant with roots in software development and embedded systems engineering. Since 2015, this operator has specialised in penetration testing and ethical hacking, delivering high-impact adversarial assessments across banking, insurance, and energy sectors. Known for pushing the boundaries of offensive research — most notably in ATM security and red team operations — and for presenting that research on the world stage.

// Core Competencies

Penetration Testing

Red Teaming

Cloud Security

Embedded / ATM Hacking

Software Development

Incident Response (CSIRT)

// Certifications & Education

GXPN — GIAC Exploit Researcher & Advanced Penetration Tester

GRTP — GIAC Red Team Professional

SANS SEC588 — Cloud Penetration Testing

CBBH — Certified Bug Bounty Hunter

MSc Computing Science & Engineering — Umeå University

Multiple Hack The Box & GIAC Certifications

// Specialisation Tags

Adversarial Simulation ATM Security Cloud Pen-Testing Physical Security OSINT Exploit Development SIEM CTF Competitor

// Field Highlights

              🎤
              Presented ATM hacking research and red team operations at DEFCON Red Team Village, BSides Las Vegas, and Sec-T — three of the most respected security conferences globally.
            

              🏆
              Winning team at AFCEAHack'17 Hackathon (October 2017) — competitive CTF against international participants. Active competitor on Hack The Box, TryHackMe, and the Swedish platform Undutmaning.se.
            

              📄
              Co-authored peer-reviewed research published via Emerald | Insight (2015): "An empirical test of the accuracy of an attack graph analysis tool".
            

OPERATOR // 02 — BLUE TEAM

Senior SIEM Specialist
Head of Defensive Operations

// 10+ Years Field Experience

MONITORING

A senior defensive operator with over a decade of specialisation in SIEM engineering, security audit, and governmental security operations. Renowned for deep expertise in the Elastic Stack ecosystem and the ability to translate raw telemetry into actionable intelligence. Brings a unique combination of AI-augmented security practices and classical SOC operations to every engagement.

// Core Competencies

SIEM Engineering

Elastic Stack

Security Auditing

Governmental / Compliance

Threat Detection Engineering

AI Security Practices

// Certifications

Cisco Certified Ethical Hacker

Cisco AI Business Practitioner

Cisco AI Technical Practitioner

10+ Years Operational SIEM Experience

// Specialisation Tags

Elastic Stack SIEM Architecture Log Management Security Audit Governmental Security Threat Detection AI Security SOC Operations

// Field Highlights

              🛡️
              Over 10 years delivering SIEM solutions across critical infrastructure, governmental bodies, and regulated industries where failure is not an option.
            

              ⚡
              Specialist-level proficiency in Elastic Stack — architecture, deployment, detection rule engineering, and operational tuning at enterprise scale.
            

              🤖
              Early adopter of AI-augmented security operations — certified in both business and technical AI practices, applied to threat detection pipelines.
            

              🏆
              Active CTF competitor on Hack The Box, TryHackMe, and Undutmaning.se — including wins in internal CTF tournaments, validating offensive skills beyond the defensive discipline.
            

              🎤
              Regular attendee at elite industry events including Black Hat Las Vegas, DEFCON, BSides, Troopers, and Chaos Computer Camp — maintaining a frontline perspective on the evolving threat landscape.
            

OPERATOR // 03 — FORENSICS

Digital Forensics Lead
Incident Response Specialist

// 12+ Years Field Experience

ANALYSING

A senior forensics practitioner with over a decade of experience handling post-breach investigations across financial services, healthcare, and critical national infrastructure. Specialises in producing court-admissible evidence packages and reconstructing full attack timelines from fragmented artefacts. Has supported law enforcement agencies and legal counsel on multiple high-profile breach investigations.

// Core Competencies

Digital Forensics

Memory Forensics

Incident Response

Malware Triage

Legal Reporting

Network Forensics

// Certifications

GCFE — GIAC Certified Forensic Examiner

GCFA — GIAC Certified Forensic Analyst

GNFA — GIAC Network Forensic Analyst

EnCE — EnCase Certified Examiner

SANS FOR508 — Advanced Incident Response & Threat Hunting

// Specialisation Tags

Disk Imaging Volatile Memory Timeline Analysis Chain of Custody Law Enforcement Liaison Ransomware Response Artefact Recovery Expert Witness

// Field Highlights

              🔍
              Led forensic investigations on ransomware incidents affecting critical national infrastructure, recovering operational continuity within 72 hours while preserving full evidentiary integrity.
            

              ⚖️
              Produced court-admissible forensic reports that have contributed to successful prosecutions — expert witness experience across civil and criminal proceedings.
            

              🏆
              Active CTF competitor on Hack The Box, TryHackMe, and Undutmaning.se. Regular attendee at DEFCON, Black Hat, and Troopers.
            

OPERATOR // 04 — MALWARE & RE

Malware Analyst
Reverse Engineer

// 9+ Years Field Experience

REVERSING

A specialist in static and dynamic malware analysis, binary reverse engineering, and threat intelligence production. Has deconstructed samples from known APT groups, banking trojans, and ransomware families, converting raw binaries into actionable intelligence. Equally comfortable writing custom tooling to support red team operations and dissecting adversary implants during blue team engagements.

// Core Competencies

Reverse Engineering

Malware Analysis

Threat Intelligence

Custom Tooling (C / Python)

Sandbox Analysis

Exploit Development

// Certifications

GREM — GIAC Reverse Engineering Malware

SANS FOR610 — Reverse-Engineering Malware

eCRE — eLearnSecurity Certified Reverse Engineer

OSCP — Offensive Security Certified Professional

// Specialisation Tags

IDA Pro / Ghidra x86 / x64 Assembly APT Sample Analysis Banking Trojans Ransomware Families YARA Rules C2 Profiling Anti-Analysis Bypass

// Field Highlights

              🦠
              Reverse engineered samples attributed to nation-state APT groups, producing threat intelligence reports used to update organisational detection rules and block active campaigns.
            

              🔧
              Developed custom YARA rulesets and detection signatures that have been deployed into production SIEM environments, reducing mean-time-to-detect on malware variants by over 60%.
            

              🏆
              Consistent high placer on Hack The Box and Undutmaning.se. Attends Chaos Computer Camp and DEFCON annually for emerging research.
            

OPERATOR // 05 — CLOUD & DEVSECOPS

Cloud Security Specialist
DevSecOps Engineer

// 8+ Years Field Experience

DEPLOYED

A cloud-native security specialist with deep expertise across AWS, Azure, and GCP environments. Bridges the gap between development pipelines and security assurance — embedding threat modelling, SAST/DAST tooling, and secrets management directly into CI/CD workflows. Also conducts offensive cloud assessments, identifying misconfigured IAM policies, exposed storage, and privilege escalation paths that automated scanners routinely miss.

// Core Competencies

AWS / Azure / GCP Security

DevSecOps / CI-CD

Container & K8s Security

IAM & Privilege Escalation

Infrastructure as Code (IaC)

Offensive Cloud Testing

// Certifications

SANS SEC588 — Cloud Penetration Testing

AWS Certified Security — Specialty

GCP Professional Cloud Security Engineer

CKS — Certified Kubernetes Security Specialist

CCSP — Certified Cloud Security Professional

// Specialisation Tags

AWS Azure GCP Terraform Security Secrets Management SAST / DAST Kubernetes Zero Trust Architecture

// Field Highlights

              ☁️
              Identified critical IAM privilege escalation paths in multi-account AWS environments during red team engagements — achieving full organisation compromise from a single low-privilege developer credential.
            

              🔁
              Designed and implemented DevSecOps pipelines for FTSE-listed clients, integrating automated security gates that reduced production vulnerability introductions by over 70%.
            

              🏆
              Active on Hack The Box and TryHackMe. Attends Black Hat Las Vegas and BSides to track emerging cloud attack research.
            

OPERATOR // 06 — WEB & API

Web Application Security Lead
Bug Bounty Researcher

// 7+ Years Field Experience

HUNTING

A specialist in web application and API security with a proven track record across bug bounty programmes and enterprise assessments. Has reported critical vulnerabilities — including authentication bypasses, SSRF chains, and business logic flaws — to major financial and technology organisations. Combines a methodical OWASP-aligned approach with creative, researcher-grade instincts to find what scanners and junior testers consistently overlook.

// Core Competencies

Web App Penetration Testing

API Security Testing

Bug Bounty Research

OAuth / SSO Attacks

Business Logic Flaws

Source Code Review

// Certifications

OSWE — Offensive Security Web Expert

BSCP — Burp Suite Certified Practitioner

CBBH — Certified Bug Bounty Hunter (HTB)

OWASP Top 10 Practitioner

// Specialisation Tags

OWASP Top 10 SSRF / XXE OAuth 2.0 Attacks GraphQL Security JWT Exploitation Burp Suite Pro Race Conditions Responsible Disclosure

// Field Highlights

              💰
              Multiple critical-severity bug bounty findings reported to top-tier financial and technology organisations, including full account takeover chains and mass data exposure vulnerabilities.
            

              🔐
              Specialises in authentication and authorisation bypass — has broken OAuth flows, SAML implementations, and JWT validation logic in production environments across multiple engagements.
            

              🏆
              Active CTF competitor on Hack The Box, TryHackMe, and Undutmaning.se. Internal CTF tournament winner. Attends DEFCON and BSides annually.
            

OPERATOR // 07 — PHYSICAL & SE

Physical Red Team Operator
Social Engineering Specialist

// 11+ Years Field Experience

ON-SITE

An expert in full-scope physical intrusion and human-layer manipulation, covering everything from tailgating and lock bypass to structured vishing campaigns and pretexting operations. Has successfully breached the physical perimeter of banks, data centres, government facilities, and corporate headquarters — always under authorised engagement scope. The human firewall is the hardest to patch; this operator finds every gap in it.

// Core Competencies

Physical Intrusion Testing

Social Engineering

Vishing / Pretexting

Lock Bypass & RFID Cloning

Phishing Campaign Design

OSINT for Targeting

// Certifications

OSEP — Offensive Security Experienced Penetration Tester

SEPP — Social Engineering Penetration Professional

CREST Registered Penetration Tester

Advanced Lock Bypass & Physical Intrusion Specialist

// Specialisation Tags

Tailgating RFID Cloning Lock Picking Vishing Phishing Infrastructure Pretexting Covert Entry Human Behaviour

// Field Highlights

              🏢
              Successfully breached the physical perimeter of tier-1 banking and government facilities during authorised red team engagements — gaining server room access, planting rogue devices, and extracting sensitive materials undetected.
            

              📞
              Designed and executed large-scale vishing and phishing campaigns targeting thousands of employees — producing measurable, board-reportable data on human vulnerability exposure.
            

              🏆
              CTF competitor on Hack The Box and TryHackMe. Regular attendee at Chaos Computer Camp, Black Hat, and Troopers for the latest in physical and social attack research.
            

🎙️

// Speaking Record & Conference Attendance

Active in the Global Security Community

NixSec operators have taken the stage at some of the most prestigious security events in the world, presenting original research on adversarial techniques, ATM security vulnerabilities, and red team operations tradecraft. Beyond speaking, the team actively attends leading industry events to stay at the cutting edge of offensive research, tooling, and tradecraft.

Black Hat Las Vegas DEFCON — Red Team Village BSides Las Vegas Troopers (Heidelberg) Chaos Computer Camp Sec-T ATM Hacking Research Red Team Operations

🚩

// Competitive CTF Operations

Operators Who Compete, Not Just Consult

Our operators maintain active profiles on the world's leading CTF and training platforms — sharpening offensive and defensive skills against real challenges, not just theory. Participation in competitive CTF events keeps tradecraft current and relevant to modern threat landscapes.

Hack The Box TryHackMe Undutmaning.se AFCEAHack'17 — Winning Team Capture The Flag

📖

// Peer-Reviewed Research

An empirical test of the accuracy of an attack graph analysis tool

Published via Emerald | Insight (2015). Co-authored with Dr. Teodor Sommestad. Contributes to the academic foundation of attack graph modelling and security analysis tooling.

Who We Are

Built Different

What We Stand For

The Team

Sectors We've Operated In

Start with a Confidential Briefing