Alex Alexandrovich

Work experience:

03.08.2008 - 01.03.2009: DataGroup

System Administrator

10.04.2009 -12.06.2009 Internship in "Pravexbank".

Information Security Consultant

1.7.2009 - 6.09.2009 Internship in "Ukrsotsbank".

Information Security Consultant

1.10.2009 - 5.07.2010 Detective Bureau “Owl”

OSINT,Recon Specialist

5.09.2010 - 1.7.2012 Restaurant Chain Fanconi (6 restaurants)

IT security officer

1.08.2012 - 1.05.2013 Freelance 

Web developer, Bounty hunter ( Pentest)

5.10.2013 - 1.02.2014: (Levelup)

Team lead ( Web development)

02.01.2014 - 10.02.2015 Zosia inc

Soc Specialist

02.05.2015 - 03.01.2018 (CQR company )

Penetration testing specialist.

03.01.2018 - present (CQR company )

Head HR / IT security department Team lead.

Tasks that were performed at work:

Protecting information from unauthorized access, duplication, modification, or destruction.

Configuring security programs and tools. (banks, datagroup)  

Running vulnerability tests and updating defensive protocols and systems accordingly. (CQR)

Monitoring and protecting access to the information.(zosia) 

Analyzing security measures taken to protect information. (banks)

Checking for unregistered changes of information. (fanconi)

Log analysis and thread detection (INCIDENT RESPONSE)

Forensics and Incident response (OWL) 

Project coordination. (levelup)

Writing regular reports. 

Planning and making Vulnerability assessments, Red teaming and penetration testings. (CQR)

Experience with the software:

Acunetix, Netsparker, Ida pro, Immunity debugger, Cuckoo sandbox, Xspider,Burp suite, Arachni, Pentestbox, Recon-ng, Nessus, OpenVas, Saint, GFI Languard, X-Scan, Retina Network Security, Metasploit, Nmap, Spiderfoot, IBM app,Xenu,Webcruiser, Patator,Netsparket,mimikatz, Shadow broker leaked software, Equation group leak software, Custom scripts from github.

Own private toolsets:

I like to create toolsets which I will use when I need to without googling.

I created my own toolsets ( private) which include software toolsets and selfmade/exchanged scripts for custom tasks.

Privilege escalation toolset for  

Evasion toolset for Red Teaming ( Hardware, Software, Own hacking toolset which evades AV)

DDos toolset for stress testing. ( 20 tools and technologies)

Pentest methodology + software ( More than 100 tools and scripts and Methodologies)

Wifi and Network Mitm toolsets

Forensics and Incident response toolset. (Including self made log analyser)

Favorite websites:

https://github.com, https://kitploit.com, https://antichat.ru, https://sploitus.com

Hardware:

Rubberduck, Badusb, Alfa wifi, Digispark, Arduino, Raspberry, Real lockpicks (lockpicking).

Experience with CMS/Frameworks: 

Yii1/Yii2, Wordpress, Opencart, Joomla, Drupal, DLE, Bitrix, Ruby on Rails, Django.

Education:

1995 - 2005 - Gymnasium #6 Odessa 1-11 grades 

2001 - Studying English in Valletta (Malta) 

2003 - Studying English in Canterbury (England)

2004 - Studying English in Toronto (Canada) 

2004 - 2005 - Business School (Ukraine, Odessa)

2005 - 2006 - Columbia International College (Canada, Hamilton) grade 12, certificates for excellent attendance

2006 - 2010 - International Humanitarian University - Enterprise Economy, Bachelor Diploma with Honors (Ukraine, Odessa)

2010 - 2011- International Humanitarian University - International Economic Relations, Specialist (Ukraine, Odessa)

2011 - Finished brokerage courses 

2012 - Quality Assurance - Server School

2012 - 2014 Odessa Academy STEP, Quality assurance.

2015 - 2016 Attended lectures and seminars on information security.

Took part as a speaker at a security conference in 2018. ( Jazz do It) ( youtube video available)

Took part in projects on the organization of information security of enterprises and helped governmental organisations on IT security.

Skills and qualities:

   Penetration testing, Malware analysis, Incident response, Linux, Macos, Post exploitation, Privilege escalation, Secure coding, Social engineering (full spectrum), Ddos attack detection and prevention, Reverse engineering,Git, docker, vagrant, MySQL.

Additionally:

Data harvesting, Insidense response, Report developing, Customer support, QA, Negotiation skills, Excellent analytical and problem-solving skills, High levels of creativity and patience, Strong decision-making skills, Customer base management, Good communication skills,Not smoking, Initiative, Purposefulness, Ability to develop, Desire to work, Sociability, Neat, Attentive.