PERSONAL PROFILE
Highly skilled and experienced Penetration Tester and Application Security professional with a proven track record of conducting penetration testing, vulnerability assessments, and red team assessments on various systems and applications. Holds a Associate degree in Cyber Security from Bilgi University and has 4 years experience in the field. Strong analytical and problem-solving skills with the ability to think creatively to find unique solutions to complex security issues.
Skilled in identifying and exploiting vulnerabilities, creating realistic attack scenarios, and evading detection. Strong ability to collaborate with the blue team to improve the overall security posture of the company and provide detailed reports on assessment results. Proficient in using source code analysis tools to identify and remediate vulnerabilities in software applications. Strong knowledge of industry-standard tools and techniques for penetration testing including network security, web and mobile application security, social engineering, DDoS, and red team operations.
One of the most important issues for me is team communication and support. For this, I always try to be a good, helpful and experienced team player. I also share what I’ve learned by writing articles on my personal blog, and I spend time learning more.
WORK EXPERIENCE
Turkish Airlines Technology – Penetration Test and Application Security Specialist
(May 2022 – Now)
[+] Penetration Tests
• Conducting penetration testing and vulnerability assessments on various systems and applications.
• Identifying and exploiting vulnerabilities in the company’s systems, networks, and applications.
• Planning and executing red team assessments to test the effectiveness of the company’s security defenses.
• Creating and using realistic attack scenarios that simulate the actions of real-world attackers.
• Attempting to evade detection and gain unauthorized access to sensitive data and systems.
• Collaborating with the blue team (i.e. the defensive team) to improve the overall security posture of the company.
• Providing detailed reports on the results of the assessments, including recommendations for improving security.
[+] Application Security
• Using automated tools and manual review to identify and remediate vulnerabilities in software applications.
• Conducting security assessments on software applications using automated tools and manual methods.
• Collaborating with the development team to ensure that security is integrated into the software development process.
• Continuously monitoring and testing applications to identify and remediate vulnerabilities in a timely manner.
• Providing guidance and training to other members of the organization on secure software development practices.
[+] Others
• Team Planning and Project Management.
• Developing and implementing security controls to mitigate identified vulnerabilities.
• Keeping up to date with the latest threats and vulnerabilities to ensure the company is protected against them.
• Collaborating with other members of the IT and security teams to develop and implement security policies and procedures.
• Providing guidance and training to other members of the organization on security best practices.
• Examining new security products and performing PoC process.
Anadolubank – Cyber Security Specialist
(January 2022 – April 2022)
[+] Offensive Security
• Performing Web Application and Network Penetration Tests
• Performing Red Team Operations
• Planning and Managing Penetration Tests
• Performing Periodic Vulnerability Scanning
[+] Others
• Managing CTI Tools and Taking Actions Intelligences
• Inside Cybersecurity Consultancy
• Accompanying the teams in aspects of cybersecurity and secure development
• Proactively working to establish and maintain a knowledge base about new vulnerabilities
• Examining new security products and performing PoC process
Lostar Information Security – Cyber Security Specialist
(March 2020 – January 2022)
[+] Penetration Tests
• Web Application Security
• Network Security
• Mobile App Security (Android & IOS)
• Red Team Operations
• Business Logic Vulnerabilities
• DDoS Attacks
• Social Engineering Attacks (by Physical, E-Mail and Phone)
• Wi-Fi
• BDDK, SPK Tests
[+] Audits
• End-user PC Audit
• Active Directory Audit
• Firewall Audit
• E-Mail Gateway Audit
• Server and PC Hardening
[+] Others
• Project Management
• Team Planning
• Educations
Vertiv – Intern IT Support Specialist
(June 2019 – August 2019)
• Helpdesk Support
• Migration to Microsoft OneDrive Project Developer and Execution
Emerson Network Power – Intern IT Long Term
(September 2016 – June 2017)
• Helpdesk Support
• Hardware & Software Support
• Migration Projects
• Microsoft Office365 Project Tracking and Execution
EDUCATION
Istanbul Bilgi University
Associate Degree – Cyber Security
(September 2018 – June 2020)
[+] Penetration Tests
• Network Security
• Web App Security
• Mobil App Security
• Business Logic Vulnerabilities
• DDoS
• Social Engineering
[+] IT Security Products (How it works & How to use it)
• Firewall
• IDS & IPS
• Antivirus
• EDR
• NAC
• Proxy
• DLP
• Anti Spam Gateway
• Log Management (SIEM)
[+] Software Language
• SQL
• Python
• PHP
• C++
[+] Others
• End-user Security
• OWASP Top 10 (2013 – 2017)
• Network (TCP&UDP, OSI Layers, Network Topologies and etc.)
• Information Technologies (NGN, VoIP, 4G&5G, Internet Infrastructure and etc.)
Certificates / Badges
Offensive Security Certified Professional (OSCP)
Qualification ID: Credential.net – OSCP
Web Application Penetration Tester eXtreme (eWPTXv2)
Qualification ID: eLearnSecurity – eWPTXv2
Certified Red Team Professional (CRTP)
Qualification ID: Credential.net – CRTP
API Penetration Testing
Qualification ID: Credly – API Penetration Testing
Micro Focus – Fortify SAST Specialist
Qualification ID: Credly – SAST Specialist
ICSI – Certified Network Security Specialist (CNSS)
Qualification ID: Credential.net – CNSS
Barış Koparmal 