Muhammad Mughal
Cyber Security Professional
Abu Dhabi,UAE
Summary
Experienced cybersecurity professional with a strong background in advanced penetration testing, application security, and network security. Proficient in ASVS, OWASP Top 10, ISO 27034, and OAuth standards. Demonstrated expertise in VAPT, Active Directory Security, SAST & DAST, API Security, and secure coding practices. Skilled in implementing multi-layered security measures and leading cybersecurity initiatives. Adept at managing the TCP/IP stack to ensure robust network protection. Committed to advancing cybersecurity leadership and enhancing organizational security posture.
Overview
20
20
years of professional experience
6
6
years of post-secondary education
5
5
Certification
Work history
Senior Security Engineer
WATHEQ LAB
Abu Dhabi, UAE
10.2023 - 03.2025
- Lead offensive security assessments for Active Directory and internal infrastructures
- Execute comprehensive web, API, and mobile application security evaluations
- Lead wireless security assessments and coordinate findings with IT team
- Performing firmware security assessments for IoT and defense systems, covering extraction, reverse engineering, vulnerability analysis, and security hardening.
Security Consultant
HelpAG
Abu Dhabi
03.2023 - 10.2023
- Company Overview: DoH - Abu Dhabi
- Conducted comprehensive API security testing, ensuring applications complied with OWASP, ASVS, ISO 27034, and NIST Security Standards
- Performed in-depth web application security assessments, identifying critical vulnerabilities and providing strategic remediation guidance to the end-user organization
- Strengthened the organization's security posture by designing and implementing proactive vulnerability mitigation strategies to enhance resilience against emerging threats
- Intra Team teamwork for L&D sessions among Security Assessment Department
- DoH - Abu Dhabi
Assistant Manager
CureMD
Lahore, USA
10.2020 - 03.2023
- Company Overview: (USA Health IT)
- Collaborated with CIO, CEO, and research teams to strengthen the organization's security posture and develop actionable security strategies
- Managed teams to ensure seamless alignment with application sprint planning and successful implementation of SSDLC
- Conducted Secure Coding Best Practices training for developers, focusing on OWASP Proactive Controls
- Led application security assessments for web applications, APIs, and OAuth implementations in accordance with OWASP, ASVS, and ISO 27034 standards
- Performed internal network penetration testing, identifying vulnerabilities and providing remediation strategies
- Implemented SAST (Static Application Security Testing) in compliance with OWASP Proactive Controls, integrating security into CI/CD (Agile) pipelines
- Ensured adherence to ISO 27001 ISMS policies, maintaining regulatory compliance and security best practices
- (USA Health IT)
Security Consultant
Trillium InfoSec Systems
11.2019 - 10.2020
- Performing penetration testing of web applications | Network VAPT
- Performed and reported vulnerability assessments, penetration testing, and security audits
- Protected assets from unauthorized access, disclosure, modification, destruction or interference
- Maintained suitable knowledge of threats, risk assignment, remediation strategies, security tools
Associate Engineer
Pakistan Air Force
12.2004 - 09.2019
- Analyzing Network Logs / evaluating Call Detail Records
- Telecom Nortel / Siemens and Cisco Networks
- Data communication infrastructure deployment and subsequent maintenance
- Providing support to high end operations in Transit node with high efficiency of fault rectification
Education
Masters - Telecom & Networks
PAF KIET
01.2008 - 01.2011
Master's degree - Information Security
NUST
Pakistan 10.2018 - 04.2021
Skills
- Advanced Penetration Testing
- Application Security
- ASVS
- OWASP Top 10
- ISO 27034
- OAuth
- Network Security
- VAPT
- Active Directory Security
- SAST & DAST
- API Security
- Secure Coding Practices
- TCP/IP Stack
- Multi-Layered Security
- Cybersecurity Leadership
Certification
- OSCP+ (Offensive Security Certified Professional Plus)
- OSCP (Offensive Security Certified Professional)
- OSWP (Offensive Security Wireless Professional)
- Certified Application Security Pentester (CAPen)
- C|WAPT Complete Web Application Penetration Testing Practical
References
References available upon request.
publications
https://ieeexplore.ieee.org/abstract/document/10581213
Timeline
Senior Security Engineer
WATHEQ LAB
10.2023 - 03.2025
Security Consultant
HelpAG
03.2023 - 10.2023
Assistant Manager
CureMD
10.2020 - 03.2023
Security Consultant
Trillium InfoSec Systems
11.2019 - 10.2020
Master's degree - Information Security
NUST
10.2018 - 04.2021
Masters - Telecom & Networks
PAF KIET
01.2008 - 01.2011
Associate Engineer
Pakistan Air Force
12.2004 - 09.2019
Similar Profiles
Dar'tavous DorseyDar'tavous Dorsey
Director of Partnerships & Community Engagement at University of Chicago, Crime Lab and Education LabDirector of Partnerships & Community Engagement at University of Chicago, Crime Lab and Education Lab
Chatcharin SangbutsarkumChatcharin Sangbutsarkum
Research Intern at Biomedical and Data Lab (BIODAT Lab)Research Intern at Biomedical and Data Lab (BIODAT Lab)
Christian RamirezChristian Ramirez
Sleep Technician at Dream Lab Sleep LabSleep Technician at Dream Lab Sleep Lab
MOHAMMED ANEES AKBARMOHAMMED ANEES AKBAR
Optometrist at Al Jaber OpticalOptometrist at Al Jaber Optical
SANTHOSHKUMAR BOOPATHYSANTHOSHKUMAR BOOPATHY
Senior Project Manager at Siemens Industrial LLCSenior Project Manager at Siemens Industrial LLC