Hi, my name is

Md. Mehedi Hasan.

I secure the cyberspace.

I'm a passionate cybersecurity professional, specialize in identifying and mitigating vulnerabilities to protect sensitive information and ensure the confidentiality, integrity, and availability of systems. Currently, I'm engaged in securing applications, APIs at City Bank PLC.I'm also working as a Teaching Assistant for the Professional Masters in Information and Cyber Security(PMICS) Program at University of Dhaka. See my works here.

Read My Blogs

About Me

Hello! My name is Mehedi. I completed my undergraduate from Daffodil International University in software engineering with a major in cyber security. I scored the highest CGPA in my class. Currently, I am working as a Software Security Engineer at City Bank PLC. Previously I worked as a cyber security engineer at Trustaira Limited. Though I gained my degree only around 1 year ago, I do have experience spanning around 3 years. I have been working since my undergrad days. My first job was TA at my undergraduate university. From then on I am working on achieving my goals and preparing for the next step one at a time.

Fast-forward to today, and I’ve had the privilege of working at Fiverr, BugsBD, and a student-led organization. My main focus these days is learning various topics on academic research and software security.

My Core Skills Include:

Web Application VA & PT
Mobile Application VA & PT
Infrastructure VA & PT
API VA & PT
Conducting Workshop & Training
Technical Documentation(Cyber Security)
Python
MATPLOTLIB
Tools: (Burp Suite, Metasploit, Nessus, Nexpose, NMAP, Bloodhound, iZoologic, Autopsy, CrackMapExec & Many More)
Bash scripting

Experience

Work Experience

Software Security Engineer @ City Bank PLC.

Dhaka, Bangladesh | December 2023 - Present

Perform security assessments on bank applications, with detailed reports and remediation recommendations.
Review Source Code to identify vulnerabilities and propose remediation strategies.
Investigate and analyze security findings to assess impact and potential threats, collaborating with relevant teams to address and prioritize security issues while maintaining active records of assessments and remediation efforts.

Teaching Experience

Teaching Assistant @ Daffodil International University

10/2021 - 01/2022

Designed course modules and set up necessary class material.
Conducted Ethical Hacking lab classes and assisted teacher with quizzes, assignments and monitoring students’ progress.
Developed an online lab platform and included 8 categories of vulnerabilities like XSS, SQLi, SSTI, SSRF, Command Injection, Code Execution, LFI for students lab exam assessment.
Motivated and encouraged students to learn, adapt and socialize.

Research Experience

Automated Detection of IDOR Vulnerability in Web Application

January 2022 - October 2022

Background study included potential risk of IDOR vulnerability and existing systems for detecting IDOR vulnerability.
Planned the methodology and detection algorithm for IDOR.
Designed and implemented a tool for for automated IDOR detection.
Deployed labs to test the tool.
Already wrote the thesis with a few changes to publish in a good journal.

Major Workshops and Trainings I have Conducted

Dark Web Monitoring @ City Bank

June 16, 2023 - June 17, 2023

Conducted 2 days long training on 'Dark Web Monitoring, Phishing and Brand Protection' for City Bank Limited.
Prepared Interactive Contents for the training..
Topics Covered - Dark Web, Deep Web, Surface Web, Different types of phishing, Dark Web Monitoring, Web Security, iZOOlogic, Weblogic, Brand Protection and many more.

Co-Curricular Experience

Founding President @ Cyber Security Club

December 15, 2021 - September 2022

Planned activities and managed resources to create students interest in cybersecurity.
Conducted workshops and training.
Arranged workshops and seminars with security professionals.
Collaborated with various organizations ensuring free courses and internship placement for the members.
Significantly boosted the membership ratio, resulting in an increase of 750 members within a year.
Yearly Activity Report: https://docs.google.com/document/d/1UjMdD5JEYaPN94wpKh1b6hMdt2Z8wcmPA-iQPG5_dfI/edit?usp=sharing

Education Background

BSC in Software Engineering (Major: Cyber Security)
CGPA: 3.80 out of 4.00
Daffodil International University

Dhaka, Bangladesh

2018 - 2022

Earned 151 Credits including 31 Credits in Cyber Security.
Major (Cyber Security) course includes – Cyber Security Fundamentals, Ethical Hacking & Countermeasures, Security Analysis & Penetration Testing, Digital Forensic, Cryptography and Secure Application, Cyber Law, Network & Communication Security.
Undergraduate Thesis Title: Automated Detection of IDOR Vulnerability in Web Application.

Professional Trainings

Penetration Testing/Red Teaming @ Internetwork Expert

October 2023

Completed 148 hours long training on 'Penetration Testing/ Red Teaming'.
Learned topics like Enumeration, Host & Network Based Attacks, Pivoting, Persistence, Web Based Attacks.
Completed all the 120 labs of the course.
Passed the Practical 48-hour Exam cracking all the boxes.

Year	Title	Organization
2023	Writing Manuscript for High Impact Publications : DOs and DONTs	ABCD Laboratory
2023	Writing in the Sciences	Stanford University(Coursera)
2023	Python for Data Visualization: Matplotlib & Seaborn	Coursera
2023	How to Write and Publish a Scientific Paper (Project-Centered Course)	École Polytechnique (Coursera)
2023	API Penetration Testing	APISec University
2022	ISC2 Certified in Cybersecurity (CC) Cert Prep	Linkedin
2020	Web Scraping with Beautiful Soup	Codecademy
2020	Python 3	Codecademy
2020	Bash Scripting	Codecademy
2020	Basics of Regular Expressions	Codecademy

Some Noteworthy Projects

OctHackDIU
First Intra University CTF in Daffodil International University organized by me.
- web
- cryptography
- network
- steganography
- android
Security Pedia
A simple web application created by me implementing OWASP top 10 vulnerabilities to practice OWASP top 10:2017. Open for everyone.
- php
- mysql
- html
- css
- js
Security Vault
A vulnerable web application created by me for conducting lab assessment when I was the teaching assistant of 'Ethical Hacking' Course at DIU.
- php
- html
- css

Check Out My Works

Recognitions

Professional Certifications

Year	Title	Organization	Certification Number
2024	Certified Professional Penetration Tester(eCPPT)	eLearnSecurity(INE)	100172202
2023	Junior Penetration Tester(eJPT)	eLearnSecurity(INE)	84233046
2023	Certified in Cybersecurity	ISC2	1466627
2023	Certified Network Security Practitioner	The SecOps Group	7147022
2023	NSE 2 Network Security Associate	Fortinet	UgTxQRv2EO
2023	NSE 1 Network Security Associate	Fortinet	aWHJ5zDA9G
2022	Certified AppSec Practitioner	The SecOps Group	6886698
2022	ISO/IEC 27001 Information Security Associate	SKILLFRONT	45272227180484
2022	SWIFT Customer Security Programme	SWIFT	0001291747
2020	Certified Ethical Hacker	Ec-Council	ECC5894271603

Achievements

Year	Title	Organization	Role	Rank
2023	Inter University CTF	BUET	Team Coach	2nd Runner-Up
2021	National Cyber Drill 2021	BGD e-GOV CIRT	Team Captain	5th (1st runner-up as per the points)
2021	Inter University Cyber Drill 2021	BGD e-GOV CIRT	Team Captain	2nd Runner-Up
2021	Incognito 2.0 (Our 1st International CTF)	IIIT Lucknow	Team Captain	12th Globally
2020	National Cyber Drill 2020	BGD e-GOV CIRT	Team Captain	9th (1st among Educational Institutions)

Year	Title	Organization	Link
2018-2022	Merit Based Scholarship to Complete Undergraduate	Daffodil International University
2022	Awareded Fully Funded Erasmus Plus International Credit Mobility scholarship	Staffordshire University

What’s Next?

Get In Touch

Although I’m not currently looking for any new opportunities, my inbox is always open. Whether you have a question or just want to say hi, I’ll try my best to get back to you!

Say Hello