}}
JA Jobyer Ahmed
Jobyer Ahmed
Jobyer Ahmed OSCE3 • CISSP • OSCP • CNVP

Cybersecurity Consultancy for Global SMBs

Providing offensive security, penetration testing, cloud/application security, and ISO 27001 consulting for global SMBs seeking practical, high-impact security outcomes.

GitHub LinkedIn Twitter/X
Focus areas

Security, compliance, and resilience

Hands-on expertise to harden your stack and sail through audits.

  • Red team style web, API, and cloud penetration testing
  • ISO 27001 / SOC 2 readiness, playbooks, and audit prep
  • Secure architecture for apps, cloud, and zero trust access
  • Incident response runbooks and tabletop exercises
Work with me See Pricing

Services

Penetration Testing

Identify and exploit real-world security weaknesses in your web, API, and cloud environments. Advanced manual testing uncovers high-risk vulnerabilities automated scanners miss. Get a detailed report with remediation guidance to strengthen your security posture.

ISO 27001 Implementation

End-to-end ISO 27001 implementation for organizations preparing for certification. Includes policies, risk assessment, SoA, internal audit, and audit readiness support. Build a fully compliant ISMS aligned with 2022 standards and best practices.

Compliance Readiness

Evaluate your current security controls against ISO 27001, SOC 2, and industry standards. Identify gaps, prioritize risks, and receive a roadmap for audit preparation. Ideal for startups and SMBs needing fast, accurate compliance insights.

Risk Assessment

Comprehensive assessment of threats, vulnerabilities, and business risks across your environment. Map risks to actionable controls and receive a clear, prioritized mitigation plan. Improve your security maturity with a CISSP-led risk evaluation.

App & Cloud Security Review

Expert analysis of your application architecture, APIs, and cloud infrastructure. Identify design flaws, misconfigurations, and access issues before attackers do. Receive actionable recommendations to build secure, scalable systems.

Security Hardening

Strengthen servers, cloud platforms, applications, and networks with industry best practices. Hardening aligned with CIS Benchmarks, OWASP, and Zero Trust principles. Reduce attack surface and improve resilience with expert configuration guidance.
Security audits, pentesting, and strategic consulting. Slots open. Book a call

What You Can Expect

  • Senior-led work: OSCE3-level pentesting and CISSP-led assessments
  • Clear deliverables: ISMS docs, risk register, and secure-by-design guidance
  • Audit-ready outcomes: ISO 27001 and SOC 2 alignment and readiness
  • Practical remediation: prioritized roadmap, quick wins, and follow-ups
  • Evidence-based results: PoC, impact, likelihood, and reproducible steps
  • Retest included: verification of fixes where applicable
  • Security maturity boost: risk treatment guidance and control mapping
  • Fast, responsive communication with milestone reviews

Backed by research: CVEs & talks

CVE-2024-8784 CVE-2024-8945 CVE-2024-8867 RISE CRM 3.7.0 - SQL Injection Exploit See all

How it works

Scope

Quick scoping, access, and NDA. Define objectives, targets, and timelines for your selected service.
0–1 day

Execute

Delivery aligned to your service: testing, implementation, or assessment with evidence and regular check-ins.
1–7 days

Report & Next Steps

PDF deliverables, review call, prioritized recommendations. Retest or follow-up available where applicable.
1–2 days

Pricing

Most popular

Pentesting

Manual deep-dive testing for Web, API, and Cloud environments.
  • Business logic, authentication, authorization & session flaws
  • OWASP Top 10 & ASVS aligned security analysis
  • Advanced exploitation (OSCE3-level) where applicable
  • Testing for IDOR, RCE, SQLi, XSS, SSRF, CSRF, privilege escalation
  • API fuzzing, token abuse analysis & endpoint enumeration
  • Cloud IAM misconfigurations & privilege escalation checks
  • Detailed report with PoC, impact, likelihood & remediation
  • Remediation re-test included
from $ 1,250 per project
Request quote

ISO 27001 Implementation

Full ISMS build aligned with ISO 27001:2022 and audit readiness.
  • ISMS scope definition & stakeholder identification
  • Policies, procedures & ISO documentation creation
  • Asset inventory, risk assessment & treatment plan
  • Annex A controls implementation & SoA development
  • Evidence collection, training & awareness support
  • Internal audit (Clause 9.2) with NCR & OFI analysis
  • Certification readiness for Stage 1 & Stage 2 audits
  • Monthly reviews & implementation roadmap
  • Full digital deliverables for certification body
from $ 2,000 per project
Request quote

Compliance Readiness

Gap assessment against ISO 27001, SOC 2, and industry frameworks.
  • Review of policies, controls, logs, and documentation
  • Maturity scoring for people, processes & technology
  • Identification of missing controls and weak areas
  • Audit readiness pre-check (Stage 1 / SOC 2 Type 1)
  • Prioritized roadmap with timelines & responsibility mapping
  • Recommendations for quick wins and long-term improvements
  • Optional follow-up consultation call
from $ 500 per project
Request quote

Risk Assessment

CISSP-led risk evaluation with prioritized mitigation guidance.
  • Threat, vulnerability & impact analysis across the organization
  • Mapping risks to assets, departments & business functions
  • Likelihood, impact & risk rating (qualitative or semi-quantitative)
  • Identification of critical cybersecurity gaps
  • Recommended security controls based on CISSP best practices
  • Risk treatment planning and prioritization guidance
  • Executive summary and customizable risk register
from $ 500 per project
Request quote

App & Cloud Review

Security-by-design review of applications, APIs, and cloud infrastructure.
  • Architectural analysis for Web, API, Mobile, and Cloud systems
  • Threat modeling (STRIDE / attack surface review)
  • Authentication, authorization & session management review
  • Storage, encryption, keys & secrets handling evaluation
  • API security design review (tokens, scopes, rate limits)
  • Cloud IAM, roles, policies & privilege escalation analysis
  • Network design, segmentation & zero-trust evaluation
  • Logging, monitoring & alerting capability assessment
  • Detailed recommendations for secure-by-design improvement
from $ 800 per project
Request quote

Security Hardening

Hands-on hardening aligned with CIS Benchmarks, OWASP, and Zero Trust.
  • System hardening for Linux/Windows servers
  • Cloud hardening (AWS/GCP IAM, S3, security groups, KMS, etc.)
  • CIS Benchmark–aligned configuration checks
  • Database, storage, DNS & API endpoint hardening
  • SSH/RDP hardening, firewall rules & network segmentation
  • Secure logging, monitoring & MFA configuration
  • Removal of insecure defaults and misconfigurations
  • Hardening checklist + before/after summary
  • Documentation of changes & guidance
from $ 150 per project
Request quote
Download a sample report

Testimonials

“Pinpointed critical flaws and provided clear remediation steps.”

- CTO, SaaS startup

“Professional, thorough, and business-focused.”

- Head of Engineering, Fintech

“As always, fast and professional delivery. Highly recommended.”

- CISO, E-commerce

“Is eager to work and is delivering a good result.”

- CTO, Retail

FAQ

Do you sign an NDA, MSA, and DPA?
Yes. I can sign your standard NDA/MSA/DPA or provide mine.
Is a retest included?
Yes. One free retest is included in pentesting packages within 30 days.
Do you map findings to ASVS, NIST, and CIS?
Yes. Reports include mappings on request.
How do you access cloud environments?
Temporary least-privilege accounts, VPC/IP allow-listing, and time-bound access. No persistent keys.
Do you test staging or production?
Prefer staging where possible; production tests are coordinated and safe-listed with change windows.
What are typical timelines?
Scope: 0–1 day, Test: 2–7 days, Report & Retest: 1–2 days, depending on scope and access.
What are payment terms?
50% upfront to schedule, 50% on delivery; net-15/30 for approved vendors.
Do you provide a verification badge?
An optional declaration and verification badge are available post-engagement.