About Jobyer Ahmed

Cybersecurity & InfoSec Consultant

Cybersecurity & Information Security Consultant, Specializing in offensive security, cloud/app security, and ISO 27001 implementation for practical, audit-ready security outcomes.

Work with me Read the blog

GitHub LinkedIn Twitter/X

Why clients hire me

OSCE3 • CISSP • OSCP • CNVP

Senior-led, OSCE3-level manual + automated testing
Developer-ready remediation guidance with free retest
Compliance-ready reporting aligned with ISO 27001 / SOC 2 / OWASP
Delivered and verified through Bytium LLC

Typical engagements

App/API Pentest

Manual, risk-based testing for critical flows

Cloud Security Review

AWS / Azure / GCP hardening and guardrails

Security Hardening

Threat modeling, security hardening, readiness, and remediation plans

Ready to talk?

Work with me Pentest readiness checklist (PDF)

Who I am

Security practitioner and founder leading Bytium LLC’s engineering-driven approach to offensive security, vulnerability management, and secure architecture design. Work emphasizes measurable risk reduction, guided by frameworks such as ISO 27001, SOC 2, OWASP ASVS, and NIST CSF. Dedicated to building resilient, compliant, and scalable security programs that align with real-world technical and business priorities.

Core skills

Web App PentestingThreat ModelingRed Team AdvisorySecurity ArchitectureActive DirectoryCloud SecurityIncident ReadinessAWSDockerPythonC/C++Assembly languageExploit development

Certifications & Badges

Certified Information Systems Security Professional (CISSP)

ISC2

Offensive Security Certified Expert 3 (OSCE3)

OffSec

Offensive Security Exploit Developer (OSED)

OffSec

Offensive Security Web Expert (OSWE)

OffSec

Offensive Security Experienced Penetration Tester (OSEP)

OffSec

RastaLabs

Hack The Box

Offensive Security Certified Professional (OSCP)

OffSec

Ethical Hacking: Hacking Web Servers and Web Applications

Advanced+ Penetration Testing Certified

Virtual Hacking Labs

Penetration Testing

Virtual Hacking Labs

CompTIA Network Vulnerability Assessment Professional – CNVP

CompTIA

CompTIA PenTest+ ce

CompTIA

CompTIA Security+ ce

CompTIA

Google IT Support Professional Certificate

Google

Research: CVEs & Exploits

CVEs

CVE-2024-8784 CVE-2024-8945 CVE-2024-8867 CVE-2024-9030 CVE-2025-3219 CVE-2025-3219

Exploits & Advisories

RISE CRM 3.7.0 - SQL Injection Exploit

Tools I use

Burp SuiteCobalt StrikeCore ImpactBloodHoundOWASP ZAPNmapMetasploitsqlmapffufwfuzzNiktoWiresharkWazuhChrome DevToolsPostmanAWSDockerGitHub Actions

Timeline

Founder & Security Lead Bytium LLC • Jan 2024 - Present · New York, USA

Leads Bytium LLC, a global cybersecurity and IT consulting firm protecting SMBs from modern cyber threats. Provides senior-led penetration testing, vulnerability assessment, and red-team advisory services. Manages client delivery, strategy, and technical leadership across engagements.

Security Consultant & Advisor BrosPly Ltd • 2022 - 2024 · Remote

Provided cybersecurity consulting and advisory services focused on security architecture design, vulnerability assessment, and risk management. Supported clients in aligning policies with industry standards, strengthening compliance programs, and developing technical security documentation for both internal and external initiatives.

Founder & Cybersecurity Researcher Rednode Services Ltd • Feb 2022 - Jan 2024 · Dhaka / Remote

Established a research-focused security lab performing exploit development, Active Directory exploitation, and vulnerability research. Published multiple CVEs, exploit advisories, and trained engineers on secure development.

Penetration Tester Red Team Partners (Contract) • Oct 2022 - May 2023 · London, UK

Performed enterprise-grade penetration testing for web, infrastructure, and cloud environments. Delivered detailed, developer-ready remediation reports with business impact analysis.

Cyber Security Specialist Freelancer.com • Jun 2020 - Dec 2021 · Remote

Performed black-box web and network pentests for global SMB clients. Delivered actionable findings and remediation verification.

Cyber Security Specialist Cyber Armed Security • Jan 2021 - Aug 2021 · United Kingdom

Executed web application penetration testing, authored in-depth technical reports, and validated fixes post-remediation.

Cyber Security Specialist Self Employed • Feb 2010 - Jun 2021 · Remote

Provided independent consulting in web security, vulnerability scanning, and incident response. Helped clients implement remediation and strengthen overall security posture.

CTF Player Hack The Box • May 2018 - Jan 2020 · Remote

Completed RastaLabs (Active Directory-focused lab). Specialized in lateral movement, privilege escalation, and red-team simulation.

Technical Support Specialist Self Employed • Feb 2007 - Jan 2014 · Remote

Delivered remote troubleshooting and IT administration, forming the foundation of deep technical problem-solving skills.

FAQ

What types of pentests do you run?

Black/gray box web apps, APIs, mobile (basic), and cloud posture checks; reports include remediation paths.

Do you sign NDAs and handle sensitive systems?

Yes. Standard security and legal processes are in place.

How do I engage you for a pentest or security audit?

Start by contacting me via the contact page with a brief scope and timeline. I’ll provide a written proposal with deliverables, timeline, and pricing.

What does a typical report look like?

Reports include an executive summary, prioritized findings, technical details, reproduction steps, and recommended fixes with severity ratings.

Do you offer training or workshops?

Yes - I offer tailored workshops for secure development practices, manual pentesting fundamentals, and red team awareness sessions. Contact for availability and pricing.