}}
JA Jobyer Ahmed
Jobyer Ahmed
Jobyer Ahmed OSCE3 • CISSP • OSCP • CNVP

About Me

Founder & Security Lead at Bytium LLC, delivering offensive security, penetration testing, and security engineering services for global SMBs. Focused on practical, high-impact security outcomes.

GitHub LinkedIn Twitter/X

Why clients hire me

OSCE3 • CISSP • OSCP • CNVP
  • Senior-led, OSCE3-level manual + automated testing
  • Developer-ready remediation guidance with free retest
  • Compliance-ready reporting aligned with ISO 27001 / SOC 2 / OWASP
  • Delivered and verified through Bytium LLC

Typical engagements

App/API Pentest
Manual, risk-based testing for critical flows
Cloud Security Review
AWS / Azure / GCP hardening and guardrails
Security Hardening
Threat modeling, security hardening, readiness, and remediation plans

Ready to talk?

Work with me Pentest readiness checklist (PDF)

Who I am

Security practitioner and founder leading Bytium LLC’s engineering-driven approach to offensive security, penetration testing, cloud/application security, and secure architecture design. My work focuses on measurable risk reduction and practical security outcomes, guided by frameworks such as ISO 27001, SOC 2, OWASP ASVS, and NIST CSF. I’m dedicated to helping global SMBs build resilient, compliant, and scalable security programs that align with real-world technical and business priorities.

Core skills

Web App PentestingThreat ModelingRed Team AdvisorySecurity ArchitectureActive DirectoryCloud SecurityIncident ReadinessAWSDockerPythonC/C++Assembly languageExploit development

Credentials

Certified Information Systems Security Professional (CISSP)
ISC2
 Offensive Security Certified Expert 3 (OSCE3)
OffSec
Offensive Security Exploit Developer (OSED)
OffSec
Offensive Security Web Expert (OSWE)
OffSec
Offensive Security Experienced Penetration Tester (OSEP)
OffSec
Offensive Security Certified Professional (OSCP)
OffSec
CompTIA Network Vulnerability Assessment Professional – CNVP
CompTIA
CompTIA PenTest+ ce
CompTIA
CompTIA Security+ ce
CompTIA
RastaLabs
Hack The Box

Research: CVEs & Exploits

CVEs
CVE-2024-8784 CVE-2024-8945 CVE-2024-8867 CVE-2024-9030 CVE-2024-9031 CVE-2025-3219 CVE-2025-2974
Exploits & Advisories
RISE CRM 3.7.0 - SQL Injection Exploit

Tools I use

Burp SuiteCobalt StrikeCore ImpactBloodHoundOWASP ZAPNmapMetasploitsqlmapffufwfuzzNiktoWiresharkWazuhChrome DevToolsPostmanAWSDockerGitHub Actions

Timeline

Founder & Security Lead Bytium LLC • Jan 2024 - Present · New York, USA
Leads Bytium LLC, a global cybersecurity and IT consulting firm protecting SMBs from modern cyber threats. Provides senior-led penetration testing, vulnerability assessment, and red-team advisory services. Manages client delivery, strategy, and technical leadership across engagements.
Security Consultant & Advisor BrosPly Ltd • 2022 - 2024 · Remote
Provided cybersecurity consulting and advisory services focused on security architecture design, vulnerability assessment, and risk management. Supported clients in aligning policies with industry standards, strengthening compliance programs, and developing technical security documentation for both internal and external initiatives.
Founder & Cybersecurity Researcher Rednode Services Ltd • Feb 2022 - Jan 2024 · Dhaka / Remote
Established a research-focused security lab performing exploit development, Active Directory exploitation, and vulnerability research. Published multiple CVEs, exploit advisories, and trained engineers on secure development.
Penetration Tester Red Team Partners (Contract) • Oct 2022 - May 2023 · London, UK
Performed enterprise-grade penetration testing for web, infrastructure, and cloud environments. Delivered detailed, developer-ready remediation reports with business impact analysis.
Penetration Tester Freelancer.com • Jun 2020 - Dec 2021 · Remote
Performed black-box web and network pentests for global SMB clients. Delivered actionable findings and remediation verification.
Penetration Tester Cyber Armed Security • Jan 2021 - Aug 2021 · United Kingdom
Executed web application penetration testing, authored in-depth technical reports, and validated fixes post-remediation.
Cyber Security Specialist Self Employed • Feb 2010 - Jun 2021 · Remote
Provided independent consulting in web security, vulnerability scanning, and incident response. Helped clients implement remediation and strengthen overall security posture.
Technical Support Specialist Self Employed • Feb 2007 - Jan 2014 · Remote
Delivered remote troubleshooting and IT administration, forming the foundation of deep technical problem-solving skills.

FAQ

What types of pentests do you run?
Black/gray box web apps, APIs, mobile (basic), and cloud posture checks; reports include remediation paths.
Do you sign NDAs and handle sensitive systems?
Yes. Standard security and legal processes are in place.
How do I engage you for a pentest or security audit?
Start by contacting me via the contact page with a brief scope and timeline. I’ll provide a written proposal with deliverables, timeline, and pricing.
What does a typical report look like?
Reports include an executive summary, prioritized findings, technical details, reproduction steps, and recommended fixes with severity ratings.
Do you offer training or workshops?
Yes - I offer tailored workshops for secure development practices, manual pentesting fundamentals, and red team awareness sessions. Contact for availability and pricing.