About
JobyerAhmed
Offensive Security Researcher · Offensive security research, red-team engagements, and executive advisory — since 2010.
I'm Jobyer Ahmed — a cybersecurity professional and entrepreneur. For more than a decade I've worked on the attacker side of the table: red-teaming enterprises, breaking appliances and applications, and helping leaders translate technical findings into clear, defensible decisions.
My work sits at the intersection of deep technical research and executive advisory. On any given month I might be developing an exploit, leading a full-scope engagement, or sitting in a boardroom explaining why a risk matters.
I carry a mix of offensive depth and governance breadth — reflected in the certifications below — that shapes how I think security should be practiced: rigorous, evidence-based, and aligned with the business.
I founded Bytium LLC in 2024 to deliver this work at scale with a small, senior team, and previously ran Rednode Services Ltd, a security research lab that published CVEs and trained the next wave of offensive operators.
Experience
8 positions
Jan 2024 — Present
CurrentFounder & Security Lead
Bytium LLC
Cybersecurity consulting focused on offensive security, penetration testing, and security engineering.
2022 — 2024
Security Consultant & Advisor
BrosPly Ltd · Remote
Cybersecurity consulting on architecture, vulnerability assessment, and compliance alignment.
Feb 2022 — Jan 2024
Founder & Cybersecurity Researcher
Rednode Services Ltd
Established a security lab for exploit development and vulnerability research; published CVEs.
Oct 2022 — May 2023
Penetration Tester (Contract)
Red Team Partners · London, UK
Enterprise penetration testing across web, infrastructure, and cloud environments.
Jan 2021 — Aug 2021
Penetration Tester
Cyber Armed Security · United Kingdom
Jun 2020 — Dec 2021
Penetration Tester
Freelancer.com · Remote
Feb 2010 — Jun 2021
Cyber Security Specialist
Self-employed
Feb 2007 — Jan 2014
Technical Support Specialist
Self-employed
Certifications
9 total
Flagship
OffSec
Offensive Security Certified Expert 3 (OSEP + OSWE + OSED)
OffSec's most advanced offensive designation, earned by completing the three expert-level exams below: Experienced Penetration Tester, Web Expert, and Exploit Developer.
CISSP
Certified Information Systems Security Professional
OSCP
Offensive Security Certified Professional
OSEP
Offensive Security Experienced Penetration Tester
OSWE
Offensive Security Web Expert
OSED
Offensive Security Exploit Developer
CNVP
CompTIA Network Vulnerability Assessment Professional
PenTest+
CompTIA PenTest+ (CE)
Security+
CompTIA Security+ (CE)
Published advisories
CVEs and coordinated disclosures, public or post-embargo.
- CVE-2025-32192025
Stored XSS in Project Discussion
Perfex CRM 3.2.1
mediumCVE-2025-3219mediumStored XSS in Project Discussion
Perfex CRM 3.2.1
2025 - CVE-2025-29742025
Stored XSS in /contract content
Perfex CRM ≤ 3.2.1
mediumCVE-2025-2974mediumStored XSS in /contract content
Perfex CRM ≤ 3.2.1
2025 - CVE-2024-90312024
Cross-site scripting
CodeCanyon CRMGo SaaS ≤ 7.2
mediumCVE-2024-9031mediumCross-site scripting
CodeCanyon CRMGo SaaS ≤ 7.2
2024 - CVE-2024-90302024
Stored Cross-Site Scripting
CodeCanyon CRMGo SaaS 7.2
mediumCVE-2024-9030mediumStored Cross-Site Scripting
CodeCanyon CRMGo SaaS 7.2
2024 - CVE-2024-89452024
SQL Injection
RISE Ultimate Project Manager 3.7.0
highCVE-2024-8945highSQL Injection
RISE Ultimate Project Manager 3.7.0
2024 - CVE-2024-88672024
Cross-Site Scripting
Perfex CRM 3.1.6
mediumCVE-2024-8867mediumCross-Site Scripting
Perfex CRM 3.1.6
2024 - CVE-2024-87842024
SQL Injection
QDocs Smart School Management System
highCVE-2024-8784highSQL Injection
QDocs Smart School Management System
2024
Publications & recognition
- Exploit-DB #52100 — RISE CRM 3.7.0 SQL Injection Exploit2024
- Hack The Box · RastaLabs completion
- Training workshops on secure development and pentestingOngoing