Hi, my name is

Mehedi Hasan

I break systems to protect them.

I’m an Application Security professional, focused on finding high-impact vulnerabilities across Web, API, Mobile, and Infrastructure and helping teams fix them effectively.

Check my work Contact Me

0xAbout Me

I am a cybersecurity professional with hands-on experience in Application Security, Vulnerability Assessment & Penetration Testing (VAPT), and Red Team Operations. I combine a strong academic foundation with practical industry expertise to approach security from both engineering and adversarial perspectives.

I hold a BSc in Software Engineering (major in Cyber Security) from Daffodil International University.

Currently at Ernst & Young (EY), I conduct security assessments for banking and telecommunications clients, identifying high-impact vulnerabilities and supporting effective remediation in complex, real-world systems. My work has received recognition from clients for both quality and impact.

Previously, I worked as a Software Security Engineer at City Bank PLC, where I led application security initiatives and conducted assessments across 100+ web, mobile, and APIs, helping to significantly improve the organization's security posture through close collaboration with development teams. Before City Bank, I worked at Trustaira, focusing on applied security research and real-world vulnerability assessments.

I actively conduct independent security research and discovered & reported public CVEs. Alongside this, I am engaged in teaching and mentoring aspiring cybersecurity professionals as a Graduate Teaching Assistant at the University of Dhaka, contributing to applied research initiatives and helping the next generation of security talent.

0xWhere I've Worked

Associate Consultant, Cybersecurity: Red Team Operations @ Ernst & Young(EY)

July 2025 - Ongoing

Received client appreciation twice from one of the largest telecom operators in Bangladesh for exceptional findings and delivery, resulting in an additional engagement for EY.
Resolved a critical testing blocker that stopped the team from testing by implementing an alternative method, restoring penetration testing for both web and mobile applications.
Conducts penetration testing for web, mobile, and APIs, improving security for major telecom and banking clients.
Drives red team operations through attack simulations, vulnerability assessments, and remediation planning.
Common and high-severity findings include Privilege Escalation, Remote Code Execution (RCE), SQL Injection, Account Takeover, and mobile-specific issues such as insecure storage, hardcoded secrets, certificate pinning, root detection bypass, and Play Protect bypass.
Recognized as a key team member; directly engaged in critical business applications, especially APIs and mobile applications, including those with complex dependency VAPT requirements, in addition to other ongoing engagements.

0xEducation

Formal Education

2018 - 2022

BSc in Software Engineering (Major: Cyber Security)

Daffodil International University

CGPA: 3.80 out of 4.00

Earned 151 Credits including 31 Credits in Cyber Security.
Major (Cyber Security) course includes – Cyber Security Fundamentals, Ethical Hacking & Countermeasures, Security Analysis & Penetration Testing, Digital Forensic, Cryptography and Secure Application, Cyber Law, Network & Communication Security.
Undergraduate Thesis Title: Automated Detection of IDOR Vulnerability in Web Application.

Professional Trainings

Penetration Testing/Red Teaming

@ Internetwork Expert

October 2023

Completed 148 hours long training on 'Penetration Testing/ Red Teaming'.
Learned topics like Enumeration, Host & Network Based Attacks, Pivoting, Persistence, Web Based Attacks.
Completed all the 120 labs of the course.
Passed the Practical 48-hour Exam cracking all the boxes.

Penetration Testing/Red Teaming

@ Internetwork Expert

October 2023

Completed 148 hours long training on 'Penetration Testing/ Red Teaming'.
Learned topics like Enumeration, Host & Network Based Attacks, Pivoting, Persistence, Web Based Attacks.
Completed all the 120 labs of the course.
Passed the Practical 48-hour Exam cracking all the boxes.

Relevant Courses

Year	Title	Organization
2023	Writing Manuscript for High Impact Publications : DOs and DONTs	ABCD Laboratory
2023	Writing in the Sciences	Stanford University(Coursera)
2023	Python for Data Visualization: Matplotlib & Seaborn	Coursera
2023	How to Write and Publish a Scientific Paper (Project-Centered Course)	École Polytechnique (Coursera)
2023	API Penetration Testing	APISec University
2022	ISC2 Certified in Cybersecurity (CC) Cert Prep	Linkedin
2020	Web Scraping with Beautiful Soup	Codecademy
2020	Python 3	Codecademy
2020	Bash Scripting	Codecademy
2020	Basics of Regular Expressions	Codecademy

0xRecognition

Professional Certifications

Year	Title	Organization	Certification ID
2020	Certified Ethical Hacker	Ec-Council	ECC5894271603
2024	Certified Professional Penetration Tester (eCPPT)	eLearnSecurity (INE)	100172202
2023	Junior Penetration Tester (eJPT)	eLearnSecurity (INE)	84233046
2025	Junior Penetration Tester (PT1)	TryHackMe	3fba18f6-6f9b-4769-b215-10ec8f3f353e
2025	API Security Certified Professional(ASCP)	APISec University	3385f67b-593f-4033-90b6-53d1f1fef71a
2023	Certified in Cybersecurity	ISC2	1466627
2022	SWIFT Customer Security Programme	SWIFT	0001291747
2022	Certified AppSec Practitioner	The SecOps Group	6886698
2023	Certified Network Security Practitioner	The SecOps Group	7147022
2023	NSE 1 Network Security Associate	Fortinet	aWHJ5zDA9G
2023	NSE 2 Network Security Associate	Fortinet	UgTxQRv2EO
2022	ISO/IEC 27001 Information Security Associate	SKILLFRONT	45272227180484

Achievements

Year	Title	Organization	Role	Rank
2023	Inter University CTF	BUET	Team Coach	2nd Runner-Up
2021	National Cyber Drill 2021	BGD e-GOV CIRT	Team Captain	5th (1st runner-up as per the points)
2021	Inter University Cyber Drill 2021	BGD e-GOV CIRT	Team Captain	2nd Runner-Up
2021	Incognito 2.0 (Our 1st International CTF)	IIIT Lucknow	Team Captain	12th Globally
2020	National Cyber Drill 2020	BGD e-GOV CIRT	Team Captain	9th (1st among Educational Institutions)

Honours & Awards

Year	Title	Organization	Link
2018-2022	Merit Based Scholarship to Complete Undergraduate	Daffodil International University
2022	Awareded Fully Funded Erasmus Plus International Credit Mobility scholarship	Staffordshire University

0xGet In Touch

What's Next?

I am currently looking for new opportunities in Red Teaming and Application Security. Whether you have a question or just want to say hi, I'll try my best to get back to you!

Say Hello