Simulating Real-World Breaches. Securing Enterprise Infrastructure.

Shaik Nawaz Ahmed

Offensive Security Engineer | OSCP Certified
OSCP-certified professional specializing in enterprise penetration testing, Active Directory compromise simulations, and compliance-aligned remediation reporting across financial and enterprise environments.

Download CV LinkedIn Contact Me

20+

Enterprise Systems Secured: Reduced critical-risk exposure across enterprise web, network, and AD environments.

50+

Enterprise Attack Simulations: Executed full attack chains from initial access to domain-level compromise.

Top 10%

TryHackMe (Global Ranking): Consistent high-performance in enterprise-style adversarial labs.

About Me

I run adversary-style assessments and turn findings into prioritized remediation plans leadership can execute.

OSCP-certified offensive security professional with hands-on experience in web, network, and Active Directory testing across enterprise and financial environments.

I validate real breach paths, identify high-risk weaknesses, and deliver compliance-aligned reporting that drives measurable risk reduction.

Regulatory Alignment

ISO 27001 Annex A NIST OWASP SAMA NCA ECC

Core Skills

Core capabilities used in enterprise assessments from discovery to executive reporting.

Offensive Security & VAPT

  • Enterprise web, network, and Active Directory penetration testing
  • End-to-end attack lifecycle and privilege escalation validation

Active Directory Attacks

  • Kerberoasting, AS-REP roasting, delegation abuse
  • Credential abuse, lateral movement, and domain compromise pathing

Web & Network Testing

  • Authentication, authorization, injection, and configuration risk testing
  • Privilege escalation and business-impact validation

Reporting & Risk Analysis

  • Executive and technical reporting with impact and remediation priority
  • Clear remediation roadmaps for technical and business stakeholders

Certifications

Industry-recognized credentials focused on practical offensive security capability.

OSCP

Offensive Security Certified Professional (OSCP) | Dec 2025

OSEP (In Progress)

Advanced red-team training in stealth operations, AV/EDR evasion, and advanced AD attack tradecraft.

CEH Practical

EC-Council | Certified July 2025 | Practical penetration testing focus.

Google Cybersecurity Certificate

Completed Oct 2024 | Security operations, SIEM, and incident response foundations.

Work Experience

Delivery experience across enterprise environments with measurable reduction in critical exposure.

Security Analyst - Offensive Security / VAPT, Cyber Defentech

Jan 2025 - Jan 2026
  • Executed web, internal network, and Active Directory assessments under strict NDA controls.
  • Validated an AD misconfiguration enabling potential full-domain compromise affecting 300+ users.
  • Reduced critical-risk exposure across 20+ enterprise systems and Tier-1 AD services.
  • Delivered executive and technical reports adopted by leadership for remediation planning.

Security Analyst Intern - VAPT, Huntmetrics Pvt. Ltd.

Aug 2024 - Sept 2024
  • Performed reconnaissance and vulnerability assessments across application and infrastructure layers.
  • Used Nmap, Nessus, and Metasploit to validate and document exploitable weaknesses.

Engagement Impact

  • High and critical findings validated with exploitability evidence
  • Attack chains demonstrated from foothold to domain-level impact
  • Clear communication for both engineering teams and business stakeholders

Projects & Research Labs

Applied research and lab execution focused on realistic enterprise attack scenarios.

Active Directory Attack Simulation

  • Built a controlled AD lab mirroring enterprise architecture and trust relationships.
  • Executed low-privilege to domain-compromise attack paths with detection checkpoints.
  • Mapped detection gaps and produced practical defensive recommendations.

Hands-on Security Research & Simulations

  • Completed 50+ enterprise-style labs across web, Linux, Windows, and Active Directory.
  • Repeated full attack chains: recon -> access -> escalation -> lateral movement -> domain impact.
  • Mapped findings to ISO 27001, SAMA, and NCA ECC control expectations.

Achievements

Performance outcomes demonstrating consistency in offensive security practice.

TryHackMe

Ranked in the global Top 10% through consistent enterprise-style lab performance.

CTF Ranking

Placed 114/500 teams in a national-level CTF hosted by the Computer Society of India.

Workshops

Delivered a 3-day hands-on workshop on ethical hacking, reconnaissance, and vulnerability assessment.

Tools & Technologies

Primary tools used during assessment, validation, and reporting workflows.

Nmap
Burp Suite
Metasploit
BloodHound
Mimikatz
Hashcat
SQLmap
ffuf
winPEAS
PowerSploit
Wireshark
Kali Linux
VMware

Compliance & Frameworks

Frameworks used to align technical findings with governance and audit expectations.

ISO 27001 Annex A NIST OWASP SAMA Cybersecurity Framework NCA Essential Cybersecurity Controls (ECC)

Education

Academic foundation supporting offensive security and security engineering work.

Bachelor of Engineering in Information Technology

Osmania University, Hyderabad (Lords Institute of Engineering and Technology) | Nov 2021 - Jun 2025 | CGPA: 8.05

Contact

Open to enterprise VAPT engagements, consulting mandates, and full-time offensive security roles.

Email Call LinkedIn Medium
Email: shaiknawaz3108@gmail.com Phone: +91 81256 23108