Heya!👋 I am Zohaib Masood. I started this blog to document my cybersecurity learning journey. I’ll update it regularly with walkthroughs, lessons learned, and other insights.
Background
After completing my BSc in Computer Engineering, I worked for over four years as an Application Consultant implementing risk‑based solutions for clients in the financial industry. In that role, I had the opportunity to implement enterprise solutions in a regulated industry and was actively involved across the entire product implementation cycle, from pre‑sales product demos to go‑live, and, at times, providing post‑go‑live support. Aside from functional responsibilities, I deployed multi‑tier applications for a dozen clients and noticed recurring issues such as password reuse, default credentials, and weak password policies for local accounts. Noticing these gaps sparked my interest in exploring cybersecurity and learning about best practices and potential exploitation techniques.
Education
MSc Computer Science - Ontario Tech University
My academic research focused on the safe use of cryptographic libraries, examining NIST guidelines and evaluating large language models in comparison with static analysis tools for identifying cryptographic vulnerabilities. Alongside my academic work, I explored the offensive side of cybersecurity in my free time while working part-time, honing my skills and pursuing certifications.
Publication
Certifications
I am continuously learning and currently working toward the CPTS certification, with plans to eventually pursue the OSCP if I can fund it myself.
I am passionate about the offensive side of cybersecurity, and my ultimate goal is to help organizations improve their security posture by identifying weaknesses before they are exploited. I will be documenting my journey on this blog, so you can expect walkthroughs of machines, experiences, and lessons learned as I grow in this field.
I love connecting with like-minded professionals. If you would like to connect and talk, you can find me on: