SAMUEL SHONDE

About Me

I am a passionate cybersecurity professional with 4 years of experience in securing digital assets and protecting organizations from cyber threats. My journey in cybersecurity began with a deep curiosity about how systems work and how they can be exploited, which eventually led me to specialize in ethical hacking and application security.

I thrive in challenging environments where I can apply my skills to identify vulnerabilities, design secure systems, and educate teams on best practices and strengthening security through ethical hacking, vulnerability assessments, and secure development practices. Outside of work, I enjoy contributing to the cybersecurity community through blogs, open-source projects, and mentoring aspiring security enthusiasts.

My mission is to make the digital world a safer place by staying ahead of emerging threats and continuously improving my skills.

Areas of Expertise

• Security Research: Discovered and reported vulnerabilities in Web & Mobile app programs, including fintech and healthcare applications
• API Security: Developed tools and techniques to secure APIs against common vulnerabilities.
• Web Application Penetration Testing: Conducted security assessments for web applications.
• Mobile Application Penetration Testing: Identified vulnerabilities in Android/iOS applications.
• Application Security Engineering: Implemented secure coding practices and DevSecOps pipelines.

Experience

• Cybersecurity Instructor – Web Application Security [Contract] - Cloud Mavin's Cybersecurity Academy
  Aug 2024 - Till Date
  - Delivering hands-on Web Application Security training students.
  - Designed practical assessments & lab challenges to reinforce vulnerability exploitation.
  - Guided students through secure development practices and AppSec fundamentals
• Security Research & Penetration Testing Services - Freelance
  March 2024 - Till Date
  - Provided security consulting services to clients across various industries.
  - Reported vulnerabilities like ATO, IDOR, 2FA bypass to startup organizations
  - Conducted security audits and risk assessments.
  - Conducted private penetration testing for fintech apps and transport API services
• CyberSecurity Intern [Remote] – Web Application Penetration Tester - Hacktify Cyber Security
  Jul 2024 – Aug 2024
  - Conducted penetration testing on live web applications, identifying XSS, SQLi, CSRF, IDORs.
  - Collaborated on CTF challenges and pentest reporting.

Projects

• Security Research: Vulnerability in various web programs
• API Security: Documented and Hacked Vulnerable Bank API
• Web Application Penetration Testing: Open Redirect to XSS: Chaining Vulnerabilities for Maximum Impact
• Mobile Application Penetration Testing: Insecure Data Storage in a private App Pentest
• Application Security Engineering: Built a Lightweight CI/CD DAST Vulnerablity scanner
• Open Source: Open Source labs and Penetrationg testing tool contributions
• Security Research: Built an Open Redirect testing tool with browser extension capability

Certifications

• Certified Application Security Practitioner (CAP): View Certificate
• API Penetration Tester: View Certificate
• Information Security Management System (ISO/IEC 27001): View Certificate

Contact

Feel free to reach out to me for collaborations, bug bounty programs, or security consultations:

• LinkedIn: Samuel Shonde
• Twitter: @Dghost_Ninja