Muhammad Shahbaz

Lahore, Punjab, Pakistan

Mobile: +923454011101
Email: [email protected]
LinkedIn: https://www.linkedin.com/in/mr-muhammad-shahbaz/

Summary
As a Cyber Security Consultant with over 10 years of experience in IT, Governance, Risk, and Compliance (GRC), Penetration Testing,
and Development, I specialize in delivering robust cybersecurity solutions that enhance organizational security and ensure regulatory
compliance. I have successfully led over 100 projects spanning development, penetration testing, and compliance assessments, aligning
organizations with standards such as ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 27017, ISO/IEC 27018, and NCA frameworks (ECC-
2:2024, CCC, DCC). My expertise has consistently improved security postures, reducing vulnerabilities by up to 40% and safeguarding
critical digital assets across diverse industries.

Education
National University of Science and Technology, Islamabad, Pakistan
09/2013 – 01 /2017
M.S. Information Security
• Completed projects in cryptography, web security, and vulnerability analysis, emphasizing information security management
principles.
• My Master's thesis; SmartAuth: Multi-Factor Authentication Using Smart Card and Android on Web, enhances security by
providing robust multi-factor authentication.
• Additionally, I worked with an open-source firewall on Ubuntu using C# to filter URLs, demonstrating my expertise in network
security, secure application development, and effective information security management.
University of Engineering and Technology, Lahore, Pakistan
08/2008 – 08/2012
B.Sc. Electrical Engineering.
• Major in Telecommunication
• Completed interdisciplinary courses in Probability and Statistics, Engineering Management, and Entrepreneurship.
• Developed "Eye in the Sky," a quadcopter utilizing Bluetooth, Wi-Fi, GSM and SMS showcasing practical applications of
telecommunications principles.

Certifications
• ISO/IEC 27001 Lead Implementer – PECB 02/2025
• ISO/IEC 27001 Lead Auditor – PECB 03/2025
• ISO/IEC 27001 Lead Auditor – Mastermind 04/2025
• ISO/IEC 27001 Information Security Associate™ – SkillFront 12/2024
• ISO/IEC 20000 IT Service Management Associate™ – SkillFront 04/2025
• APIsec Certified Practitioner - APIsec University 04/2025
• CC Certified in Cybersecurity – (ISC)2 12/2022
• SC-900 Microsoft Certified: Security, Compliance, and Identity Fundamentals – Microsoft 12/2022
• CISM in progress
• CISSP in progress

Practical Experience
Code and Speed Solutions, Pakistan
05/2022 –Present
Owner & Consultant
• Experienced on aligning practices with standards such as ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 27017, ISO/IEC 27018,
PDPL, NCA ECC-2:2024, NCA CCC, and NCA DCC.
• Conducted internal audits and produced detailed audit reports in compliance with NCA ECC-2:2024, identifying gaps and
recommending actionable improvements to enhance security posture.
• Defined the scope for ISO/IEC 27001 clauses 4.1, 4.2, and 4.3, ensuring 100% compliance with regulatory requirements and
strengthening risk management processes.
• Contributed to risk assessment and proposed mitigation strategies, improving risk management effectiveness by 25%.
 • Created dataflow diagrams to align product compliance with ISO/IEC 27001, GDPR, and SOC 2 standards, enhancing
regulatory adherence and risk management.
• Conducted cybersecurity awareness training for employees and C-level executives in alignment with Aramco CCC+ TPC-7.
• Conducted detailed product reviews to assess and update dataflow diagrams for accurate representation.
• Reduced product security flaws by 25% through comprehensive penetration testing using Burp Suite.
• Conducted over 50+ OSINT-based security assessments to uncover security gaps, improving threat identification by 30%.
• Improved website security through penetration testing, code review and performance for clients by up to 30%.
• Successfully completed over 100 freelance projects locally and on platforms like Fiverr and Upwork specializing in OAuth 2.0
authentication APIs for clients, with a 98% client satisfaction rate, including code review, penetration testing, and debugging.
• Recognized as the top CRM publisher portal by Google Asia at Eboundservices.
• Provided cybersecurity services at Fivetier.
• Enhanced and optimized security of Hotel4cast for exceptional performance.
Swissconcept Solutions GmbH, Switzerland
04/2020 – 04/2022
Engineering Project Manager (Remote)
• Developed and secured backend APIs using JWT tokens and public-key cryptography.
• Hardened servers using Linux firewall and Fail2ban, ensuring robust protection against unauthorized access.
• Conducted penetration testing on applications and cloud resources, improving security posture by 40%.
• Reviewed and analyzed backend source code to enhance project features.
• Managed cloud resources, including FUSIONPBX (FREESWITH), and troubleshooted any issues.
• Ensured successful project completion and drove business growth through effective collaboration and project management
from any location due to the remote nature of the role.
ABBC Payment Services Provider, United Arab Emirates
08/2018 – 12/2019
Cyber Security Manager
• Led a team of 8 professionals in conducting penetration tests and security audits, reducing critical vulnerabilities by 50%.
• Conducted real-world attack simulations to identify detection gaps and improve response times.
• Applied industry best practices across the organization to protect systems and data from potential threats.
• Conducted regular penetration tests, identifying and mitigating over 75 security vulnerabilities, resulting in a 50% reduction
in high-risk threats.
• Delivered comprehensive security reports and executive-level presentations to stakeholders, prioritizing findings by risk
impact.
• Designed custom scripting tools for testing automation, increasing testing efficiency by 25%.
Playit.pk, Pakistan
07/2013 – 07/2018
Co-Founder & Technical Head
• Built a scalable web infrastructure that propelled the website into Alexa's top 10,000 global rankings.
• Conducted in-depth security testing and implemented horizontal scaling using NGINX reverse proxy to ensure uptime and
scalability.
• Utilized Cloudflare to enhance web security, mitigating DDoS attacks and performance bottlenecks.
• Led the design of secure APIs and application environments, resulting in a secure infrastructure handling over 5 million users.
Hybrid Signals, Pakistan
12/2012 – 06/2013
Product Lead Developer
• Led projects to optimize data flow and enhance backend efficiency.
• Developed scalable architectures, server-side auto-update systems, and MySQL databases.
• Integrated PHP with client-side technologies and automated Facebook API data parsing.
• Designed analytics dashboards with Google Charts and used Git for version control.
• Participated in Plan9 mentorship sessions, engaging with industry experts for technical growth.

Trainings & Workshops

• ISO/IEC 27001 Lead Implementer training course – PECB 01/2025
• ISO/IEC 27001 Lead Auditor training course – PECB 02/2025
• Security Compliance: ISO 27001 – Pluralsight 08/2024
• The Complete ISO 27001: Information Security Management – Udemy 12/2024
• ISO 27001:2022 ISMS – Securium Academy 12/2024
• Compliance Framework: PCI DSS – Pluralsight 08/2024
 • Security Compliance: SOC 2 – Pluralsight 08/2024
• Information Governance: GDPR – Pluralsight 08/2024
• Information Governance: CCPA – Pluralsight 08/2024
• API Security for PCI Compliance – APIsec University 12/2024
• API Penetration Testing – APIsec University 11/2024
• API Security Fundamentals – APIsec University 11/2024
• OWASP API Security Top 10 – APIsec University 12/2024
• Securing API Servers – APIsec University 12/2024
• API Authentication – APIsec University 01/2025
• API Gateway Security Best Practices – APIsec University 12/2024
• Introduction to Cybersecurity – Cisco 04/2023
• Penetration Testing – TryHackMe.com 03/2023
• CCNA Workshop – Corvit 09/2012
• Project Management Fundamentals– Udemy 11/2024

Publications
• SmartAuth: Multi-Factor Authentication using Smart Card and Android on Web
• DATA: Survey of Data Acquisition Techniques on Android Devices
• Penetration Testing Reports. (PacketStormSecurity: https://packetstormsecurity.com/files/author/13948/)
• Contributed a major update to the Blockchain Explorer's full address history feature, enhancing transaction tracking and
transparency. (GitHub: https://github.com/iquidus/explorer/pull/319)

Further Engagements
Bsides Munich, Germany
03/2019
Public Speaking
• Delivered an engaging presentation on "SmartAuth: MFA using Smart Card and Android on Web" at BSIDES Munich, an
information security conference. https://www.youtube.com/watch?v=rYWezQMGUKA

Technical Skills
• Compliance & Governance: ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 27017, ISO/IEC 27018, NCA, PCI DSS, NIST, SOC 2
• Penetration testing: API Penetration Testing, Burp Suite, Metasploit, Nmap, Wireshark
• Cryptography: AES, RSA, ECC, SHA256
• Secure API Development: PHP, MySQL, JavaScript, Postman
• Cloud Security: IaaS, AWS, GCP, Digital Ocean
• Cyber Security: Linux, Ubuntu, Kali Linux, OAuth 2.0, SSH
• Code Versioning: Github, Gitlab
• Vulnerability Management: OSINT, OWASP Top 10, Risk Assessment
• WordPress: WooCommerce

Transferable Skills
• Communication skills: Written and verbal
• Critical thinking: Problem solving, decision making
• Leadership: Strategic planning, team management
• Adaptability: Flexibility, open-mindedness
• Analytical skills: Research
• Technical proficiency: Digital literacy
• Interpersonal: Collaboration, conflict resolution
• Project management: Organization, time management
• Creativity: Innovation, problem solving
• Emotional intelligence: Empathy, self-awareness

Languages
Urdu (Native), English (C1), Punjabi (B1)
Interests
Reading, Running