About Me
Professional Summary
I am a dedicated offensive security researcher and practitioner with a strong technical foundation in vulnerability assessment and adversarial simulations. Currently, as a **Trainee Information Security Consultant at Trustvault**, I focus on uncovering complex security flaws across web applications, APIs, and enterprise networks, including Active Directory environments.
My approach combines deep technical curiosity with an adversarial mindset. I am passionate about bridging the gap between theoretical vulnerabilities and real-world impact, providing organizations with the strategic insights needed to harden their defenses against modern threats.
Experience
Trainee Information Security Consultant
Trustvault
Sep 2025 – Present
- Internal VAPT (black box & grey box) using Nessus
- External Network Penetration Testing (real-world attack simulations)
- Web Application Pentesting using Burp Suite (OWASP Top 10)
- API Penetration Testing (auth, injection flaws)
- Active Directory Pentesting (enumeration, privilege escalation, lateral movement)
- Wireless & Mobile Pentesting
- Endpoint Security Assessments
- Firewall, Database & DNS configuration reviews
- Phishing simulations using PhishingBox
- Security compliance assessments & full pentest report writing
Cyber Security Intern
Centre for Defence Research and Development (Ministry of Defence Sri Lanka)
- Built open-source SOC (SIEM, HIDS, NIDS, EDR, SOAR)
- Threat hunting & intelligence analysis
- Bluetooth & Wireless penetration testing
- Hardware pentesting exposure
- Network device configuration (routers, switches, firewalls)
- VMware ESXi & server handling
Education
BSc (Hons) in Information Technology (Cyber Security)
Sri Lanka Institute of Information Technology
2022 – 2026
Technical Skills
Domains
Tools & Infra
Certifications
- CR
CRTA
Certified Red Team Analyst
- EJ
eJPT
Junior Penetration Tester
- OC
Oracle Cloud Foundations Associate
- CC
CCNA
- LSA
Linux Server Administration