Attack surface analyst. Risk investigator. Systems thinker. Building deep technical capability across vulnerability management, and security analysis — one lab at a time.
I'm a cybersecurity professional with hands-on experience in attack surface monitoring, risk validation, and technical support — currently working remotely for UpGuard in Sydney.
My day-to-day involves investigating exposed services, analysing SSL/TLS configurations, troubleshooting authentication failures, and coordinating with engineering teams on bug tickets and platform-level incidents. Before that, I conducted OSINT and assisted with vulnerability assessments across 50+ financial institutions at SGV & Co. (EY Philippines).
I'm now deepening my technical foundation through a structured 6-month lab program — building proficiency in vulnerability scanning, cloud hardening, compliance frameworks, and system administration to move into a dedicated analyst or sysadmin role.
Primary technical point of contact for enterprise customers using UpGuard's cyber risk and attack surface monitoring platform. Daily work involves investigating and validating security alerts by analysing exposed services, SSL/TLS configurations, and web infrastructure using Nmap, OpenSSL, and cURL.
Troubleshoot complex platform, networking, and authentication issues including SSO failures and DNS misconfigurations. Monitor global cybersecurity developments and escalate high-risk threats to L2 engineering teams.
Collaborated with the Infrastructure and Security Team to set up SSH Keys and SSH Certificates.
- Maintained strong overall quality control of software by performing tests on varying platforms, adhering to reliability, performance, and customer expectation. - Found and reported major bugs, and offered suggestions to senior management to enhance the overall quality of the software. - Developed Low and High Fidelity Wireframes for a web application using Figma. - Managed and tracked other interns' projects and reported their progress to senior management. - Provided Technical Support including but not limited to setting up meetings, reviewing and creating documents for Perti and its clients, chairing meetings, and setting up demonstrations.
Conducted OSINT and attack surface analysis across 50+ banks and 4 government agencies, identifying exposed assets and potential vulnerabilities for client security assessment reports. Collaborated with senior consultants to deliver client-facing findings.
Provided technical support to 30+ students and faculty. Assisted in deploying and maintaining IT resources for academic use. Received Certificate of Recognition for Excellence.
kmbv.cc is both my portfolio domain and a live security training environment — a real attack surface I configure, harden, monitor, and iterate on as part of my hands-on lab program.
Every subdomain serves a dual purpose: a real service and a learning objective. Security controls are implemented, documented, and tracked through an ASM platform.
Open to vulnerability analyst and security analyst roles — remote preferred, particularly AU, SG, or international remote.