Summary
Overview
Work History
Education
Skills
Projects
Workshops
Interviews
Certification
Timeline
Generic

CANER FILIBELIOGLU

Senior Cyber Security Expert
Tilburg,Netherlands

Summary

Heavy metal aficionado and RPG game enthusiast with a deep love for guitars and automation. Journey across Turkey includes teaching Linux system administration, ethical hacking, and red teaming. Conducted YouTube sessions and trained universities, merging AI and hacking to develop cutting-edge tools. Passionate about mentoring, helping interns become experts while also learning from them. Enjoys Lord of the Rings, Star Wars, Diablo, Age of Empires, and Assassin’s Creed, with a musical taste that spans Metallica, Iron Maiden, and 80s classics. Formerly played in Southern Death Metal and Power Metal bands.

Technology Overview / Career Highlights
With over a decade of experience in the Cyber Security Industry since 2008, there is a consistent demonstration of commitment to safeguarding organizations. For the past four years, served as a RED Team Leader, specializing in both offensive and defensive cybersecurity. Expertise lies in System and Network Security, with a strong focus on penetration testing and vulnerability assessments. Engaged in application security and research projects, showcasing versatility. Skilled in all-around cybersecurity consultancy, including phishing, awareness training, red teaming, and purple teaming.

Career encompasses providing consultancy and penetration testing services across various industries, including finance, telecommunications, insurance, and banking in Turkey. Work includes social engineering attacks, network penetration tests, red team engagements, and successful bug bounty programs.

Overview

13
13
years of professional experience
5
5
Certifications

Work History

Senior Cyber Security Expert

Vodafone Ziggo
Utrecht, Provincie Utrecht
4 2024 - Current
  • Emphasized breadth and depth of threat mitigation across web/mobile applications, codebases, and cloud infrastructure.
  • Reduced cyber-attack risks by conducting thorough vulnerability assessments and penetration testing
  • Achieved continuous improvement in overall system security through close collaboration with internal stakeholders such as developers, network engineers, and business leaders
  • Served as a subject matter expert and resource for both technical and non-technical staff on issues related to cybersecurity best practices, incident response and data protection requirements
  • Conducted regular audits of security infrastructure, identifying weaknesses and recommending improvements
  • Fostered relationships with external partners including law enforcement, fellow industry professionals and intelligence communities to stay informed about latest trends, threats and advancements in the field of cybersecurity
  • Conducted security audits to identify vulnerabilities

Senior Cybersecurity Consultant

Cyber4Z
12.2022 - Current
  • At Cyber4Z, I've carved a niche for myself by marrying traditional cybersecurity tools with bespoke solutions tailored to the nuances of each client's landscape
  • Utilising industry stalwarts like Nessus, OWASP ZAP, Nmap, gophish, Kali Linux, Windows, Azure, AWS, Metasploit and many more industry standard tools
  • I've probed the depths of digital defences
  • My prowess in PowerShell and Python scripting has further empowered me to refine and customise security workflows, ensuring adaptability amidst rapidly evolving threats
  • My Burp Suite, nuclei, nikto and other standard web testing tools usage has been pivotal in our web security assessments, allowing us to delve deeper into application-layer vulnerabilities such as IDOR, CSRF that cannot be discovered by automated scanners
  • And optimise countermeasures
  • To add another layer of sophistication to our cyber arsenal, I've adeptly employed Command and Control (C2) tools, providing a holistic perspective on potential attack vectors, and ensuring our defences aren't just robust but future ready
  • A crowning achievement was my development of a custom, controlled ransomware solution, built from scratch at a client's behest
  • This project didn't just test infrastructural resilience but underscored my ability to innovate and deliver under unique specifications
  • Leading both red and purple team initiatives, I've transformed potential weak spots into fortified bastions of security
  • My forensic acumen, honed over years, has been indispensable in dissecting complex breaches, ensuring a rapid return to normalcy post any incursions
  • At the heart I believe cybersecurity doctrine should be proactive, dynamic defence - a philosophy I embody and evolve daily, orchestrating a symphony of strategy, innovation, and adaptability
  • Working as a consultant for various international organisations
  • Conducting (technical) assessments to strengthen client security
  • Examples, hardening check, web portal security checks, phishing campaigns, penetration tests
  • I'm also leading the technical team of the company for all spectrum of cyber security including red teaming, pentests, forensics and purple teaming.

Senior Cybersecurity Consultant

Hoffmann
06.2022 - 12.2022
  • During my tenure at Hoffmann from June to December 2022, I made a holistic approach to cybersecurity, emphasising not just the breadth but the depth of threat mitigation
  • Navigating the vast expanse of web and mobile applications, I employed the sharp precision of tools like Burp Suite and OWASP ZAP to uncover hidden vulnerabilities, ensuring our clients' platforms were impervious to the myriad threats lurking in the digital shadows
  • My expertise wasn't confined to applications alone
  • I delved deep into codebases, conducting meticulous static code analysis that ensured not just functional but secure code deployments
  • Leveraging tools like Burp Suite Enterprise and Fortify, I was able to pinpoint inefficiencies and security gaps, refining code quality and fortifying our digital products at their very core
  • Cloud security, a paramount frontier in the modern cyber landscape, was another arena where I showcased my prowess
  • Using platforms like CloudScout, Manual Testing, Nessus, AWS Security Tools and Azure Security Center, I ensured that our cloud infrastructures were not only optimised for performance but also fortified against breaches
  • Finally, my contributions to Vulnerability Management were instrumental in creating a proactive cybersecurity posture for Hoffmann
  • Harnessing the capabilities of Qualys and Nessus, I transformed potential system weaknesses into fortified security strongholds, ensuring a robust defence against both known and emerging threats.

Senior Penetration Tester

Rabobank
07.2021 - 06.2022
  • During my tenure at Rabobank from July 2021 to June 2022, I made a holistic approach to cybersecurity, emphasising not just the breadth but the depth of threat mitigation
  • Navigating the vast expanse of web and mobile applications, I employed the sharp precision of tools like Burp Suite and OWASP ZAP to uncover hidden vulnerabilities, ensuring our clients' platforms were impervious to the myriad threats lurking in the digital shadows
  • My expertise wasn't confined to applications alone
  • I delved deep into codebases, conducting meticulous static code analysis that ensured not just functional but secure code deployments
  • Leveraging tools like Burp Suite Enterprise and Fortify, I was able to pinpoint inefficiencies and security gaps, refining code quality and fortifying our digital products at their very core
  • Cloud security, a paramount frontier in the modern cyber landscape, was another arena where I showcased my prowess
  • Using platforms like CloudScout, Manual Testing, Nessus, AWS Security Tools and Azure Security Center, I ensured that our cloud infrastructures were not only optimised for performance but also fortified against breaches
  • Finally, my contributions to Vulnerability Management were instrumental in creating a proactive cybersecurity posture for Hoffmann
  • Harnessing the capabilities of Qualys I transformed potential system weaknesses into fortified security strongholds, ensuring a robust defence against both known and emerging threats.

Technical Security/Team Lead/Penetration Tester

Various Clients (Honeywell, InnoveraBT, Lostar A.S., Penetrust)
06.2013 - 06.2021
  • From June 2013 to June 2021, I navigated a multifaceted voyage, collaborating with entities such as Honeywell, InnoveraBT, Lostar A.S., and Penetrust
  • These engagements painted a vibrant tapestry of challenges and triumphs, each honing a unique facet of my cybersecurity expertise
  • At the vanguard of my contributions were strategic red team engagements, designed to simulate sophisticated cyber threats
  • Melding technical acumen with psychological insights, I executed intricate social engineering campaigns, often harnessing the power of OSINT to craft compelling threat narratives
  • This holistic approach ensured a 360-degree evaluation of both human and technological vulnerabilities
  • The labyrinth of source code was another domain I frequented, meticulously analysing and fine-tuning the SDLC processes to blend functionality with fortified security
  • Simultaneously, my prowess in penetration testing spanned across internal and external networks, web platforms, and mobile applications, ensuring a robust defence matrix for our clients
  • However, my commitment to cybersecurity wasn't just reactive
  • I spearheaded proactive initiatives like optimising email security protocols, fine-tuning mail gateways, and enhancing Linux system administration practices
  • My engagements also covered the intricate landscapes of NAC products, Endpoint security, and the strategic implementation of SIEM rule testing
  • Recognizing the paramount importance of human elements in cybersecurity, I curated and delivered training modules, empowering teams to become the first line of defence against threats
  • Additionally, my contributions to data loss prevention projects and the adept implementation of specialised tooling have been instrumental in safeguarding critical data assets.

Security Consultant

InnoveraBT
07.2016 - 04.2017
  • From July 2016 to April 2017 at InnoveraBT, as a Security Consultant, I spearheaded a multifaceted cybersecurity initiative
  • My responsibilities spanned from installing and fine-tuning network security products to ensuring an iron-clad defence with robust Data Loss Prevention (DLP) systems
  • Endpoint security was bolstered with cutting-edge EDR, AV solutions, and comprehensive mail gateways to safeguard against malicious payloads
  • I excelled in fortifying our networks with Network Access Control (NAC) tools, ensuring airtight access protocols
  • My proficiency also extended to Linux system administration, where I streamlined operations while amplifying security
  • Recognizing the need for human-centric security, I curated training sessions to upskill teams in vital areas
  • Blending technical solutions like endpoint enhancements with knowledge dissemination, my tenure at InnoveraBT was about fostering a holistic security ecosystem.

Linux System Administrator

Nanotrust
01.2012 - 02.2013
  • During my tenure at Nanotrust from January 2012 to February 2013, I took on the role of a Linux System Administrator with a niche focus on cybersecurity
  • My responsibilities encompassed overseeing both web and email hosting, ensuring optimised performance and unwavering security
  • Recognizing the vulnerabilities that can plague systems, I prioritised system hardening, implementing stringent protocols and continuously monitoring them to preempt any potential threats
  • Beyond routine system administration, I was entrusted with designing security-centric network architectures
  • This involved meticulously planning every component, from the firewall configurations to intrusion detection systems
  • My hands-on involvement extended to the installation, configuration, and meticulous administration of an array of security products, ensuring that Nanotrust's digital infrastructure was not only efficient but also resilient against the evolving threat landscape.

Education

High School Diploma -

Cumhuriyet Lisesi
Ankara, Turkey
04.2001 -

Skills

Network Penetration Testing

Application Security Testing

API Security Testing

Social Engineering

Cloud Security Testing

Scripting Languages

Security Code Review

Vulnerability Assessment

Penetration Testing Skills

Red Teaming

Ethical Hacking Techniques

Phishing Awareness Training

Projects

  • INFALCON - Open Source Intellıgence Platform
  • InfDDoS – DDoS monitoring tool using Prometheus server and Grafana
  • tckfc - https://github.com/Octosec/tckfc
  • hackercamp Octosec - https://octosec.net/
  • Hacktrick - https://www.hacktrickconf.com/

Workshops

  • Open Source Days – Istanbul – OSINT Workshop
  • Hacktrick 2014 – Linux System Administration
  • Hacktrick 2015 - Linux System Administration
  • Hacktrick 2016 – Practical Penetration Testing
  • Hacktrick 2018 – Security Fundamentals
  • Hacker Camp Sakarya – Linux for Hackers
  • Hacker Camp Samsun – Linux System Management
  • Hacker Camp Trabzon - Linux System Management
  • Honeywell Security Day Event – Security Awareness Training

Interviews

  • A Sysadmin Turned Red Team Leader Talks Burp Suite - https://portswigger.net/customers/sabancidx
  • OSCP Process - https://siberbulten.com/makale-analiz/caner-filibelioglu-oscp- surecini-anlatti-imkansiz-degil- ama-oldukca-zor/
  • Meltdown and Spectre Vulnerability - https://siberbulten.com/sirket-haberleri/ meltdown-ve-spectrenin-farkli- kisilerce-ayni-zamalarda-bulunmasi-tesaduf- olabilir/
  • Cyber Security Training Camps - https://siberbulten.com/sirket-haberleri/asil- kamp-simdi-basliyor-lostarin- isiklari-bir-sure-daha-sonmeyecek/

Certification

SANS GIAC Penetration Tester (GPEN,2024)

Timeline

Senior Cybersecurity Consultant

Cyber4Z
12.2022 - Current

Senior Cybersecurity Consultant

Hoffmann
06.2022 - 12.2022

Senior Penetration Tester

Rabobank
07.2021 - 06.2022

Security Consultant

InnoveraBT
07.2016 - 04.2017

Technical Security/Team Lead/Penetration Tester

Various Clients (Honeywell, InnoveraBT, Lostar A.S., Penetrust)
06.2013 - 06.2021

Linux System Administrator

Nanotrust
01.2012 - 02.2013

High School Diploma -

Cumhuriyet Lisesi
04.2001 -

Senior Cyber Security Expert

Vodafone Ziggo
4 2024 - Current

Similar Profiles

  • Tjivingurura "GEORGE" Kakero

    Tjivingurura "GEORGE" KakeroTjivingurura "GEORGE" Kakero

    Cleaner at Ziggo Cleaning companyCleaner at Ziggo Cleaning company

    View Profile
  • Dunya Atalay

    Dunya AtalayDunya Atalay

    Customer Support Specialist at ZiggoCustomer Support Specialist at Ziggo

    View Profile
  • Hariom Dube

    Hariom DubeHariom Dube

    Deputy Manager at Vodafone Services India Pvt Ltd, Vodafone GermanyDeputy Manager at Vodafone Services India Pvt Ltd, Vodafone Germany

    View Profile
CANER FILIBELIOGLUSenior Cyber Security Expert