Ali Yazdani

With over 10 years of experience in the security industry, I have honed my skills in various sectors and companies. Beginning my journey as a penetration tester, I gained valuable insights into the offensive side of application security. As I progressed in my career, I focused on helping organizations implement security guardrails and solutions to address their security concerns. Throughout this journey, I was exposed to numerous technologies and strategies that piqued my interest. Today, my passion lies in assisting companies in cultivating a strong DevSecOps culture to ensure their security posture is robust and effective.

Senior DevSecOps Engineer @ ScoutBee GmbH

(Aug 2022 – present)

  • Perform vulnerability assessments and penetration tests.
  • Perform security testing and code review as part of the SDLC pipeline to improve software security. (promoting the shift-left strategy and DevSecOps culture)

Security Researcher @ OWASP Foundation

(Dec 2016 – present)

Past Experiences

Senior Security Engineer @ NewStore GmbH

(Sep 2021 – Jul 2022)

  • Perform vulnerability assessments and penetration tests.
  • Perform security testing and code review as part of the SDLC pipeline to improve software security. (promoting the shift-left strategy and DevSecOps culture).

Lead Engineering DevSecOps @ Henkel AG & Co. KGaA

(Sep 2021 – Jan 2022)

  • Perform vulnerability assessments and penetration tests.
  • Perform security testing and code review as part of the SDLC pipeline to improve software security. (promoting the shift-left strategy and DevSecOps culture).

Senior Cyber Security Engineer @ Deposit Solutions GmbH

(Jul 2019 – Aug 2021)

  • Perform vulnerability assessments and penetration tests.
  • Implement a SIEM solution to monitor security-related activities.
  • Perform security testing and code review as part of the SDLC pipeline to improve software security. (promoting the shift-left strategy and DevSecOps culture).

IT Security Team Lead @ MTN Irancell

(Jun 2018 – Apr 2019)

  • Implement regular Vulnerability and Penetration Tests on IT Infrastructures.
  • Review SRS documents to ensure the security requirements right implemented by the architecture team.
  • Design and implement security monthly reporting system to centralize and visualize monthly security vendor reports.
  • To identify potential areas where existing OS/DB security policies and procedures, and controls require change, or where new ones need to be developed, especially regarding future business expansion.
  • To define and enforce IT infrastructure security checklists for new systems and existing systems considering the MTN Irancell standards and requirements.

IT Security Engineer @ MTN Irancell

(Nov 2015 – May 2018)

  • Perform penetration test and vulnerability assessment on ITS systems.
  • Check SRS documents and apply security policies and requirements in it.
  • Technical forensic investigation on important security incidents and performing root cause analysis.
  • Implement and develop health check toolkit to automate OS and DB security tools.
  • Design and implement security monthly reporting system to centralize and visualize monthly security vendor reports. …

For more information, please check my LinkedIn profile.