Sergey Gerasimov
Cyber Security Expert and Ethical Hacker
Hello
I'm Sergey Gerasimov, a seasoned cybersecurity professional with over a decade of experience in the industry. Currently, I am heading the Red Team at SolidLab and have had the privilege of contributing to the cybersecurity landscape through my role as a leading penetration tester. My efforts have been acknowledged with 17 published CVEs, including those that had a critical impact on VmWare products.
In addition to being an active participant in bug bounty programs, I've had the opportunity to work with global giants like Sony, Hyatt, AT&T, AWS, and Mail.ru, aiding in the enhancement of their security infrastructure. As a testament to my dedication and expertise, I've been appreciated by over 10 esteemed companies like VmWare, Yandex, Mail.ru, Selectel, AWS, AT&T, TrueConf, and many more. When I'm not working on complex cybersecurity projects, you can find me challenging myself on platforms like hackthebox, where I rank in the top 50.
I look forward to leveraging my skills in web security, infrastructure security, internal network security, and cloud provider security to create safer digital environments. Here's to a world where security isn't an afterthought, but a given. Welcome to my personal site, where we can connect, collaborate, and create secure cyber systems.
Professional Info:
With a solid footing in system administration and cybersecurity built over 10 years, I've established myself as a leading penetration tester. My hands-on experience extends across web applications, networks, and internal corporate networks, making me adept at identifying and addressing security vulnerabilities of varied natures. The essence of my expertise lies in practicality - having actively partaken in the pentesting of global companies, including leading such projects.
In addition to my extensive pentesting experience, I've played a key role in setting up and ensuring the security of internal corporate networks, encompassing elements like Active Directory, Exchange, and network equipment. Some of my most impactful work has led to the publication of numerous CVEs, earning recognition and gratitude from companies, with VmWare being a prime example.
Venturing into cloud cybersecurity, I've received acknowledgments from prominent cloud providers like Vk(mail cloud solution), Yandex.Cloud, AWS, and Selectel. Whether you're looking for a pentester, an information security specialist, or an internal security expert, my skill set and experience make me an excellent fit.
Skills:
-
Web Application Security: Expert in identifying and mitigating vulnerabilities within web applications, ensuring the safe operations of digital platforms.
-
Infrastructure Security: Skilled in safeguarding the essential structures of corporate networks, preventing unauthorized access and data breaches.
-
Internal Network Security: Possess practical experience in securing the internal networks of companies, protecting sensitive data from internal threats.
-
Cloud Provider Security: Acknowledged by prominent cloud providers like Vk(mail cloud solution), Yandex.Cloud, AWS, and Selectel, for enhancing their cybersecurity frameworks.
-
System Administration: Decade-long experience in system administration, ensuring the smooth and secure functioning of IT systems.
-
Pentesting: Proficient in conducting comprehensive penetration tests, unearthing vulnerabilities, and implementing effective security measures. My work has led to the publication of multiple CVEs.
-
Leadership: Proven leadership skills, having led pentesting projects for global companies, guiding teams towards achieving security objectives.
-
Research: Active in cybersecurity research, with findings leading to the publication of significant CVEs and recognition from companies like VmWare.
-
Collaboration: Excellent at working in team environments and collaborating with other departments to integrate security into all aspects of operations.
-
Stress Tolerance: Demonstrated ability to operate effectively under stress, maintaining focus and decision-making abilities during security incidents.
These skills are underpinned by a relentless drive for learning and improvement, and the recognition that in the field of cybersecurity, the quest for knowledge never ends.
Experience:
-
Senior Information Security Engineer at SolidLab (full-time, Sep 2014 - present)
-
Develop and execute comprehensive red team exercises to identify, assess, and mitigate potential security vulnerabilities in client systems, networks, and applications.
-
Lead and mentor a team of skilled penetration testers, ensuring their professional growth and maintaining a strong team dynamic.
-
Collaborate with clients to understand their security needs and develop customized testing scenarios that align with their business objectives.
-
Continuously monitor industry trends and emerging threats, updating team methodologies and tools to stay ahead of potential risks.
-
Liaise with other security teams (e.g., Blue Team, Purple Team) to ensure comprehensive and collaborative security assessments.
-
Present findings and recommendations to clients, while also providing guidance on remediation strategies.
-
-
Senior System Administrator at Skylink (full-time, Dec 2006 - Aug 2014)
-
Install, configure, and maintain servers, network devices, and telecommunication equipment to ensure reliable and secure communication infrastructure.
-
Monitor system performance, identify potential issues, and conduct regular maintenance to optimize network efficiency and uptime.
-
Troubleshoot and resolve hardware, software, and connectivity issues in a timely manner, minimizing disruptions to the company's operations.
-
Implement and maintain network security measures, including firewalls, intrusion detection systems, and access controls, to protect sensitive data and infrastructure from cyber threats.
-
Collaborate with other IT staff, vendors, and service providers to ensure seamless integration of new systems and technologies.
-
Develop and maintain comprehensive documentation of network architecture, configurations, and procedures to support efficient operations and knowledge sharing.
-
Assist in capacity planning and infrastructure upgrades, ensuring the scalability and sustainability of the company's communication systems.
-
Participate in disaster recovery planning and testing, ensuring the continuity of critical systems and data in the event of an emergency.
-
Stay up-to-date with industry trends, emerging technologies, and best practices to ensure the company's telecommunications infrastructure remains competitive and secure.
-
Other:
Languages:
-
Russian - Native.
-
English - Intermediate (B2 level).
Soft Skills:
-
Adaptability
-
Stress resistance
-
A logical approach to problem-solving
-
Excellent team collaboration
-
A high rate of learning and self-improvement.
Certifications and Recognitions:
I hold prestigious certifications such as HTB CPTS and OSCP, and I'm proud to be among the top 1% of students at the HTB Academy. I'm also listed in the top 50 on the hackthebox platform. My dedication to cybersecurity has earned me personal commendations from over ten global companies, including VmWare, Yandex, Mail.ru, Selectel, AWS, and AT&T.
Publications and Media Mentions:
My cybersecurity work has received notable mentions in the media. Some key features can be found at:
Publications and Media Mentions:
I actively contribute to the cybersecurity community as an expert and mentor, offering insights at various events and platforms such as:
By blending technical expertise with leadership, collaboration, and a thirst for knowledge, I strive to push the boundaries of cybersecurity and help create a safer digital world.
CVEs: