An internet security professional!

Sounds Cheesy? it’s true! Let me explain.

(TLDR: An introspective rant.)

Experience

I am an information security professional with almost a decade of experience in Applied Cryptography, GRC, Secure Hardware Development, Android Security, AI and Malware.

Current Role

@ NADRA [Aug 2025 - present] as Consultant (Public Key Infrastructure Expert)

National Database and Registration Authority (NADRA) as the lead implementor of Digital Economy Enhancement Project (DEEP) has the responsibility to provide digital ID to Pakistani citizens. This digital ID is developed on the foundations of Public Key Infrastructure; wherein my role is of the PKI Operations Manager.

Previous Roles

@ ECAC [Jan 2021 - Aug 2025] as Deputy Director (IT Security Audit)

For international audience: Electronic Certification Accreditation Council (ECAC) (spoken with the sound of E-KAK) is Pakistan’s first WebTrust audited Trust Service Provider, maintaining its Trust for 3 consecutive audit years. At the time of writing this, ECAC is seeking enrolment in Browsers and Operating Systems.

For Pakistani Nationals: Electronic Certification Accreditation Council (ECAC) (spoken with the sound of E-KAK) is an autonomous body (with a regulatory role but sadly statute of a Council, hence having identity crisis since 2002) under the Ministry of IT & Telecom with mandate to standardize the cryptography (including asymmetric encryption, digital certificates and digital Signatures) and accredit the Certification Service Providers (CSPs) (those providing the services of Trust) within Pakistan.

Though misleading from my title, I had multiple roles at ECAC (including technical roles in ECAC as a Trust Service Provider (TSP) such as) Compliance Officer, Design Authority, Registration Authority, (and supporting roles such as) Drawing & Disbursement officer (DDO), Human Resource Officer (HR), Finance Officer, Admin Officer, Communication Officer, Deputy Secretary and (for sometime) Audit Officer.

@ NCCS [Apr 2019 - Dec 2020] as Research Associate

Under the National Center for Cyber Security (NCCS) there were multiple labs hosted in universities all over Pakistan. Within Devices & Network Security Lab (DNS lab) hosted at Air University, Islamabad, I was responsible for (mostly Android) Devices Security.

I had the opportunity of trying to explore the Android Open Source Project (AOSP), which is probably the largest combination of pieces of Software ever existed. After trying to explore the AOSP for sometime, I realized that a Software Engineer may be well suited for this task. So, I focused on utlizing the standalone AI-based Anti-malware Solution (Sentineldroid)

CRDC [Mar 2016 - Apr 2019] as Design Engineer

I designed and developed the secure hardware devices including FIPS 140-2 level - 3 compliant devices, (near) realtime systems and storage systems. I had an opportunity to study and apply the core concepts of Information Security and approach of Systems Engineering which I had just studied.