An (almost) internet security professional!

Sounds Cheesy? it’s true! Let me explain.

TLDR: An introspective rant of a person with a decade of experience. I am already sounding like an old person. (sad face)

Experience

I am an information security professional with a decade of experience in Applied Cryptography, GRC, Secure Hardware Development, Android Security, AI and Malware.

Current Role

Consultant (Public Key Infrastructure Expert) @ NADRA [Aug 2025 - present]

National Database and Registration Authority (NADRA) as the lead implementor of Digital Economy Enhancement Project (DEEP) has the responsibility to provide digital ID to Pakistani citizens. This digital ID is developed on the foundations of Public Key Infrastructure; wherein my role is of the PKI Operations Manager.

Oh no… By joinning NADRA, I had lost my streak of being employed in organizations with four letter names. (P.S. its still cool in Pakistan if your organization has acronym, though the short the better.).

Previous Roles

Deputy Director (IT Security Audit) @ ECAC [Jan 2021 - Aug 2025]

For international audience: Electronic Certification Accreditation Council (ECAC) (spoken with the sound of E-KAK) is Pakistan’s first WebTrust audited Trust Service Provider, maintaining its Trust for 3 consecutive audit years. At the time of writing this, ECAC is seeking enrolment in Browsers and Operating Systems.

For Pakistani audience: Electronic Certification Accreditation Council (ECAC) (spoken with the sound of E-KAK) is an autonomous body (with a regulatory role but sadly statute of a Council, hence having identity crisis since 2002) under the Ministry of IT & Telecom with mandate to standardize the cryptography (including asymmetric encryption, digital certificates and digital Signatures) and accredit the Certification Service Providers (CSPs) (those providing the services of Trust) within Pakistan.

Though not expressive from my title, I had multiple roles at ECAC (including technical roles in ECAC as a Trust Service Provider (TSP) such as) Compliance Officer, Design Authority, Registration Authority, (and supporting roles such as) Drawing & Disbursement officer (DDO), Human Resource Officer (HR), Finance Officer, Admin Officer, Communication Officer, Deputy Secretary and (for sometime) Audit Officer.

Research Associate @ NCCS [Apr 2019 - Dec 2020]

Under the National Center for Cyber Security (NCCS) there were multiple labs hosted in universities all over Pakistan. Within Devices & Network Security Lab (DNS lab) hosted at Air University, Islamabad, I was responsible for (mostly Android) Devices Security.

I had the opportunity of trying to explore the Android Open Source Project (AOSP), which is probably the largest combination of pieces of Software ever existed. After trying to explore the AOSP for sometime, I realized that a Software Engineer may be well suited for this task. So, I focused on utlizing the standalone AI-based Anti-malware Solution (Sentineldroid)

In addition to the above Research Projects, I was also the IT guy of the lab. (please read in Indian Accent so that I sound convincing) I worked with Dell R740 and (older) HP DL360p, literally on my DESKTOP (meaning top of my desk), to be honest, I had a very large desk at the time.

Design Engineer @ CRDC [Mar 2016 - Apr 2019]

I designed and developed the secure hardware devices including FIPS 140-2 level - 3 compliant devices, (near) realtime systems and storage systems. I had an opportunity to study and apply the core concepts of Information Security and approach of Systems Engineering which I had just studied.

Education

I believe in lifelong learning of a person, however, the time I spent in university (not necessary learning) is as below:

MS in Systems Engineering (with a minor in Information Security) from SINES, NUST

BS in Electrical Engineering from FAST University.

Certifications

I have passed the following certifications:

I am preparing for: