Summary
Overview
Work History
Education
Skills
Certification
Languages
Timeline
Generic

Mykhailo Shtepa

Karlskrona

Summary

Cyber Security Engineer with 3.5 years of intensive focus on manual penetration testing, vulnerability research, and exploit development. Prior to this deep technical dive, I gained foundational experience in Governance, Risk, and Compliance (GRC) as a consultant at KPMG.

I am now looking to pivot back to an internal Information Security Engineer role.

My goal is to leverage the "attacker mindset" developed over the last few years to build more practical and resilient security programs. While I have been away from daily GRC operations for several years, I possess the core auditing foundations and am eager to refresh my knowledge of frameworks (ISO 27001, NIST) to bridge the gap between theoretical compliance and real-world security.

Overview

6
6
years of professional experience
1
1
Certification

Work History

Application Security Auditor

Outpost24 AB
Sweden
08.2022 - Current
  • Vulnerability Management & Assessment: Execute manual and automated security assessments on web applications and APIs, identifying critical vulnerabilities (e.g., OWASP Top 10, logic flaws) that pose business risks.
  • Remediation & Advisory: Act as a technical advisor to development teams, translating complex vulnerability findings into clear, actionable remediation steps, effectively helping them "patch" gaps in their security posture.
  • Risk Reporting: Produce detailed technical reports that allow stakeholders to prioritize risks based on exploitability and impact, directly supporting the organization's risk management strategy.
  • Emerging Threat Analysis: Research and test against emerging attack vectors (e.g., LLM Prompt Injection) to ensure defenses remain relevant against the current threat landscape.

Cyber Security Consultant & IT Auditor

KPMG International
Ukraine
07.2021 - 08.2022
  • Gap Analysis & Auditing: Conducted gap analyses against ISO 27001 standards to identify non-conformities in security controls and recommended corrective actions.
  • Risk Management: Assisted in the development of risk registers and performed IT security assessments to evaluate the effectiveness of organizational defenses.
  • Policy Development: Collaborated on the creation and maintenance of Information Security Policies and procedures, ensuring alignment with business goals and compliance requirements.
  • Compliance Monitoring: Monitored and analyzed client compliance with PCI DSS regulations, ensuring the secure handling of sensitive payment data.
  • Cross-Departmental Coordination: Worked with IT and business units to ensure security initiatives were implemented effectively without disrupting operations.

Enterprise Solutions Manager for Social Engeneerin

ISSP - Information Systems Security Partners
Ukraine
04.2020 - 07.2021
  • Security Awareness & Culture: Developed and maintained security training programs for end-users, focusing on "Cyber Hygiene" and defense against social engineering attacks.
  • Client Needs Analysis: Collaborated with clients to assess their security posture and propose technical solutions (Pen Testing, SOC services) tailored to their specific risk profiles.
  • Reporting: Delivered accurate, detailed reports to clients regarding their security service engagements and project status.Collaborated with cross-functional teams to ensure cyberhygiene solutions met customer needs
  • Collaborated with IT and security teams to develop and maintain cyber security posture
  • Developed and maintained training programs for end users on cyber security best practices

Penetration Test Sales

ISSP - Information Systems Security Partners
Ukraine
04.2020 - 07.2021
  • Proven ability to effectively communicate with customers to identify their needs and propose technical solutions
  • Extensive knowledge of industry standards and practices related to security and penetration testing
  • Familiar with a wide range of network technologies, including firewalls, routers, switches, VPNs, and intrusion detection systems
  • Skilled in developing client relationships to promote long-term business
  • Experienced in delivering accurate, detailed, and timely reports to clients

Education

Bachelor of Science - Computer Science

Kyiv National Economic University
Kyiv, Ukraine
07-2023

Skills

  • Attention to detail
  • Team collaboration
  • Clear communication
  • Vulnerability Management
  • OWASP
  • CVSS

Certification

CISSP - ongoing preparation.

Languages

English
Native or Bilingual
Russian
Native or Bilingual
Ukrainian
Native or Bilingual

Timeline

Application Security Auditor

Outpost24 AB
08.2022 - Current

Cyber Security Consultant & IT Auditor

KPMG International
07.2021 - 08.2022

Enterprise Solutions Manager for Social Engeneerin

ISSP - Information Systems Security Partners
04.2020 - 07.2021

Penetration Test Sales

ISSP - Information Systems Security Partners
04.2020 - 07.2021

Bachelor of Science - Computer Science

Kyiv National Economic University

Similar Profiles

  • APPAKUTTY E. KALAINESANAPPAKUTTY E. KALAINESAN

    Senior Principal Application Security Architect | IoT Product Security Lead at OWL LABS INC.Senior Principal Application Security Architect | IoT Product Security Lead at OWL LABS INC.

  • Pradeep GuptaPradeep Gupta

    SOC Analyst With Application Security at Indian Overseas Bank(Information Technology Dept.)SOC Analyst With Application Security at Indian Overseas Bank(Information Technology Dept.)

  • Karen WestKaren West

    Application Support Specialist / Vulnerability Security Specialist at First Citizens BankApplication Support Specialist / Vulnerability Security Specialist at First Citizens Bank

  • Gagandeep SinghGagandeep Singh

    Night Auditor/ Security at Emerald Hotel and SuitesNight Auditor/ Security at Emerald Hotel and Suites

CREATE PROFILE
Mykhailo Shtepa