┌─────────────────────────────────────────────────────────────────────┐
│ $ whoami │
├─────────────────────────────────────────────────────────────────────┤
│ │
│ Name : Md Rahat Rahman Akas │
│ Title : ISO 27001:2022 Lead Auditor | Cybersecurity Specialist│
│ Focus : GRC & Offensive Security │
│ Location : Dhaka, Bangladesh │
│ Education : University of the People │
│ Status : ● Open to Remote / Hybrid Opportunities │
│ │
└─────────────────────────────────────────────────────────────────────┘| Domain | What I Do | |
|---|---|---|
| Compliance Leadership | ISO 27001 audits & GRC frameworks aligned with global regulatory standards | |
| Technical Defense | SOC operations, forensic analysis, and Identity & Access Management | |
| Offensive Insight | Hands-on vulnerability assessment and penetration testing | |
| Strategic Architecture | Scalable security designs that keep organizations compliant & competitive |
| GRC & Risk Management | Frameworks & Compliance |
|---|---|
Risk Assessment Security Policy GRC BCP/DR Security Awareness |
ISO 27001 NIST CSF GDPR HIPAA PCI-DSS Gap Assessment Audit Management Compliance Reporting |
| Threat Intelligence & Strategy | Ethical Hacking & Tools |
|---|---|
Threat Intelligence Vulnerability Assessment OSINT Threat Modeling |
Penetration Testing Splunk Sentinel Wireshark Burp Suite Metasploit Nmap IDS/IPS |
Soft Skills
| Certification | Issuer | Tags |
|---|---|---|
| ISO/IEC 27001:2022 Lead Auditor | Mastermind Assurance | ISMS Auditing Risk Management ISO 27001 |
| ISO/IEC 27001:2022 Information Security Associate™ | SkillFront | ISO 27001 Information Security Risk Assessment |
| Governance, Risk, Compliance & Data Privacy | IBM SkillsBuild | GRC Data Privacy Compliance |
| Ethical Hacker | Cisco | Penetration Testing Offensive Security Vulnerability Assessment |
| Certified Cybersecurity Educator Professional (CCEP) | Red Team Leaders | Instructional Design Educational Delivery Security Architecture |
┌─────────────────────────────────────────────────────────────────────────────┐
│ Cybersecurity Consultant — GRC & Offensive Security │
│ Independent · Self-Directed 2025 – Current · Remote │
│ ───────────────────────────────────────────────────────────────────── │
│ Architecting ISO 27001 and NIST CSF-aligned security programs across │
│ GRC, risk management, and offensive security domains. Conducting │
│ audit-ready control environments and gap assessments against │
│ international standards. │
│ Tags: ISO 27001 NIST CSF GRC Ethical Hacking │
└─────────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────────┐
│ Service Account Manager │
│ Genex Infosys Ltd. · Grameenphone Enterprise 2023–2025 · Dhaka │
│ ───────────────────────────────────────────────────────────────────── │
│ Managed corporate client operations for Bangladesh's largest telecom, │
│ overseeing SLA compliance, KPI monitoring, and cross-functional │
│ service delivery. Recognized with the Attrition Warrior Award │
│ (Sept 2023) for outstanding performance under high-pressure ops. │
│ Tags: SLA Management KPI Monitoring Service Delivery │
└─────────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────────┐
│ Penetration Tester & Security Researcher │
│ Mist Leetcon · Riot Center · Independent 2022–2023 · Hybrid │
│ ───────────────────────────────────────────────────────────────────── │
│ Conducted penetration testing and vulnerability research across CTF │
│ environments. Identified system weaknesses, cryptographic flaws, and │
│ network entry points. Applied offensive techniques to strengthen │
│ defensive postures against real-world attack vectors. │
│ Tags: Red Teaming Penetration Testing Vulnerability Research │
└─────────────────────────────────────────────────────────────────────────────┘
Passionate about helping businesses achieve true resilience by embedding security into the DNA of their processes.
Open to: security research · CTF challenges · detection engineering · GRC consulting
"I don't just identify vulnerabilities — I build the frameworks that prevent them."