I am a Security Research Lead at Picus Security, the pioneer of Breach and Attack Simulation technology. Prior to that, I spent six years as an Expert Engineer at the Communication and Information Security Division in Aselsan working, auditing, and pen-testing on military and civilian communication systems.
I received my Master of Science in Cyber Security and Bachelor of Science in Electronics Engineering from Middle East Technical University in 2019 and 2015 respectively. I am also a Certified Information Systems Security Professional (CISSP) and Offensive Security Certified Professional (OSCP).
I have multiple reports and whitepapers on a wide range of cyber security subjects including threat intelligence, vulnerability and exposure management, ransomware attacks, and nation-state APT campaigns. So far, I have authored 200+
blog posts on emerging threats and 10+
online courses on various security concepts and MITRE ATT&CK techniques. I have also delivered numerous presentations at universities and conferences.
My Latest Webinar:
News:
| 2025-07-28 | My blog post on Interlock Ransomware is published. |
| 2025-07-09 | My blog post on "Citrix Bleed 2" CVE-2025-5777 Vulnerability is published. |
| 2025-06-24 | My blog post on Iranian APT Groups is published. |
| 2025-05-23 | My blog post on Russian Unit 26165 APT Group is published. |
| 2025-04-18 | My blog post on Erlang/OTP CVE-2025-32433 Vulnerability is published. |
| 2025-04-09 | My blog post on Ivanti CVE-2025-22457 Vulnerability is published. |
| 2025-03-25 | My blog post on IngressNightmare Vulnerability is published. |
| 2025-03-24 | My blog post on Next.js CVE-2025-29927 Vulnerability is published. |
| 2025-03-14 | My blog post on Medusa Ransomware is published. |
| 2025-02-20 | My blog post on Ghost (Cring) Ransomware is published. |
| 2025-02-17 | My blog post on Microsoft CVE-2025-21293 Vulnerability is published. |
| 2025-02-04 | My colleagues and I published Picus Report 2025. |