"Most see a locked door.
I see twelve ways in,
and thirteen ways to make it unbreachable."

Hello, I'm

PHINEHAS NARH

~$ 

Attack to defend. Break to understand. Secure to protect.

View Projects GitHub LinkedIn Email Me Download CV
01

About Me

Security Engineer with hands-on experience in penetration testing, vulnerability management, and security operations. Skilled at identifying exploitable weaknesses in web applications and infrastructure, and working closely with engineering teams to implement practical, lasting remediation.

Currently driving AppSec initiatives, contributing to ISO 27001:2022 certification and securing production environments through rigorous testing and hardening. My philosophy: fully understand the attacker's mindset to architect stronger defenses.

When I'm not poking around systems, I'm building open-source security tools, writing CVE walkthroughs, and contributing to the security community.

Application Security Engineer B.Tech Cyber Security
0
+
Years Experience
0
+
Critical Vulns Remediated
0
+
Certifications
0
GitHub Repositories
ph1n3y@security:~

$ whoami

phinehas_narh

$ cat philosophy.txt

"Attack to defend. Break to build."

$ ls ./expertise/

pentest  appsec  soc  iam  devsecops

$ _

02

Experience

Application Security Engineer

Penetration Testing
  • Delivered web application penetration testing across multiple enterprise portals, identifying injection flaws, authentication bypasses, sensitive data exposure, and misconfigured security headers.
  • Coordinated directly with development and operations teams to remediate a logs exposure vulnerability, relocating log files from web root and masking sensitive data in transit.
  • Conducted endpoint compromise simulation on a Windows 10 environment with Acronis Cyber Protect Cloud deployed, validating detection and response capabilities.
Compliance & Governance
  • Supported ISO 27001:2022 certification through Stage 1 and Stage 2 ISMS audits, drafting internal security policies and adhering to Annex controls; contributed to achieving full certification.
  • Built and maintained vulnerability trackers and pentest report templates for centralized findings management across client engagements.
  • Delivered DMARC configuration training and documentation to strengthen organizational email security posture.
Security Operations & Deployment
  • Deployed a cyber deception solution for a large telecommunications client using Zscaler, configuring deception connectors, network aggregators, and verifying log generation for active threat baiting.
  • Configured SSO integration through Microsoft Entra ID (Azure AD), provisioned test users, and validated authentication flows end-to-end.
  • Hardened nginx web servers by implementing security headers; enrolled and managed endpoint devices via Microsoft Intune and M365 Defender application controls.
  • Ran phishing simulation campaigns using Wizer across client environments to establish awareness baselines and drive targeted training interventions.
DevSecOps & Cloud Security
  • Integrated SonarQube into development pipelines to enforce static code analysis, catching security vulnerabilities and code quality issues before reaching production.
  • Applied Azure security controls across multiple projects, including Entra ID identity management, conditional access policies, and secure SSO configuration for enterprise clients.
  • Leveraged AWS cloud security knowledge to assess workload posture, apply least-privilege IAM policies, and align deployments with the AWS shared responsibility model.
  • Embedded security checkpoints across CI/CD workflows, coordinating with DevOps teams to remediate exposed secrets, misconfigurations, and dependency vulnerabilities before production release.
Pre-sales & Client Engagement
  • Prepared and delivered security awareness webinars covering penetration testing fundamentals; led Palo Alto product demonstrations and Acronis Cyber Protect Cloud proof-of-value engagements.
  • Conducted consultative security discussions with multiple enterprise prospects, translating technical risk into business impact and recommending tailored solutions.
  • Built and trained an AI-powered customer-facing chatbot with prompt injection hardening to automate 24/7 service interaction across client deployments.
Burp Suite ISO 27001 Web Pentesting SonarQube Azure AWS Zscaler CI/CD Security Wizer Acronis nginx M365 Defender DMARC Deception Tech

Security Analyst

Vulnerability Management
  • Executed vulnerability assessments and penetration testing across 5+ systems and endpoints using Nessus and manual techniques, identifying and driving remediation of 100+ critical vulnerabilities to reduce attack surface.
  • Performed application security assessments supporting consolidation of 10+ high-resource applications onto centralized infrastructure, reducing server costs by 25%.
Endpoint & Security Operations
  • Administered endpoint protection platforms (Acronis, Symantec) and coordinated security awareness initiatives via KnowBe4, achieving a 47% improvement in phishing resilience metrics.
  • Led technical evaluation for managed SOC provider selection, defining detection and incident response requirements projected to reduce mean time to respond by 70%.
  • Delivered security hardening for 4 endpoints to organizational baseline standards.
Strategy & Awareness
  • Authored and presented an AI risk assessment to senior leadership, initiating a cross-functional task force to evaluate emerging technology threats and adoption strategies.
  • Conducted security awareness training for 20+ employees on threat identification, phishing recognition, and incident response protocols.
Nessus KnowBe4 SOC Acronis Symantec Endpoint Security Risk Assessment SIEM
03

Projects

8

number_tracker

Phone number OSINT tool for location and activity analysis. Geolocates numbers and extracts carrier metadata for investigations.

Python OSINT Recon
View on GitHub

CTI Threat Intelligence Toolkit

Python backend for ingesting, processing, and visualizing cyber threat intelligence feeds. Supports structured CTI formats with a JS visualization layer.

Python JavaScript Threat Intel CTI
View on GitHub

Browser-Trust

Browser-based device trust scoring tool that evaluates client-side security posture and assigns risk scores for zero-trust access decisions.

HTML JavaScript Zero Trust
View on GitHub
1

CVE-2024-4577 Walkthrough

Full incident response walkthrough for the PHP CGI argument injection zero-day. Covers attack chain, CVSS analysis, and mitigation controls.

CVE Analysis IR PHP Exploit Dev
View on GitHub

o1xport

Versatile port scanning tool built for penetration testing workflows. Fast, configurable, and outputs structured scan reports for analysis.

Python Networking Pentesting
View on GitHub

USB_controller

USB security tool that monitors, logs, and controls device access events in real-time, providing audit trails for endpoint security enforcement.

Python Endpoint Security Monitoring
View on GitHub

File-Integrity-Model

File integrity monitoring tool that detects unauthorized changes and triggers notifications, supporting host-based intrusion detection workflows.

Python FIM HIDS
View on GitHub
1

Cisco Networking Projects

Five enterprise network topologies with defense-in-depth controls, IPsec VPN tunnels, WPA3, and RBAC across 100+ concurrent device environments.

Cisco Networking VPN Firewall
View on GitHub

Pentesting-Projects

A collection of personal penetration testing engagements. Covers CVE exploitation, authentication bypass on legacy systems, CVSS-scored findings, and stakeholder-ready pentest reports with compensating controls.

Python Metasploit CVE Exploit Reporting
View on GitHub
View All 29 Repositories
04

Skills

Languages

Python C# JavaScript Go

Security Tools

Burp Suite Wireshark Metasploit Nmap Nessus SAST DAST

Operations

SIEM EDR XDR SOC DevSecOps Incident Response

Methodologies

OWASP Top 10 Threat Modeling CVSS MITRE ATT&CK ISO 27001 Zero Trust

Libraries

Pandas NumPy Matplotlib sqlite3 socket subprocess
05

Certifications

Professional Certifications

CompTIA

Security+

2026

Core security competencies in threats, vulnerabilities, architecture, implementation, and incident response.

Cisco

Cyber Ops Associate

Feb 2024

Security monitoring, log analysis, incident triage, and threat intelligence within SOC environments.

AWS

Cloud Practitioner

Feb 2025

AWS shared responsibility model, cloud security controls, and architecture best practices.

Cisco

CCNA

May 2024

Network infrastructure security, routing protocols, switching, and network access control implementation.

AXELOS

ITIL Foundation

April 2024

IT service management principles aligned with business continuity and risk management objectives.

Mastermind

ISO 27001:2022 Lead Auditor

Feb 2026

Qualified to plan, conduct, and lead ISMS audits per ISO/IEC 27001:2022 auditing guidelines.

Technical Trainings

Certified Red Team Operations Management (CRTOM) Dec 2025
Certified Phishing Prevention Specialist (CPPS) Dec 2025
API Penetration Testing May 2026 • APIsec University
Zscaler Technical Associate Jul 2025 • Zscaler
Data Security Sep 2025 • GIZ
Threat Hunting Apr 2024 • Security Blue Team
Vulnerability Management Apr 2024 • Security Blue Team
Digital Forensics Mar 2024 • Security Blue Team
Penetration Testing Oct 2023 • IT Masters
Risk Management May 2023 • PwC
Machine Learning Jun 2023 • Cognizant
06

Education

Bachelor of Technology in Cyber Security

Accra Technical University
Jan 2022 - Dec 2025
GPA: 4.13
07

Get In Touch

Currently open to new opportunities and collaborations. Whether you have a project, a role, or just want to talk security, my inbox is open.

Email phinehastettehnarh@gmail.com
GitHub PhinehasNarh
LinkedIn Phinehas Narh