About

It takes curiosity to learn and courage to unlearn. Stay enthusiastic about lifelong learning.

Stay here with some redact information. For full resume, shoot me a dm or reach out via the links at footer.

Professional Experience

2024 - present | AppSec Engineer

A TechHub - Banking and Fintech Domain

• Continuously audit and establish a security baseline for a blitzscaling startup.
• Collaborate with solution architects, developers, and business analysts to identify and address security concerns.
• Deliver user-centric security practices across teams.
• Research and deliver various aspects of security related to digital banking (corporate, retail, and others).

6 months - 2023 | R&D Security Internship based in Paris

A French Startup Company

• Implemented commercial EDR solution (MDE), and tested the detection and prevention capacity.
• Performed adversary emulation to simulate real attacks (Atomic Red Team, Caldera) in order to trigger security alerts, then analyzed and determined proactive mitigation efforts.
• Performed penetration testing of an internal application, identifying 10+ security issues and providing prioritized recommendations to remediate vulnerabilities.

A year | Application Security Specialist

An Outsourcing Company.

• Dedicated AppSec engineer to performed SAST and DAST assessments for multiple international clients
• Joined as part of an R&D team, conducted Proof of Concepts and training of commercial AppSec products.

Nearly 3 years | Cyber Security Consultant

A Consulting Company

• Delivered penetration testing (web/mobile) services for clients across industries including banking, hospitality, oil and energy, aviation, outsourcing.
• Conducted a Threat-Led penetration test for a client utilizing an internal CTI tool and OSINT that helped for initial access of the project.
• Performed risk assessments by conducting client interviews and reviewing findings using the Cyber Security Assessment Program (CPA) across 10 ITSM domains. Generated reports documenting findings, risk scores, and prioritized remediation recommendations mapped to ISO27001 and NIST frameworks.

Academic Background

Sept 2022 - Sept 2023 Université Grenoble Alpes - Institut Polytechnique de Grenoble (Greble INP - UGA)

MSc. in Cybersecurity (Cysec - Bac +5)

Relevant Coursework

Threat and risk analysis (IT Audit), Software Security, Security Architecture, Cryptographic Engineering, Physical Security

Sept 2016 - Sept 2020 University of Information Technology (UIT), Vietnam National University Ho Chi Minh City

Bachelor of Engineering. Information Security (Honour Program)

Achievements

• 2022 - 2023 France Excellence Scholarships from the French Embassy in Vietnam (Master’s degree level)