Job / Career

1. ZDResearch Co-Founder 2013-2015
   ZDResearch is an international advanced vulnerability research / penetration testing firm with 7+ years of experience.
   • ZDResearch Training Advanced hands-on security training provided by real-world hackers.
   • Binary/Web Analysis List ZDResearch provides binary/web analysis packages containing PoC, technical papers and videos, available as a subscription service.
2. Etebaran Informatics CIO & Co-Founder 2011-2013
   Etebaran Informatics is a high tech infosec-software firm focused on secure software solutions. We also did a lot of cloud and infrastructure management.
   • MehrPortal Project Wordpress-jframework integration for a complete portal/CMS solution with advanced i18n, security and custom business logic support.
   • jframework jframework is a rapid PHP web/application framework which has been under heavy development for more than six years and supports many rich features. It has also formed many cutting-edge web technologies such as jRBAC and j18n. jframework was the basis for OWASP PHP Security Project, as well as the candidate OWASP framework for PHP.
   • Seraj Project A large-scale enterprise solution for the judiciary system of Iran, handling big-data using a mixture of data-mining and management solutions. This project was developed in the course of two years and is used by all judiciary offices around the country.
3. OWASP Iran Chapter Leader Member since 2007, Chapter leader since 2012
   • OWASP PHP Security Project leader for OWASP PHP Security Project
   • OWASP PureCaptcha Project leader for OWASP PureCaptcha, an attempt to ease use of CAPTCHAs.
   • OWASP RBAC Project Project leader for OWASP RBAC Project. Role Based Access Control aims to change the way authorization is implemented all around the world.
   • ESAPI Active evaluator of ESAPI project and active developer at PHP ESAPI project.
   • ASVS Evaluator of OWASP Application Security Verification Standard and native (Persian) version author.
   • Top Ten OWASP Top Ten Web Security issues native author.
   • WebGoatPHP OWASP WebGoat Tester and OWASP WebGoatPHP project lead. WebGoat is a educational/testing environment to teach information security practically.
   • PHP Security Standards PHP security standards workgroup.
4. Smart Customs Project Lead Developer 2011 - 2012
   • The highly critical one milion man-hour financial IT projects of Iran, resulting in more than 800% Customs and Border Protection income for the country.
   • The project was directly tasked by President Ahmadinejad and delivered by a team of 40 scientists and engineers from top Iran universities.
5. Etebaran CIO 2008 - 2011
   • More than a hundred enterprise/medium business projects in different fields requiring information technology to proceed.
     • OpenCD.ir
     • EjazQuran.ir
     • howzeh-karaj.com
     • AmnPardaz.com
     • roboma.ir
     • and a dozen more ...
6. Iran Railways Head of Software Security , 2007 - 2009
   • Iran Railways has more than 11000 computer-using personel and more than 1000 offices.
   • Review and standardization of more than 20 wide-scale custom enterprise applications
   • Deriving company information security policies
   • Security consultation to obtain 9 new custom enterprise applications, with more than 20 technical sessions
7. Ministry of Culture IT Resolutionist & Head of Video Game Resolutions, (2005 - 2007)
   • Defining policies for domestic game market
   • Development of the standard country-wide game rating system
   • Establishing infrastructures and processes for application software resolutions