I run NullStrike Security a penetration testing firm focused on web/API security and cloud infrastructure. I work with real clients on real systems: finding what their scanners miss, before attackers do.

Web & API Penetration Testing Depending on Scope my Each Engagement Last around 1-4 week. and Currenlty able to offer compliance drive penetration Testing in HIPPA, ISO 27001, SOC 2 Type II..

Cloud Penetration Testing Primary focus: GCP. Also AWS and Azure. Misconfigurations, overprivileged service accounts, lateral movement, privilege escalation to org-level access.

Bug Bounty Large public programs as real-world R&D realistic, messy targets at scale that labs cannot replicate.

Custom Tooling Payloads, offensive scripts, and runbooks in Python, C, and C++ when existing tools fall short or leave too much noise.

• Cloud identity attacks GCP service accounts, workload identity, IAM privilege escalation
• AI / LLM security prompt injection, model abuse, insecure integrations
• Building NullStrike's practice in healthcare and regulated industries

3-4 years in cloud and web pentesting, then deeper into cloud red teaming and Active Directory / cloud identity attack chains.