$ whoami
mustafa-ali
$ cat /etc/profile.d/identity.shname: Mustafa Ali
role:
- CTO @ AL-Jedar Group
- Co-Founder @ EMLAK
- CTO @ Al-Shuaa Security Services
certifications: [OSCP+, OSEE, OSWE, CEH v12, CAIP, CAPIE]
platforms: [HackerOne, Bugcrowd]
background: [Apple, Meta, Control Risks, Coop]
focus:
- Offensive Security & Red Teaming
- Enterprise Software Architecture
- AI-Driven Security Solutions
- ATM & API Security Assessments
location: Baghdad, Iraq ๐ฎ๐ถMost security leaders think like defenders. I spent years thinking like an attacker โ then built systems that stop them.
I hold three of OffSec's most demanding certifications simultaneously โ OSCP+, OSEE, and OSWE โ a combination held by fewer than a few hundred professionals globally. Before moving into the C-suite, I protected diplomatic missions at the Spanish & German Embassies under Control Risks, contributed to Deep Learning research at Meta, and shipped software at Apple.
Today I build companies and break systems โ both on purpose.
| Domain | Expertise |
|---|---|
| ๐ Web Application Pentesting | OSWE-certified โ source code review, auth bypass, RCE chains |
| ๐ป Windows Exploitation | OSEE-certified โ kernel exploits, advanced shellcoding, DEP/ASLR bypass |
| ๐ Network Pentesting | OSCP+-certified โ full kill-chain engagements |
| ๐ณ ATM Security | Physical & logical ATM penetration testing |
| ๐ API Security | CAPIE-certified โ REST/GraphQL attack surfaces |
| ๐ Bug Bounty | HackerOne & Bugcrowd โ 6+ years, critical CVEs |
| Project | Stack | Role |
|---|---|---|
| EMLAK โ Property Management Platform | Laravel 11 ยท Filament v3 ยท MariaDB ยท Redis | Co-Founder & Architect |
| AL-Jedar ERP โ HR ยท Attendance ยท Payroll | Laravel ยท PWA ยท Push Notifications | CTO |
| Sec2Tech โ Cybersecurity Education | Custom LMS | Founder |
| Al-Shuaa Security Tech โ Guard Management | Laravel ยท Real-time Systems | CTO |
Languages & Frameworks
Infrastructure & Security
Database & Caching
AI & Dev Tools
๐ด Offensive Security (OffSec) โ Click to expand
| Cert | Issuer | Year |
|---|---|---|
| OSCP+ โ Offensive Security Certified Professional Plus | OffSec | 2025 |
| OSEE โ Offensive Security Exploitation Expert | OffSec | 2021 |
| OSWE โ Offensive Security Web Expert | OffSec | 2020 |
| OSCP โ Offensive Security Certified Professional | OffSec | 2019 |
๐ก๏ธ Security & Ethical Hacking
| Cert | Issuer | Year |
|---|---|---|
| CEH v12 โ Certified Ethical Hacker | EC-Council | 2023 |
| CAPIE โ Certified API Hacking Expert | Udemy | 2026 |
| ATM Penetration Testing & Security Assessment | Red Team Leaders | 2026 |
| Red Teaming Certificate | TryHackMe | 2026 |
| CCEP โ Certified Cybersecurity Educator Professional | Red Team Leaders | 2025 |
๐ค AI & Engineering
| Cert | Issuer | Year |
|---|---|---|
| CAIP โ Certified Artificial Intelligence Professional | GST Inc. | 2020 |
| AI+ Prompt Engineer Level 1โข | AI CERTsยฎ | 2025 |
| Google Cloud Professional API Engineer | 2019 | |
| PCPP2 โ Certified Professional in Python Programming | OpenEDG | 2017 |
| Microsoft Certified: Python Developer | Microsoft | 2016 |
| Full-Stack Web Developer | CareerFoundry | 2018 |
"The most effective security leaders think like attackers. I've spent years proving that in the field."