Sabina Sandia
London
Summary
I am a highly motivated and creative individual, looking for exciting opportunities in Cyber Security with a company that can utilise and develop upon the education and experience that I have obtained
to date.
As the Head of Offensive Security at ThreatSpike, I have built our entire Offensive Testing division from the ground up, leading a team of over 15 talented and passionate security professionals who perform vulnerability assessments, penetration tests and red team exercises for various clients across different industries. We help organisations improve their security posture, identify and mitigate risks and comply with industry standards and regulations.
Overview
10
10
years of professional experience
1
1
Certification
Work history
Head of Offensive Security
ThreatSpike Labs
London, United Kingdom
10.2023 - 01.2025
- Conducted comprehensive vulnerability assessments and performed penetration testing across various domains, including web applications, APIs, mobile apps, network segmentation, Wi-Fi, cloud environments and more
- Conducted red team exercises
- Generated detailed technical reports for security assessments, providing clients with actionable insights
- Managed incident response efforts for clients, addressing security incidents promptly and effectively
- Created Incident Response Plans for customers
- Supported pre-sales, sales and marketing efforts for penetration testing services - ThreatSpike Red
- Authored internal penetration testing guides and playbooks to standardise and improve testing methodologies
- Collaborated with customers during scoping calls to understand their specific requirements and formulated penetration testing proposals with detailed timelines
- Established and managed a team of over 15 penetration testers within a year
- Scheduled and coordinated all vulnerability assessments, penetration tests, and red team exercises to meet client needs
- Led customer briefing sessions, communicating findings and recommendations effectively
- Conducted quality assurance for all security assessment reports, including red team exercises
- Managed the entire process from marketing / advertising to handling sales inquiries, scoping calls, testing, reporting, briefing, re-testing and remediation
- Contributed to the achievement of certifications for the organisation, including ISO 27001, Cyber Essentials, Cyber Essentials Plus, Cyber Assurance, Quality Principles, CREST
- Involved in internal governance and policy creation
- Actively participated in the interviewing / hiring process for positions on the ThreatSpike Red Team
- Obtained 'Cyber Essentials Assessor' and 'Cyber Assurance Assessor' certifications
- Worked directly with the CEO on day-to-day business operations
Cyber Security Consultant
ThreatSpike Labs
London, United Kingdom
09.2022 - 10.2023
- Helped the company achieve ISO 27001 compliance certification within 3 months of joining, created internal business documentation and policies
- Offensive security activities including vulnerability scans, manual penetration tests and red team exercises for customers, more specifically: external infrastructure and web application penetration tests, PCI-DSS compliance penetration tests, Wi-Fi penetration tests, internal penetration tests, mobile app (iOS and Android) penetration tests, firewall ruleset review, AWS cloud configuration review and more
- Quickly became the penetration testing team lead unofficially within 3 months of joining the company, building the entire penetration testing division from the ground up
- Created training material, internal penetration testing training guides for new penetration testers joining the company
- Involved in the full process, from marketing, sending proposals, sales enquiries and calls, scoping, penetration testing, reporting and remediation
- Led all scoping calls for customers who require penetration tests
- Leading customer project briefing and debriefing sessions
- Leading sales enquiries and providing sales support activities including SEO, lead generation, customer calls and demos
- Incident response and investigations, including leading breach investigations
- Management of the content calendar, including reviewing and publishing blogs written by members of the team
- Producing public blogs describing penetration tests performed
- Mentoring and training members of the team
- Obtaining additional individual certifications required to carry out projects, such as Cyber Essentials Assessor and Cyber Assurance Assessor
- Website content creation and maintenance
- Providing technical support to customers
- Assisting with ISO 27001 / PCI / Cyber Essentials compliance activities
- Presentations to customers, partners and internal staff on technical topics
- Submission of company information to judging panels, including creating and winning RFPs for the company
- Creation of video materials for the company website and marketing purposes
- Involved in interviewing and hiring the right candidates for any penetration testing / analyst roles on the team
Part-Time Visiting Lecturer
University of Westminster
London
01.2019 - 09.2022
- Part of the course team for BSc Computer Science, teaching on Cyber/Information Security related modules
- Delivering lectures
- Conducting and supervising weekly laboratory/tutorial sessions
- Grading assignments
- Attending and participating in staff meetings
- Raising Cyber Security awareness through talks and presentations
Cyber Security Engineer
Exalens
06.2020 - 09.2022
- Company Overview: formerly Cyberlens B.V
- As a Cyber Security Research Engineer for an innovative start-up cybersecurity company pioneering next generation threat detection, response and recovery, I took on various different roles
- Using attack datasets in testbeds to generate and collect telemetry, such as network and endpoint logs, to aid in detection development
- Designing, developing and testing proof-of-concept threat detections, primarily using network packet captures and logs
- Used Machine Learning models and Python to detect anomalies in network and sensor data
- Working with the development team to integrate, test and deploy detections into production
- Assembling, configuring and controlling robotic arms, ROS-based devices, PLCs, HMIs, small-scale manufacturing factory models and performing penetration tests on Industrial Control Systems (ICS)
- Representing the company and supporting the sales and marketing team in customer engagements, conferences, exhibitions, webinars, as one of Exalens cyber threat detection experts
- Acted as penetration testing team lead, managing a small team, performing extensive penetration tests on SDNs, drones and on other types of virtual and physical testbeds
- Creating and developing Linux containers using Docker
- Participating in 5G security research projects (made active contributions)
Lecturer/Vocational Progress Coach
Open University
09.2021 - 03.2022
- Supported the progress of a cohort of 20 participants through the programme, helping them maintain motivation and to stay on track through to programme completion
- Arranged a 1-2-1 voice or video call weekly with each participant to support their progress
- Generated reports on individuals, giving feedback on progress and careers plans weekly via the sheet provided, with any issues, questions or serious concerns raised at the point they arise/are known
- Delivered and participated in the webinars and lab tutorials, covering all DevNet topics - acting as chat monitor and sidebar teaching assistant and mentor
Private tuition
09.2014 - 06.2016
- Preparation for GCSE and 'A' Level in Mathematics, Further Mathematics, Computer Science, Physics and Chemistry
- Monitored and assessed student performance
- Developed and implemented comprehensive lesson plans to accommodate specific level of learners while offering support to make certain each student was able to grasp materials
- Identified, selected and also modified resources to meet each students needs and integrated worksheets to vary lessons and consolidate concepts
Education
Master of Science (MSc) - Information Security
University College London (UCL)
09/2017 - 09/2018
Bachelor of Science (BSc) - Computer Science and Mathematics
Royal Holloway, University of London (RHUL)
09/2014 - 07/2017
A levels - Mathematics, Further Mathematics, Physics and Chemistry
William Morris Sixth Form College
09/2012 - 07/2014
GCSE's -
Ellen Wilkinson High School for Girls
09/2007 - 07/2012
Skills
- Communication and interpersonal skills
- Excellent written and verbal communication skills
- Strong leadership and management skills
- Confident speaking abilities
- Excellent presentation skills
- Microsoft Tools
- Android SDK
- Eclipse IDE
- JetBrains PyCharm IDE
- Adobe Products
- Windows
- Apple Macintosh
- Ubuntu
- Oracle
- Kali Linux
- Debian
- IOS
- Android
- Linux skills
- Networking skills
- Bash scripting
- Virtualisation products
- VMware
- VirtualBox
- Cloud technologies
- AWS
- AWS S3
- EC2
- Security tools
- Wireshark
- Zeek
- Metasploit
- Burp Suite
- Nmap
- Nessus
- Java
- Python
- PLC programming
- STL programming
- Configuring PLCs
- HMIs
- Agile Software Development
- Scrum
- Splunk Enterprise
- Debugging skills
- Web Application Development
- JavaScript
- AngularJS
- JQuery
- PHP
- JSON
- XML
- HTML5
- CSS
- MySQL database
- Web application security testing
- Network security testing
- Software security testing
- Cyber security best practices
- NCSC Cyber Essentials
- ISO27001
- NIST Cybersecurity Framework
- OWASP Top 10
- Threat detections
- Software Defined Networks
- Penetration tests
- Drone Technology / Robot Operating System
- ROS1 /ROS2
- Drone simulators
- Microsoft AirSim
- Gazebo
- Industrial Automation
- Configuring servers
- Windows Server 2016
- IIS
- DNS
- DHCP
- Intrusion Detection/Prevention Systems
- Configuring firewalls
- Anti-virus software
- EDR
- Purple teaming
Certification
IT Essentials
CCNA Enterprise Networking, Security, and Automation
Cisco Certified Network Associate Security (CCNA)
Cisco Certified Network Associate Routing and Switching (CCNA)
Cisco DevNet Associate Accredited Instructor
Splunk Core Certified User
Cyber Essentials Assessor
Cyber Assurance Assessor
Offensive Security Wireless Practitioner (OSWP)
Languages
English
Fluent
References
References available upon request.
Timeline
Head of Offensive Security
ThreatSpike Labs
10.2023 - 01.2025
Cyber Security Consultant
ThreatSpike Labs
09.2022 - 10.2023
Lecturer/Vocational Progress Coach
Open University
09.2021 - 03.2022
Cyber Security Engineer
Exalens
06.2020 - 09.2022
Part-Time Visiting Lecturer
University of Westminster
01.2019 - 09.2022
Private tuition
09.2014 - 06.2016
Master of Science (MSc) - Information Security
University College London (UCL)
09/2017 - 09/2018
Bachelor of Science (BSc) - Computer Science and Mathematics
Royal Holloway, University of London (RHUL)
09/2014 - 07/2017
A levels - Mathematics, Further Mathematics, Physics and Chemistry
William Morris Sixth Form College
09/2012 - 07/2014
GCSE's -
Ellen Wilkinson High School for Girls
09/2007 - 07/2012
Similar Profiles
Nitin VinayachandranNitin Vinayachandran
Head of BD & People Operations at Lumos Labs/ Rabble LabsHead of BD & People Operations at Lumos Labs/ Rabble Labs
Nick PoteatNick Poteat
Chef at White Labs Inc. | White Labs Kitchen & TapChef at White Labs Inc. | White Labs Kitchen & Tap
Somnath MukherjeeSomnath Mukherjee
Sales Manager at APCER Labs Pvt. Ltd. and ADCER Labs Pvt. LtdSales Manager at APCER Labs Pvt. Ltd. and ADCER Labs Pvt. Ltd
Tyrell WynterTyrell Wynter
Bar Manager at SimmonsBar Manager at Simmons
Muhammad SamiMuhammad Sami
Door supervisor at Blink Security ServicesDoor supervisor at Blink Security Services