Profile Image

# <Who Am I?/>

I am Alvin Mwambi (@Steiner254)

I am a professional with expertise in Web Application Security, Mobile Security, Network Security, Cloud Security, Web Development, Penetration Testing, Source Code Reviewing, and Technical Writing. I also specialize in Smart Contract Development, Auditing, and DevSecOps. As a proactive Application Security Researcher, I safeguard companies from cyber threats by identifying and resolving vulnerabilities.

# <Work & Experience/>

Experience Image

SwyptIO

Blockchain/Web2 DevSecOps

Experience Image

Hindsight VIP

Blockchain Security Auditor

Experience Image

Varonis Systems

Cybersecurity Engineer | Technical Writer

Experience Image

Digital Jewels Limited

Cybersecurity Auditor & Penetration Tester

Experience Image

Finhazi - Simplifying Finance

Penetration Tester

Experience Image

Dairah Tech Solutions

Penetration Tester

Experience Image

XYSecLabs

Chief Security Officer (CSO) | Penetration Tester | Smart Contract Auditor

# <Bug Bounty Achievements & Recognitions/>

United Nations Logo

United Nations (UN)

Reference
Huawei Logo

Huawei

Reference
University of Texas Logo

The University of Texas

Reference
Utrecht University Logo

Utrecht University

Reference
Juspay Logo

Juspay – Mobile Banking

Reference
Sendy Logo

Sendy

Reference
Cision Logo

Cision

Reference
Xsolla Logo

Xsolla (2022)

Reference
Spectrocloud Logo

Spectrocloud

Reference
Eset Logo

Eset

Reference
Prinses Máxima Centrum Logo

Prinses Máxima Centrum

Reference
Bright Data Logo

Bright Data

Reference
StarLeaf Logo

StarLeaf

Reference
Upstox Logo

Upstox

Reference
Helcim Logo

Helcim

Reference
Agicap Logo

Agicap

Reference
Rocketlane Logo

Rocketlane

Reference

# <Certifications & Accomplishments/>

WordSkills Kenya Logo

WordSkills Kenya National Competition & Innovation 2024

(1st Position – Cyber Security)

Reference
Nafasi Bug Bash Logo

Nafasi Connection - Live Hacking Competition

(1st Position, 16th August 2024 – Meetamore)

Reference
Africahackon Logo

Africahackon Masterclass Trainer

(2023)

Reference
SheHacks KE Logo

Safaricom/SheHacks KE Hackfest Speaker

(2023 – Blockchain Security)

Reference
CyberTalents Logo

CyberTalents Certified Threat Hunter

Reference
CyberTalents Logo

CyberTalents Certified SOC Analyst

Reference
PentesterLab Logo

PentesterLab Badges

Reference
CEH Logo

Currently Studying CEH – Certified Ethical Hacker

Reference
BSCP Logo

Currently Studying BSCP – Burp Suite Certified Practitioner

Reference
AWS re/Start Logo

Currently Studying AWS re/Start – Ajira Digital Bootcamp

Reference
Cyfrin Updraft Logo

Currently Studying Cyfrin Updraft – Full Blockchain Security Course

Reference

# <Skills & Tools/>

Skill Icon

Cybersecurity: Web App Security, Mobile Security, Network Security, Cloud Security, Penetration Testing, Source Code Reviewing, Technical Writing

Skill Icon

Programming: HTML5, CSS, JavaScript, C, C++, PHP, Java, Python, Bash, Go, SQL, Solidity, Rust, Ruby, Visual Basic

Skill Icon

Frameworks: Laravel, Ruby on Rails, Django, Flask, Express.js, React.js, Angular

Skill Icon

Databases: Relational, Object-oriented, Hierarchical, Network

Skill Icon

Server Technologies: Web, Proxy, FTP, Application, File, Database, Mail Servers, Virtual Machines

Skill Icon

Blockchain/Web3: Ethereum, Binance, AWS/Azure Nodes, Filecoin, Swarm, Chainlink, OpenZeppelin

Skill Icon

Operating Systems: Windows, Linux (Kali, Parrot, Ubuntu, Linux Mint, Black Arch)

Skill Icon

Additional: Hardware troubleshooting, Installation & Maintenance, MS Office Suite

# <My Blog/>

Blog 1

$$$ bounty in less 3 minutes from a google dork

Google Dorking - A powerful technique for quickly discovering vulnerabilities using advanced search queries. Bug Bounty Hunters ...

Read More
Blog 2

HTTP Request Smuggling/HTTP Desync Attacks (language of the gods)

HTTP Request Smuggling is one of the advanced topics in web security that needs deep understanding on how...

Read More
Blog 3

Insecure Direct Object References (IDOR)

Insecure Direct Object References (or IDOR) is a simple bug that packs a punch...

Read More
Blog 4

Directory/Path Traversal

Directory traversal (also known as file path traversal) is a web security vulnerability that allows an attacker to read arbitrary files on the server that is...

Read More
Blog 5

OS Command Injection

OS command injection (also known as shell injection) is a web security vulnerability that allows an attacker to execute...

Read More
Blog 6

CyberTalents BootCamp 2022 #Competition

Special kind of cybersecurity competition designed to challenge its participants to solve computer...

Read More
View More Posts on Medium

# <Contact Me/>

Let's talk about cybersecurity & blockchain innovation!

Don't like forms? Drop me an email.

steiner254@xyseclabs.com

+254742783256

P. O. Box 89044, Area 51