// Cybersecurity & Full-Stack Engineer
Fuad Mohammed
Umer
Securing systems, building scalable applications,
and breaking things to make them stronger.
View Projects Security Blog Contact
0
Projects Built
0%
TryHackMe Rank
0
CVEs Analyzed
0+
CTF Challenges
Scroll
// 01. About

Who I Am

fuad@secdev ~ whoami
fuad@secdev ~/ $ cat profile.json
 
{
  "name": "Fuad Mohammed Umer",
  "role": "InfoSec & Full-Stack Eng.",
  "company": "Hijra Bank",
  "education": "B.Sc. CS, Univ. of Gondar",
  "certified": true,
  "cert": "ICS2 Cybersecurity Pro",
  "thm_rank": "Top 5%",
  "stack": ["MERN", "FastAPI", "PostgreSQL"],
  "ctf_active": true,
  "status": "open_to_opportunities"
}
 
fuad@secdev ~/ $ |

Building & Defending Digital Systems

I'm a hybrid Full-Stack Developer and Cybersecurity Professional based at Hijra Bank, where I protect critical banking infrastructure through vulnerability assessments, threat monitoring, and incident response.

With a deep passion for both building and breaking systems, I bring a security-first mindset to every line of code I write. My MERN stack and FastAPI expertise lets me engineer robust applications, while my offensive security background ensures they're built to withstand real-world attacks.

Ranked in the Top 5% globally on TryHackMe, I actively participate in CTF competitions and publish security research to give back to the community.

ICS2 Certified Cybersecurity Professional
MERN Stack FastAPI Penetration Testing VAPT ICS2 Certified CTF Player PostgreSQL Ethical Hacking
// 02. Skills

Technical Arsenal

βš›οΈ
Full-Stack Development
React.js92%
Node.js / Express88%
MongoDB85%
FastAPI (Python)90%
PostgreSQL / SQL87%
πŸ›‘οΈ
Cybersecurity
Penetration Testing90%
VAPT88%
Ethical Hacking85%
Threat Analysis87%
Incident Response82%
πŸ”§
Tools & Platforms
🐧 Linux
πŸ™ Git / GitHub
πŸ•·οΈ Burp Suite
πŸ” Nmap
πŸ“‘ Wireshark
🐍 Python
🐳 Docker
⚑ Metasploit
πŸ”‘ John the Ripper
πŸ’€ Gobuster
🌐 OWASP ZAP
πŸ“Š SIEM
// 03. Projects

What I've Built

// Full-Stack
Secure Task Management System
Enterprise-grade task management with JWT authentication, RBAC, and audit logging built for team productivity with security at its core.
React Node.js MongoDB JWT Auth RBAC
JWT + RBAC with role-based access control, bcrypt hashing, rate limiting
GitHub Live Demo
// Full-Stack
E-Commerce Platform
Full-featured e-commerce application with payment API integration, cart system, product management, and admin dashboard.
MERN Stack REST API HTTPS
CSRF protection, input sanitization, secure payment pipeline with PCI compliance considerations
GitHub Live Demo
// Backend
FastAPI Secure Backend Service
High-performance RESTful API with FastAPI, PostgreSQL, OAuth2, and comprehensive security middleware for production banking-grade deployments.
FastAPI PostgreSQL OAuth2 SQLAlchemy
OAuth2 + JWT, SQL injection prevention via ORM, rate limiting, request validation middleware
GitHub API Docs
// Security Research
VAPT Report: Web App Security Testing
Comprehensive vulnerability assessment and penetration testing report for a financial web application. Identified 12 critical CVEs with PoC and remediation guidance.
OWASP Top 10 Burp Suite Nmap Report
12 CVEs discovered β€’ SQLi, XSS, IDOR, Broken Auth findings with full PoC
Writeup GitHub
// CTF
TryHackMe / CTF Writeups Collection
Documented walkthroughs of 50+ TryHackMe rooms and CTF challenges covering web exploitation, privilege escalation, forensics, and network analysis.
Web Exploitation PrivEsc Forensics Networking
Top 5% global ranking β€’ 50+ rooms completed β€’ Active contributor
View Lab TryHackMe
// Tool
Vulnerability Scanning Automation
Python-based automation framework that orchestrates Nmap, Gobuster, and custom scripts to generate structured vulnerability reports for pentesting engagements.
Python Nmap CLI Tool Automation
Automated recon β†’ enumeration β†’ report pipeline. Reduces manual scanning time by 70%
GitHub Demo
// 04. Security Lab

Research & CTF

πŸ§ͺ

Active Security Researcher & CTF Player

Documenting real-world attack chains, exploit development, and defensive techniques from TryHackMe, HackTheBox, and live engagements.

⚑ Top 5% on TryHackMe
Loading writeups...
// 05. Blog

Security Writings

πŸ’‰
Cybersecurity Jan 14, 2025
SQL Injection Explained in Real Systems
How attackers exploit SQL injection vulnerabilities in production banking systems, with real-world payloads and defense strategies.
Read Article
πŸ†
CTF Writeup Feb 3, 2025
TryHackMe Privilege Escalation Walkthrough
Step-by-step guide through a challenging Linux privilege escalation room, from initial foothold to root using SUID exploitation.
Read Article
⚑
Web Dev Mar 9, 2025
Building Secure APIs with FastAPI
Production patterns for securing FastAPI backends β€” OAuth2, JWT, SQL injection prevention, and comprehensive input validation.
Read Article
πŸ•·οΈ
Tutorial Apr 18, 2025
Common Web Vulnerabilities and Fixes
OWASP Top 10 practical breakdown β€” real examples of XSS, CSRF, IDOR, and broken authentication with hands-on remediation code.
Read Article
// 06. Experience

Career Timeline

2025 β€” Present
Information Security Professional
🏦 Hijra Bank · Addis Ababa, Ethiopia
Leading security initiatives and protecting critical banking infrastructure across the organization's digital estate.
  • Conduct regular vulnerability assessments and penetration tests on banking web applications and network infrastructure
  • Monitor SIEM systems for real-time threat detection and anomalous behavior analysis
  • Develop and maintain security policies, incident response playbooks, and compliance documentation
  • Coordinate incident response for security events β€” containment, eradication, and post-incident reviews
  • Collaborate with development teams to embed security-by-design principles in the SDLC
2023 β€” 2024
Freelance Full-Stack Developer
πŸ’» Independent Β· Remote
Delivered production web applications with integrated security features .
  • Built 10+ MERN stack and FastAPI applications with security-first architecture
  • Implemented authentication systems, API security layers, and data encryption
  • Conducted basic security audits for client applications before delivery
2022 β€” 2023
ICT officer Intern
Abbissinya Bank .
The ICT Department plays a pivotal role in supporting the bank's operations, ensuring the availability, integrity, and confidentiality of its information systems and data.
  • Assist in daily IT operations, including system monitoring, user support, and basic troubleshooting.
  • Support the IT team in maintaining network infrastructure, servers, and end-user devices.
  • Help manage and secure sensitive banking data, ensuring compliance with internal policies and external regulations.
  • Participate in IT projects focused on system upgrades, data migration, and security enhancements.
2018 β€” 2022
B.Sc. Computer Science
πŸŽ“ University of Gondar Β· Gondar, Ethiopia
Graduated with strong focus on systems programming, network security, and software engineering.
  • Specialized electives in Network Security, Cryptography, and Distributed Systems
  • Final-year project: Secure Authentication Framework for Ethiopian Banking Systems
  • Founded the university's first Cybersecurity Club
// 07. Contact

Get In Touch

Let's Work Together

Whether you need a secure web application built from scratch, a penetration test for your infrastructure, or a security consultant who also codes β€” I'm open to conversations about impactful work.

βœ… Message received! I'll get back to you within 24 hours.