Mustafa Al-Saedi
Cybersecurity Specialists& Entrepreneur
Baghdad
Summary
I'm a 21-year-old builder and (yes) workaholic who lives in the overlap of security engineering + operations. I've broken into systems ethically, built a $780K venue 35% under budget, and made it run without me in 3 months. CPTS-certified pen-tester, SIEM content writer, and program lead who ships under budget and on schedule. Bilingual, remote-ready, and obsessed with clean SOPs, measurable KPIs, and fast feedback loops.
Overview
5
5
years of professional experience
8
8
Certification
Work History
Penetration Tester
Iraqi Cybersecurity Team
01.2021 - 01.2023
- Led authorized penetration tests for government and private-sector environments, uncovering critical issues including blind SQL injection and stored XSS with RCE paths; delivered PoC, CVSS v3.1 scoring, and step-by-step remediation that clients implemented immediately.
- Executed end-to-end assessments across web apps, APIs, external/internal networks, and AD using PTES / NIST 800-115; produced executive and technical reports with clear risk, impact, and retest validation.
- Built automation for efficiency: developed a Python/Bash bot to orchestrate and parse Nmap scans, enable remote scheduling, and aggregate findings-reducing manual effort and accelerating triage.
- Created enablement content: initiated and led a Metasploit training series (YouTube) and internal playbooks that improved team capability and onboarding speed.
- Drove tooling innovation: led development of a server-based Metasploit orchestration app to run controlled modules on hardened hosts, enabling faster, on-call exploitation during authorized engagements.
- Integrated threat intelligence/OSINT into test planning (IOC enrichment, vuln feeds), aligning findings with likely ATT&CK techniques and increasing test realism.
- Practiced disciplined collaboration & documentation (Jira/Confluence, Git) for async handoffs; partnered with blue-team/IR to translate findings into detections and hardening guidance.
- Ensured strict legal/ethical compliance (rules of engagement, scope control, evidence handling) and maintained auditable records for each engagement.
- Tech: Burp Suite Pro, Metasploit, Nmap, Wireshark, sqlmap, ffuf/dirb, OWASP ZAP; Scripting: Python, Bash; Methods: OWASP Top 10, PTES, NIST 800-115, CVSS v3.1.
Project Manager → Operations Manager & Shareholder
Alethia Rest & Cyber-Lounge
01.2023 - Current
- Delivered the Project 35% under budget on a $1.2M plan ($780K actual; ≈$420K saved) via value engineering, competitive RFQs/RFPs, and tight scope control.
- Managed a multi-vendor build remotely (construction, IT/gaming, A/V, F&B): defined BoMs, vendor scorecards, staged QA/QC, and enforced SLAs/warranties.
- Built procurement workflows (contracts, milestone-based payouts, acceptance criteria) that reduced lead-time risk and improved cash flow.
- Led commissioning and go-live; unblocked dependencies (design clarifications, site constraints, long-lead items) to hit schedule without scope creep.
- Operationalized the venue: SOPs (service, gaming ops, kitchen), shift handovers, KPI dashboards, and preventive maintenance-achieving founder-independent operations in 3 months.
- Recruited, interviewed, and trained a cross-functional team; implemented performance KPIs and incident logs for consistent service quality.
- Drove go-to-market & demand gen (local partnerships, promos, funnel tracking) to reach break-even in 3 weeks; implemented POS/cash controls and inventory routines.
- Shareholder governance: P&L ownership, CAPEX/OPEX planning, budget vs. actuals, and continuous improvement-documented for async collaboration and auditability.
Education
Bachelor of Dentistry - undefined
11.2025
Skills
- Cybersecurity
- Penetration Testing
- Vulnerability Assessment
- Detection Engineering
- SIEM Tools
- Log Parsing
- Normalization
- Correlation Rules
- Alert Tuning
- Microsoft Sentinel
- Splunk
- Elastic
- IDS
- IPS
- Network Security Architecture
- Segmentation
- VPN
- WAF
- Firewall Policy
- Packet Analysis
- Wireshark
- Incident Response
- Digital Forensics
- Triage
- Containment
- Root-Cause Analysis
- Evidence Handling
- DFIR Playbooks
- Threat Intelligence
- OSINT
- IOC Lifecycle
- Enrichment
- MITRE ATT&CK Mapping
- System Hardening
- Data Security
- Windows Monitoring
- Linux Monitoring
- Access Controls
- Scripting
- Tooling
- Python
- Bash
- Automation
- Git
- Burp Suite
- Metasploit
- Nmap
- OWASP ZAP
- Sqlmap
- Ffuf
- Dirb
- Programs
- Procurement
- Operations
- Project Delivery
- Scope Management
- Schedule Management
- Cost Management
- Value Engineering
- Budget Ownership
- Procurement Management
- Vendor Management
- RFQs
- RFPs
- BoMs
- Vendor Scorecards
- SLAs
- Warranties
- Milestone Payments
- Cost Optimization
- P&L Oversight
- CAPEX Planning
- OPEX Planning
- KPI Dashboards
- SOP Design
- Preventive Maintenance
- Operational Controls
- POS Handling
- Cash Handling
- Inventory Management
- Team Building
- Recruiting
- Training
- Shift Planning
Certification
- Google's Professional Cybersecurity Certificate
- Google professional Data Engineer certificate
- Google's Associate Android Developer
- HTB CPTS
- Cambridge's Key English Test
- Cambridge's Preliminary English test
- Cambridge's First Certificate in English
- International Turkish Exam Certificate
Languages
English
Native or Bilingual
Turkish
Limited Working
Arabic
Native or Bilingual
Timeline
Project Manager → Operations Manager & Shareholder - Alethia Rest & Cyber-Lounge
01.2023 - Current
Penetration Tester - Iraqi Cybersecurity Team
01.2021 - 01.2023
University of Baghdad - Bachelor of Dentistry,