UMAIR NEHRI

Senior Security Analyst & Researcher

BlackHat Briefings and Arsenal Presenter | Security+ Certified

at spiderSilk

Contact Resume

Helped Secure:

Scroll to Explore

About

Dedicated and innovative security researcher specializing in Attack Surface Management, vulnerability detection, and security tool development. Recognized for contributions to government and private sector cybersecurity. Passionate about open-source security research and automation.

Technical Expertise

Python, Go, Linux Administration, BASH Scripting
Terraform, Docker, Cloud Platforms (GCP, AWS, Azure)
Web Application Security (OWASP Top-10), Mobile Application Security, Source Code Review, OSINT/Recon
Web Development & Security Tools like Burp Suite, Nuclei, Nessus, Wireshark, etc.

Certifications

CompTIA Security+ (SY0-601)
Certified AppSec Practitioner (CAP)

Speaking Experience

10+ Black Hat Conference Presentaions worldwide
Presented at GISEC DXB 2024

Professional Experience

spiderSilk Security DMCC

Senior Security Analyst & Researcher Feb 2024 - Present (Remote, Dubai)

Managing security dashboards for key government and private customers from the Middle East
Creating proof-of-value Attack Surface Management (ASM) reports and dashboards
Developing front-end apps to automate manual security analyst tasks
Implementing supply chain security and GitHub scanning solutions
Creating Nuclei templates and improving false positive handling

RedHunt Labs

Security Researcher Jan 2022 - Feb 2024 (Remote, India)

Developed security tools for Attack Surface Management product NVADR
Conducted large-scale security research projects including scanning 30,000 Android Apps
Published research blogs and security advisories
Deployed security tools across major cloud platforms

Gurugram Police

Cyber Security Summer Intern Aug 2020 - Sep 2020 (Remote, India)

Worked under the supervision of Mr. Rakshit Tandon, a leading cyber security expert in India
Attended security workshops and guest lectures conducted by industry professionals
Assisted with cybercrime case studies related to various cyber incidents in India
Developed a tool to analyze email headers for forensic investigations

Volunteer Experience

SECARMY Community

Co-founder & Volunteer Feb 2018 - Nov 2020

Managed infrastructure for CTF events and created challenges in Web, OSINT, and Forensics
Organized community events and represented the team in cybersecurity competitions

TraceLabs

Senior Volunteer Judge Oct 2020 - Present

Evaluating OSINT Search Party CTF submissions
Volunteered for over 10 events as a senior judge

Featured Projects

bucketloot

Included in CEH v13 AI

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.