Waris Damkham

Key Responsibilities:

• Delivered 38 penetration tests across annual assessments and major-change projects, and contributed as a core member of advanced Red Team engagements, translating findings into remediation actions.
• Acted as project owner for 12 major security assessment projects in 2025 - 2026, leading end-to-end execution and reporting.
• Produced 30+ executive and technical summaries and delivered 24 security briefings (18 Penetration Testing: 15 Thai / 3 English; 6 Red Team), aligning stakeholders on risk impact, priorities, and action plans.
• Led AI pentesting and AI security workstreams across readiness, research, and automation tooling, using OWASP LLM Top 10 to translate emerging risks into actionable guidance and presentation-ready materials
• Led PwnDoc-ng implementation, achieving 50% reduction in operational effort and 25% reduction in review workload, and drove reporting standard upgrades through 2025 report redesign and issue write-up rewrites aligned with modern security standards.
• Built security automation to scale recurring operations, including monthly subsidiary reporting extraction (34.7% manual-effort reduction), email-driven Critical CVE follow-up (≥ 50% time reduction and ≥ 80% mitigation artifact tracking), and BitSight WAS daily scan automation supporting a BitSight rating of 800.
• Shared AI threat insights via internal briefings and knowledge-sharing sessions across regional teams.
• Designed and authored an official challenge for NCSA AI CTF (Thailand’s first Cyber AI CTF) as KBTG representative, focusing on AI security and prompt-attack scenarios.

Skills: Penetration testing · Kali Linux · Burp Suite · AI Security · Reporting · Power Automate · Power Apps

Key Responsibilities:

• Conducted in-depth penetration testing of IT infrastructure, identifying vulnerabilities in operating systems, applications, configurations, and user behavior.
• Specialized in web, mobile, and software vulnerability assessments following OWASP Top 10 and industry best practices.
• Delivered detailed security reports with actionable remediation steps to strengthen clients’ overall security posture.
• Worked cross-functionally with development and infrastructure teams to ensure timely remediation of security risks.
• Successfully completed 16 security assessment projects during the engagement.

Skills: Penetration testing · Kali Linux · Burp Suite · OWASP · Vulnerability Assessment

Key Responsibilities:

• Assisted in conducting penetration tests on software, mobile, and web applications using tools such as Kali Linux and Burp Suite.
• Followed OWASP best practices to identify and document security vulnerabilities and simulate real-world cyberattacks.
• Performed vulnerability assessments on KPMG’s internal network using Nessus and other scanning tools.
• Contributed to the development of a secure internal website, incorporating security-by-design principles.
• Completed 2 penetration testing projects and 1 vulnerability assessment project, improving communication of complex findings to stakeholders.
• Gained practical expertise in offensive security while actively pursuing continuous learning in a dynamic threat landscape.

Skills: Penetration testing · Kali Linux · Burp Suite · OWASP · Vulnerability Assessment

News DVWA Lab Ez_Shop Lab Show Credential

Key Responsibilities:

• Conducted research on OAuth 2.0 implementations in Android applications and browser extensions, focusing on vulnerabilities related to Cross-Site Request Forgery (CSRF).
• Evaluated critical security parameters such as the state value and authorization code to determine resilience against CSRF attacks.
• Developed a custom Android application and analyzed real-world apps and extensions to assess OAuth integration practices.
• Identified insecure implementations that exposed users to potential token hijacking and session fixation risks
• Contributed to the development of a benchmark for future security audits of Android apps and browser extensions using OAuth 2.0, promoting safer authentication design.
• Presented research findings at the Workshop on Cyber Forensics, Security, and E-discovery, part of the 23rd IEEE International Conference on Software Quality, Reliability, and Security (QRS 2023).

Skills: Android Development · OAuth2.0 · Application Security · Security · Cybersecurity · Java

News Poster Conference Paper

Key Responsibilities:

• Contributed to a research project focused on automated COVID-19 diagnosis using deep learning and chest X-ray images.
• Developed and evaluated a convolutional neural network (CNN) model enhanced by transfer learning for accurate COVID-19 screening.
• Utilized Grad-CAM visualizations to interpret model predictions and enhance explainability for medical practitioners.
• Conducted experiments on publicly available datasets to assess model performance in terms of accuracy, precision, recall, and F-measure.
• Demonstrated expertise in artificial intelligence, deep learning, and medical image analysis applied to real-world health challenges.
• Published research findings at the 2022 6th International Conference on Information Technology (InCIT).

Skills: Public Speaking · Jupyter · Convolutional Neural Networks (CNN) · Deep Learning · Artificial Intelligence (AI) · Communication · Python

News Conference Paper Show Credential Conference Certifications