Nicolai Søborg
M.Sc. in Information Technology
cv@xn--sb-lka.org
Open-source enthusiast.
Interested in cyber security and practical cryptology.
Interested in cyber security and practical cryptology.
Work Experience
Denmark
04/2022 – ∞
04/2022 – ∞
Senior Security Engineer
Azure, infrastructure, python
Azure, infrastructure, python
Mastercard expands open banking reach with acquisition of Aiia.
- Azure Active Directory — hardening, cleanup, management
- Sentinel — SOC, monitoring
- Azure Managed HSM — provinsioning, management
Denmark
08/2021 – 04/2022
08/2021 – 04/2022
Lead Security Engineer
Azure, infrastructure, C#, .NET Core
Azure, infrastructure, C#, .NET Core
Spiir became Nordic API Gateway became Aiia and the end of the end of the reversing-era occurred.
PSD2 meant new challenges and a ton of new solutions to audit and pentest.
- ASP.NET Core — API security
- mTLS, x.509, QWAC/QSeal — Lot's of non-standard TLS fun
- Internal pentest of homegrown systems
- Audit implementations of OAuth2
Denmark
09/2019 – 08/2021
09/2019 – 08/2021
Reverse Engineer
Frida, jadx, C#, .NET Core
Frida, jadx, C#, .NET Core
Reverse-engineering mobile bank apps.
- Decompiling APKs
- Figuring out custom cryptography/encodings
- Re-implementing APIs
- Making internal tools to automate the process
Denmark
02/2016 – 08/2019
02/2016 – 08/2019
Student helper (DevOps)
Python, Bash, JS, Linux
Python, Bash, JS, Linux
I mostly automated checks to monitor that everything was running as expected.
Did a lot of packaging (bio-)tools to
.deb packages.
And helped develop an internal tool to search in terabytes of proteins/dna/genomes.
- Automation using Python3 and bash
- RESTful Django web service
- Frontend in React (JavaScript)
- Distributed big data storage using HBase and Hadoop
- Purely Linux (Ubuntu) based ecosystem
Education
Master Degree
Technical University of Denmark (DTU)
2017 — 2019
2017 — 2019
Student
Python3, Java, Linux
Python3, Java, Linux
The title of my master thesis is “Analyzing the security of IoT devices” in which I wrote about when weaknesses turns into vulnerabilities, using a lot of data from MITRE (CVE, CVSS, CWE & CAPEC).
I had the following courses at DTU during my master:
- Cryptology 2
- Practical Cryptology
- Applied Cryptography
- Advanced Topics in Cryptology
- Language Based Security
- Data Security
- Computer Security Forensics
- Computer Security Incident Response
- Network Security
- Practical Network Security
- Algorithms for Massive Data Sets
- Compiler Construction
- Computational Tools for Data Science
- Distributed Systems
- Software Development of Web Services
- Knowledge-based Entrepreneurship
Bachelor Degree
Technical University of Denmark (DTU)
2013 — 2017
2013 — 2017
Student
Java, Python, C, F#
Java, Python, C, F#
My bachelor was in “Software-Based Fault Tolerant Virtualization Layer Using Sector-Disk Codes”.
I had the following courses at DTU during my bachelor:
- Cryptology 1
- Operating Systems
- Program Analysis
- Embedded Systems
- Database Systems
- Computer Science Modelling
- Advanced engineering mathematics 1
- A supplement in mathematics
- Discrete Mathematics
- Algorithms and Data Structures 1
- Algorithms and Data Structures 2
- Functional Programming
- Applied Functional Programming
- Concurrent Programming
- Software Engineering 1
- Programming using C# and .NET
- Software Technology Project
- Introductory Programming
- Introduction to Software Technology
- Introduction to programming and data processing
- Introduction to Statistics
- Physics 1
- Fundamental Chemistry
- Philosophy of Science in Engineering
Technologies
I have experience working with the following technologies:
- Python3
- Linux
- Azure
- git
- C#
- JavaScript
- Frida
- (Bash-)scripting
- SQL
- …
Capture-The-Flag (CTF)
In my free time I like to play CTF's. I usually don't do writeups, but once in a while a writeup will be added to my ctf-writeups repo (github.com/NicolaiSoeborg/ctf-writeups).
Playing as part of team Kalmarunionen.
My CTFtime profile (ctftime.org/user/32131) is pretty up to date.