Nicolai Søborg
A good looking picture of me.
M.Sc. in Information Technology
Open-source enthusiast.
Interested in cyber security and practical cryptology.

Work Experience

04/2022 – ∞
Senior Security Engineer
Azure, infrastructure, C#, .NET Core
08/2021 – 04/2022
Lead Security Engineer
Azure, infrastructure, C#, .NET Core
Spiir became Nordic API Gateway became Aiia and the end of the end of the reversing-era occurred. PSD2 meant new challenges and a ton of new solutions to audit and pentest.
  • ASP.NET Core - API security
  • mTLS, x509, eIDAS
  • Internal pentest of systems
  • Audit implementations of OAuth2
Nordic API Gateway
09/2019 – 08/2021
Reverse Engineer
Frida, jadx, C#, .NET Core
Reverse-engineering mobile bank apps.
  • Decompiling APKs
  • Figuring out custom cryptography/encodings
  • Re-implementing APIs
  • Making internal tools to automate the process
02/2016 – 08/2019
Student helper (DevOps)
Python, Bash, JS, Linux
I mostly automated checks to monitor that everything was running as expected. Did a lot of packaging (bio-)tools to .deb packages. And helped develop an internal tool to search in terabytes of proteins/dna/genomes.
  • Automation using Python3 and bash
  • RESTful Django web service
  • Frontend in React (JavaScript)
  • Distributed big data storage using HBase and Hadoop
  • Purely Linux (Ubuntu) based ecosystem
I've learned a lot of practical debugging/bug-finding on a variation of different live systems.


Master Degree
Technical University of Denmark
2017 — 2019
Python3, Java, Linux
The title of my master thesis is “Analyzing the security of IoT devices” in which I wrote about when weaknesses turns into vulnerabilities, using a lot of data from MITRE (CVE, CVSS, CWE & CAPEC).
I had the following courses at DTU during my master:


I have experience working with the following technologies:
  • Python3
  • Linux
  • git
  • SQL
  • JavaScript
  • (Bash-)scripting
But am willing to learn new tools, languages, and platforms.


Capture-The-Flag (CTF)

In my free time I like to play CTF's. I usually don't do writeups, but once in a while a writeup will be added to my ctf-writeups repo ( Playing as part of team Kalmarunionen. My CTFtime profile ( is pretty up to date.