Nicolai Søborg
M.Sc. in Information Technology
cv@xn--sb-lka.org
Open-source enthusiast.
Interested in cyber security and practical cryptology.
Work Experience
Denmark
04/2022 – ∞
Senior Security Engineer
Azure, infrastructure, python
Mastercard expands open banking reach with acquisition of Aiia.
I did a lot of DevSecOps (Global Admin in Azure, Super Admin in Google Workspace, Slack Workspace Admin, GitHub Admin, 1Password Admin, DNS Admin, …), created a bunch of custom scripts for audit logging, Slack/GitHub bots for alerting, etc
- Azure Active Directory — hardening, cleanup, management
- Sentinel — SOC, monitoring
- Azure Managed HSM — provinsioning, management
Denmark
08/2021 – 04/2022
Lead Security Engineer
Azure, infrastructure, C#, .NET Core
Spiir became
Nordic API Gateway became
Aiia and the end of the end of the
reversing-era occurred.
PSD2 meant new challenges and a ton of new solutions to audit and pentest.
- ASP.NET Core — API security
- mTLS, x.509, QWAC/QSeal — Lot's of non-standard TLS fun
- Internal pentest of homegrown systems
- Audit implementations of OAuth2
Denmark
09/2019 – 08/2021
Reverse Engineer
Frida, jadx, C#, .NET Core
Reverse-engineering mobile bank apps.
- Decompiling APKs
- Figuring out custom cryptography/encodings
- Re-implementing APIs
- Making internal tools to automate the process
Denmark
02/2016 – 08/2019
Student helper (DevOps)
Python, Bash, JS, Linux
I mostly automated checks to monitor that everything was running as expected.
Did a lot of packaging (bio-)tools to
.deb
packages.
And helped develop an internal tool to search in terabytes of proteins/dna/genomes.
- Automation using Python3 and bash
- RESTful Django web service
- Frontend in React (JavaScript)
- Distributed big data storage using HBase and Hadoop
- Purely Linux (Ubuntu) based ecosystem
I've learned a lot of practical debugging/bug-finding on a variation of different live systems.
Education
Master Degree
Technical University of Denmark (DTU)
2017 — 2019
Student
Python3, Java, Linux
The title of my master thesis is “Analyzing the security of IoT devices” in which I wrote about when weaknesses turns into vulnerabilities, using a lot of data from MITRE (CVE, CVSS, CWE & CAPEC).
I had the following courses at DTU during my master:
Bachelor Degree
Technical University of Denmark (DTU)
2013 — 2017
Student
Java, Python, C, F#
My bachelor was in “Software-Based Fault Tolerant Virtualization Layer Using Sector-Disk Codes”.
I had the following courses at DTU during my bachelor:
And furthermore I did a special course about “Ensuring Properties of Solidity Contracts”.
Technologies
I have
experience working with the following technologies:
- Python3
- Linux
- Azure
- git
- C#
- JavaScript
- Frida
- (Bash-)scripting
- SQL
- …
But am willing to learn new tools, languages, and platforms.
I like fixing bugs / contributing new features to open-source projects. List of projects I've contributed to:
Capture-The-Flag (CTF)
In my free time I like to play CTF's. I usually don't do writeups, but once in a while a writeup will be added to my
ctf-writeups repo (github.com/NicolaiSoeborg/ctf-writeups).
Playing as part of team Kalmarunionen.
My
CTFtime profile (ctftime.org/user/32131) is pretty up to date.