Offensive Security Capability Leader

Shafi Ur Rahman

I'm a

Senior Manager and Global Capability Lead - Offensive Security at NTT DATA, Inc. Over 15 years of experience leading global delivery teams across VAPT, Breach & Attack Simulation (BAS), and advanced Red Team programs. Designer of specialized AI agent workflows like ReconAgent and automated reporting tools that improve delivery speed by 60%. Ex-Deloitte Advisory | CISM, OSCP, CRTP, and CC (ISC)² Certified.

Contact Me View Innovations
secops@console: ~
secops@console:~$ get_global_status --offensive
[✓] Global Capability Lead: NTT DATA Cloud & Security
[✓] Advanced Red Teaming & BAS Services: ACTIVE
[✓] Custom AI Agents (ReconAgent): OPERATIONAL
[✓] Delivery Teams Coached: GLOBAL
[i] Leadership Summary:
- 15+ Years Experience in Cybersecurity
- Ex-Deloitte advisory, Scybers Red Team lead
- 1 Registered CVE (Akamai Privilege Escalation)
- Certifications: CISM, OSCP, CRTP, CC (ISC)²
secops@console:~$ |

Credentials & Disclosures

Validated professional certifications and registered security vulnerabilities.

Verified Certifications

OSCP Logo OSCP
CISM Logo CISM
CRTP Logo CRTP
MITRE Logo MITRE
ISC² CC CC (ISC)²

Vulnerability Disclosure

CVE-2022-26333 CVSS 7.8 (High Severity)

Akamai EAA Client Privilege Escalation

A local privilege escalation vulnerability was discovered in the Akamai Enterprise Application Access (EAA) Client. Improper path and privilege validation allowed local attackers to execute arbitrary code with elevated SYSTEM privileges, compromising host integrity. Officially verified and patched by Akamai security engineering.

View Official Akamai Advisory

About

A cybersecurity advocate with 15+ years of hands-on experience in tech and team leadership roles, managing global offensive programs.

Shafi Ur Rahman

Specialist in Offensive Security | Red Teaming | AI Agentic Security

I’m Shafi Ur Rahman—a lifelong learner and cybersecurity advocate with 15+ years of hands-on experience in both tech and team leadership roles. My journey started with a passion for building things—first web and mobile apps, later fortified enterprise security systems. What drives me is the ever-changing, dynamic nature of cybersecurity. I believe we’re in a never-ending dance with evolving threats, and our only option is to keep pace through knowledge, collaboration, and innovation.

I’ve grown through challenges at firms like Deloitte and now lead global offensive security programs at NTT DATA, helping companies improve their defensive strategies, adapt to regulatory changes, and achieve top certifications such as CISM, OSCP, CRTP, and CC(ISC)². I take pride in bridging technical depth with strategic thinking—grounded in my foundation in engineering (B.Tech, JNTU) and business leadership (MBA, Osmania).

I help organizations identify, understand, and reduce their cyber risk exposure. I specialize in providing advanced Offensive Security services—including Vulnerability Assessment and Penetration Testing (VAPT), Breach and Attack Simulation (BAS), and Red Teaming engagements, along with source code reviews, API security testing, and DevSecOps integration. I design solutions that make cybersecurity actionable, ensuring your digital assets are tested not only for known risks but also for today’s most sophisticated threats.

For community resources, tools, and practical learning, visit my knowledge hub at Offensive Security Labs.

AI Security Innovations

Custom-built agentic and generative AI solutions automating complex offensive workflows and speeding up delivery.

AGENTIC_AUTOMATION

ReconAgent

An advanced internal security tool that leverages autonomous AI agents to perform end-to-end reconnaissance on web applications. ReconAgent automates the entire recon pipeline, executing tasks sequentially and recursively until actionable findings are generated and logged.

[+] Autonomous Agents [+] Web Recon [+] Auto-logging
GENERATIVE_AI

AI Red Team Reporter

A specialized generative AI web application that automatically compiles, structures, and writes technical reports for Red Team and penetration testing projects. This solution automates data correlation and speeds up the reporting workflow by up to 60%.

[+] GenAI Structuring [+] 60% Faster Reporting [+] Data Correlation

Capabilities Matrix

Directives, skill set execution proficiency, and hands-on technical competencies.

Technical Directives

  • Lead and supervise VAPT, BAS and Red Team operations
  • Autonomous AI agent development for security automation
  • LLM-driven security scanning and auto-reporting systems
  • MITRE ATT&CK framework mapping and evasion
  • Kali Linux, Nessus, Nmap, Qualys, Burp Suite, PowerShell
  • Industry standard vulnerability reporting (CVSS v3)
  • Secure development lifecycle mitigation plan construction
  • Excellent verbal, technical and analytical writing
  • API, Mobile (iOS/Android), SAST and DAST checklists
  • Active directory attacks and domain escalation

Secondary Competencies

Web Application Development (Laravel, React) Mobile Application Development (Swift iOS)

Execution Proficiency

AI Security Automation & Agents 95%
Security Leadership 90%
Capability Building 85%
Breach & Attack Simulations (BAS) 80%
Penetration Testing 75%
Kali Linux 70%
Active Directory 65%

Experience Chronology

Key offensive security leadership roles and technical achievements across global markets.

Senior Manager and Global Capability Lead - Offensive Security Current

NTT DATA, Inc.
Feb 2025 - Present
  • Lead global offensive security capability focusing on VAPT, Breach & Attack Simulation, and advanced Red Team offerings within NTT DATA’s cloud and security division.
  • Provide strategic thought leadership to design and deliver innovative offensive security services addressing evolving cyber threats across global markets.
  • Develop and deploy AI agents enhancing productivity, automating security assessments, and enabling future-proof service delivery for clients.
  • Coach and mentor global delivery teams, optimizing productivity and ensuring consistent delivery of high-quality results for complex, high-value engagements.
  • Collaborate with presales and go-to-market teams to drive increased success in RFQ/RFP responses by building custom, client-centric offensive security solutions.
  • Author and review high-standard Statements of Work (SOW) to ensure service offerings align precisely with client expectations and organizational quality benchmarks.
  • Act as a global subject matter expert and capability leader, promoting cutting-edge cybersecurity tools, representing the organization at industry forums, and driving the adoption of innovative security practices.
  • Facilitate knowledge sharing and continuous skill enhancement across teams to sustain excellence and responsiveness in offensive security operations.

Cyber Security Senior Manager & Cyber Security Manager

Scybers
July 2022 - Jan 2025
  • Cyber Security Senior Manager (Jan 2024 - Jan 2025):
    • Lead and supervise advanced offensive security operations, VAPT and Red Teaming.
    • Stay updated on the latest threats, techniques, and tools for continuous improvement.
    • Develop tailored strategies for penetration testing and red teaming.
    • Provide strategic guidance and oversight for the overall security posture.
    • Lead presales activities, proposals, and SOW authoring.
    • Mentor the cybersecurity team and drive professional development.
    • Build strong client relationships and serve as a trusted advisor.
    • Advocate for cutting-edge security tools for threat monitoring and assessments.
    • Integrate security automated platforms into pipelines using GitLab and container scanners.
    • Lead and train penetration testing teams, assisting in CERT-IN and CREST accreditations.
    • Foster a culture of innovation and excellence within the team.
    • Manage and increase VAPT sales year-on-year through business initiatives.
  • Cyber Security Manager (July 2022 - Jan 2024):
    • Lead Offensive Security Consulting, specializing in VAPT and Red Teaming.
    • Oversee the entire consulting portfolio, contributing to defensive security with expertise in MITRE TTPs.
    • Develop tailored strategies for penetration testing, red teaming, and SOC consulting.
    • Manage presales proposals, mentoring junior staff, and establishing client relationships.

Associate Manager & Lead Consultant - Red Team

Virtusa
Oct 2019 - July 2022
  • Associate Manager (July 2021 - July 2022):
    • Assumed leadership in refining and optimizing the Red Team within the organization, assessing defensive tools set by the Blue Team.
    • Led comprehensive Red Team operations on-premises and across AWS, Azure, and Google Cloud.
    • Managed end-to-end VAPT, SAST/DAST, and evaluated third-party security vendors.
    • Mapped attack paths to cover MITRE ATT&CK TTPs and tracked via ServiceNow dashboards.
    • Supported engagement activities involving Qualys, Nessus, Cymulate, and BitSight.
  • Lead Consultant - Red Team (Oct 2019 - June 2021):
    • Spearheaded the establishment of the internal Red Team within the organization.
    • Led and executed VAPT, manual Red Teaming, and third-party security audits.
    • Communicated security posture metrics and findings directly to stakeholders and leadership.

Cyber Security Specialist

IT MATRIX LLC
May 2016 - Oct 2019
  • In-depth security analysis of software applications, web applications, and network infrastructures.
  • Demonstrated expertise in OWASP Top 10, CWE Top 25, and secure code review (manual and Veracode).
  • Utilized scanner tools, Burp, Volatility, Metasploit, Nmap, and Nessus for system auditing.
  • Identified mobile app security vulnerabilities across iOS, Android, and Windows.
  • Conducted PCI DSS compliance validation and segmentation audits.

Senior Analyst & Strategy Innovation Analyst

Deloitte & Makvin
April 2009 - Feb 2016
  • Deloitte (Nov 2011 - Feb 2016): Remediations, content audits, and reviews with direct interaction with Partners. Led SharePoint migrations (2007 to 2010), custom workflows, and client relationship management in Chile, Portugal, India, and Mexico.
  • Makvin Pvt Ltd (April 2009 - Nov 2010): Trainee. Completed rigorous .NET framework training, SQL Server, CSS, XML, and DLL developments.

Education

Academic credentials and foundational business and technical leadership training.

POSTGRADUATE

Masters of Business Administration (MBA)

Osmania University (2014 - 2017)

Major in Marketing Management, Minor in Information Technology. Grounding leadership methodologies, strategic planning, and business analysis.

UNDERGRADUATE

Bachelor of Technology (B.Tech)

Jawaharlal Nehru Technological University (2006 - 2010)

Degree in Information Technology Engineering. Foundational computer systems engineering, network design, algorithms, and application development.

SECONDARY

Intermediate Education

Board of Secondary Education, Telangana (2004 - 2006)

M.P.C (Mathematics, Physics, Chemistry) specialization.

Direct Engagement Areas

Collaborate, consult, and consult on the following cybersecurity domains.

Red Teaming

Real APT attack simulations using sophisticated breach and attack tools and manual TTP's testing using open source project usecases.

Security Leadership

Lead global offensive security capabilities, coaching and mentoring high-performing delivery teams to optimize productivity and deliver top-tier client results.

AI Agentic Automation

Develop and deploy custom AI agent workflows to automate threat scans, active reconnaissance, and secure reporting compilation.

Security Architecture

Network Architecture review, firewall ruleset review, security recommendations based on approved frameworks and guidelines.

Breach & Attack Simulation

Automate endpoint, web, email gateways assessments, testing effectiveness of data exfiltration policy, automating full kill chain attacks.

Penetration Testing

End to end penetration testing procedure, in-depth security assessment of network, web, mobile, thick and thin client applications.

LinkedIn Recommendations

Professional endorsements from SVPs, CISOs, and industry colleagues.

Shafi and I worked together at Virtusa. He has deep technical security knowledge on penetration testing, red teaming and managing security rating platforms. He helped to create a rapid RED teaming process and consistently contributed to identify and fix security gaps. He is an asset to any organization with combination of managing team members effectively and driving key metrics in a timely manner. Good work ethics and easy to work together with, a great professional to have in the team.

Ankur Kushalka

Ankur Kushalka

Senior Vice President IT and Global CISO

I have worked closely with Shafi regarding application security at Virtusa. Shafi has immense experience and skills that any organisation would love to have in any candidate ! He is a great team player and team leader as well !

Sawan Kashyap

Sawan Kashyap

Security Analyst at Deloitte USI

Shafi, is a person with helping and kind in nature i ever came across. he is a great team player with lot of skills & dedication. although i know him from my schooling for many years. I also had a chance to hire & work with him for about 1 year, he was on top & beyond my companies expectations in delivering tasks assigned to him & very productive. i look forward to work in future.

Mohd Hafeez

Mohd Hafeez

Google Ads Specialist at Google Operations Center

Contact Me

Feel free to reach out for inquiries, collaboration, or leadership engagements.