CALM-AY
PORTFOLIO
Rasaq Ayomide

Penetration Tester · AppSec & Endpoint Security · Security Researcher building proof through real labs, reports, and hands-on work.

Finding vulnerabilities, documenting impact, and securing systems — ethically and methodically.

Rasaq Ayomide at Squad Hackathon 3.0
RASAQ AYOMIDE · CALM AY
ABOUT ME
The hacker behind the terminal

I'm Rasaq Abdulwahab Ayomide — also known as Calm Ay. Industrial Chemistry undergraduate at the University of Lagos, fully building my career in cybersecurity through certifications, CTFs, labs, internships, hackathons, and real security projects.

My work sits at the intersection of offensive and defensive security. I study how attacks work, how systems get exploited, and how to stop them — from web app pentesting and API security to cloud security and AI red teaming.

I don't collect certificates to look busy. I build evidence — GitHub repos, vulnerability reports, security tools, and lab writeups that prove I can actually do the work.

Squad Hackathon 3.0
NITHub Mentoring
9th Place Leaderboard
Teaching Session
10+
Certifications Earned
6+
Security Reports
3
Hackathons Competed
3+
Internships & Roles
SECURITY STACK
Secured with theright tools

I work across web application security, network security, cloud, endpoint, and AI threat landscapes.

OFFENSIVE TOOLS
BURP SUITENMAPMETASPLOITGOBUSTERSQLMAPFFUFSUBFINDERNIKTOCAIDOWPSCANKATANABEEF BURP SUITENMAPMETASPLOITGOBUSTERSQLMAPFFUFSUBFINDERNIKTOCAIDOWPSCANKATANABEEF
DEFENSIVE & CLOUD
WIRESHARKMS SENTINELDEFENDER XDROWASP ZAPPYTHONAZURE SECURITYKALI LINUXPARROT OSENTRA IDFRIDAMobSFPOSTMAN WIRESHARKMS SENTINELDEFENDER XDROWASP ZAPPYTHONAZURE SECURITYKALI LINUXPARROT OSENTRA IDFRIDAMobSFPOSTMAN
EXPERIENCE
Where I'veworked
UB
UBI Cohort 1.0
Ethical Hacking Intern
2026 INTERNSHIP
  • Completing the UBI Ethical Hacking Track — a structured programme covering SOC operations, incident analysis, log triage, encoding, hashing, and security ethics.
  • Delivered a 4-document capstone report to a simulated Incident Committee, identifying threat actor "The Griot" and mapping a 9-alert dismissal pattern across a fintech breach scenario.
  • Applied ISC2 Code of Ethics, NIST SP 800-63B, NIST SP 800-92, and MITRE ATT&CK frameworks across practical desk tasks and capstone deliverables.
NW
Nestlé Waters
Information Security Intern
2024 SIWES · INTERNSHIP
  • Assisted in monitoring network security and identifying misconfigurations within production systems at scale.
  • Gained exposure to information security operations in a large-scale industrial manufacturing environment.
  • Documented security observations across water treatment, bottling, and factory operational systems.
RD
Redynox
Cybersecurity Intern
2024 – 2025 INTERNSHIP
  • Completed structured cybersecurity training covering web application security, network fundamentals, and tooling.
  • Conducted lab exercises using Wireshark, OWASP ZAP, WebGoat, and Parrot OS in controlled environments.
  • Produced internship reports documenting tasks, findings, and security analysis outcomes.
NH
NITHub UNILAG
Cybersecurity Mentor & Tutor
2024 – 2025 MENTORSHIP
  • Mentored a cybersecurity cohort through Cisco fundamentals and ISC² Certified in Cybersecurity (CC) prep.
  • Guided learners from zero to exam-ready, celebrating cohort completions and certification success.
  • Delivered sessions on cybersecurity mindset, tools, ethical hacking, and responsible security practices.
BC
Bincom Dev Center
Cybersecurity Trainee
2024 – 2025 TRAINING
  • Engaged in structured cybersecurity learning and development programmes at Bincom Dev Center.
  • Covered web application security, ethical hacking fundamentals, and professional security practices.
  • Built hands-on skills in a collaborative, developer-focused cybersecurity training environment.
HACK THE BOX
Labwriteups

Real HTB lab walkthroughs — reconnaissance, exploitation, privilege escalation, and key takeaways. More added as labs are completed.

HTB ACADEMYPATH TRAVERSALPRIVESC
Getting Started — Lab Writeup
Nmap scanning, WordPress enumeration, unauthenticated path traversal (EDB-39883), sudo misconfiguration, and SSH key privilege escalation.
HACKERONE
Bug bountyreports

Live coordinated-disclosure submissions — vulnerability research, methodology, and proof-of-concept reports from real bug bounty programs.

CORSRECON AT SCALEAWAITING TRIAGE
Automattic (WordPress.com) — CORS Misconfiguration
Found a CORS misconfiguration on public-api.wordpress.com that reflects attacker-controlled Origin headers with credentials enabled across the /wpcom/v2/ API path. Report #3786821 — submitted to HackerOne, awaiting triage.
PROJECTS & REPORTS
Things I'vesecured
SIEMINCIDENT RESPONSEAI RISK
SIEM Log Analysis & Attack Detection
Simulated brute-force SSH attack with Hydra, detected and analyzed via SIEM (Security Onion / ELK Stack). Delivered NIST SP 800-61 incident report, MITRE ATT&CK mapping, and AI risk assessment on IBM ART — 6 risks assessed including data poisoning, prompt injection, and model inversion.
SOC ANALYSISINCIDENT RESPONSEAPPLIED CRYPTOGRAPHYETHICS
UBI Internship — Capstone Tracker (Stages 0–1)
Sankofa Digital incident-response scenario, tracked across stages. Stage 0: identified threat actor (The Griot) via decoded payloads, mapped a 9-alert dismissal pattern, and delivered a 4-document Incident Committee report. Stage 1: audited a staging-server drop — decrypted an AES-CBC ciphertext, broke a classical cipher, audited three JWTs for signature/lifecycle/privilege flaws, and delivered a 6-document cryptographic post-mortem and controls package.
CLOUD SECURITYAWS IAMMITRE ATT&CK
AWS IAM Privilege Escalation Simulation
IAM misconfiguration simulation — full attack chain from low-privilege to admin via AWS CLI, CVSS 9.1 findings, and least-privilege remediation with SCP.
PENTESTINGCVEREPORTING
Vulnerability Scan & Exploit Simulation
Full vulnerability scan with CVE mapping, CVSS scoring, controlled exploitation, and detailed remediation guidance in a lab environment.
WEB APPSECOWASP
PrestaShop Security Assessment
End-to-end web application security assessment — authentication, injection, session management, API security, and server hardening on a live e-commerce platform.
BLUE TEAMDEFENSE
DVWA Defense Validation
Tested security control effectiveness across SQLi, XSS, CSRF, command injection, and file upload on DVWA — Low to Impossible security levels.
NETWORKIDSFORENSICS
Network Attack Detection
Traffic analysis, intrusion detection, MITRE ATT&CK mapping, and remediation guidance for network-based attacks in a monitored environment.
PYTHONRECONBUG BOUNTY
HeaderHound
Python web header & misconfiguration scanner — checks security headers, cookie flags, CORS, redirect chains, and server disclosure. Built for bug bounty recon workflows.
INCIDENT RESPONSENIST
Incident Response Notes
Practical IR notes and templates covering phishing, malware, ransomware, unauthorized access, and web vulnerability response — aligned to NIST SP 800-61.
INTERNSHIPWEB SECURITYNETWORK
Cybersecurity Internship Report
Full internship report covering network security (Wireshark, UFW), web application testing with WebGoat & OWASP ZAP, and professional security engagement tasks.
CERTIFICATIONS & TRAINING
Credentials I'veearned
OFFICIAL CERTIFICATIONS
ISC²CERTIFICATION
Certified in Cybersecurity (CC)
Foundational cybersecurity certification covering security principles, network security, access controls, incident response, and business continuity.
INE / eLSCERTIFICATION
eJPT — Junior Penetration Tester
Hands-on pentesting certification covering network attacks, web application testing, host-based exploitation, and basic post-exploitation techniques.
COMPTIACERTIFICATION
CompTIA Security+
Industry-standard security certification covering threats, vulnerabilities, cryptography, identity management, network security, and risk management.
COMPTIACERTIFICATION
CompTIA Linux+
Linux administration certification covering system configuration, security hardening, shell scripting, package management, and troubleshooting.
GOOGLECOURSERA
Google Cybersecurity Certificate
Professional certificate covering security foundations, network security, Linux, SQL, Python for security automation, SIEM tools, and incident response workflows.
APIsecCERTIFICATION
CASA — Certified API Security Analyst
API security certification covering OWASP API Top 10, authentication flaws, broken authorization, injection attacks, and API penetration testing methodology.
TRAINING COURSES & LEARNING PATHS
TryHackMeLEARNING PATH
Junior Penetration Tester Path
Full pentesting learning path — recon, web hacking, network exploitation, privilege escalation, and scripting. Achieved Top 1 in Nigeria (Silver League).
APIsec UniCOURSE
API Penetration Testing
Hands-on API pentesting course covering endpoint discovery, rate limiting bypass, JWT attacks, business logic vulnerabilities, and OWASP API Top 10 exploitation.
MicrosoftSC-300
Microsoft SC-300 — Identity & Access
Microsoft Entra ID, conditional access, MFA, passwordless auth, identity governance, and access management across cloud and hybrid environments.
MicrosoftAZ-500
Microsoft AZ-500 — Azure Security
Azure security engineer course — Defender for Cloud, Sentinel, Key Vault, network security, identity protection, and threat detection across Azure infrastructure.
INECOURSE
Active Directory Penetration Testing
Hands-on AD pentesting course — enumeration, lateral movement, privilege escalation, Kerberoasting, Pass-the-Hash, and domain compromise techniques.
INEWAPT
Web App Security Testing (WAPT)
Web application pentesting series — web proxies, information gathering, web fingerprinting, enumeration, and XSS attack techniques from INE's WAPT track.
INEWIRELESS
Wi-Fi Security & Pentesting
Wireless security course covering WPA2 cracking, evil twin attacks, deauthentication, wireless reconnaissance, and practical Wi-Fi pentesting methodology.
PortSwiggerWEB LABS
Web Security Academy Labs
Extensive hands-on labs covering SQLi, XSS, CSRF, SSRF, IDOR, XXE, SSTI, access control, auth bypass, and advanced web exploitation techniques.
Hack The BoxLABS
Hack The Box — Active Labs
Active on HTB working through web pentesting, senior web pentesting, and AI red teaming paths — real machines, real vulnerabilities, real exploitation.
COMPETITIONS
Battles I'vefought
🏆 9TH PLACE · TOP 10
Squad Hackathon 3.0
GTCO · GTBank · Nigeria · Team: Modifiers
Competed among 1,600+ teams. Finished 9th place overall — representing Team Modifiers across security, TypeScript, React, and Python coding challenges. Recognised in the Final 10 and considered for GTCO internship opportunities.
🥈 5TH PLACE
Cyber AI Hackathon
Team: Bricoleurs
Built a full vulnerability and threat scanner with real-time severity scoring and confidence levels. Finished 5th place out of all competing teams. Combined AI and cybersecurity automation to detect and classify threats in a live demo environment.
⚡ HACKATHON PROJECT
Trust Chain AI
Product Verification · Anti-Counterfeit · AI
Developed Trust Chain AI — a product authenticity verification platform using AI (Ollama) and a verification database to help users confirm product legitimacy and fight counterfeits. Combined AI-assisted analysis with trust workflow automation.
LET'S CONNECT
Securing systemsthat matter.

Penetration Tester · AppSec Analyst · Security Researcher. Open to internships, bug bounty collaborations, security research, and cybersecurity conversations.