Gromovaya Anastasia
Information Security Specialist | Penetration Tester
Novorossiysk, RU.About
Highly motivated Information Security Specialist and aspiring Penetration Tester with 8 months of hands-on experience in vulnerability assessment, network security, and incident response within a financial institution. Proven ability to identify and remediate critical security flaws, enhance infrastructure protection, and contribute to PCI DSS compliance, demonstrating a strong foundation in offensive and defensive security practices. Eager to leverage a comprehensive technical skill set and a proactive approach to secure complex systems and contribute to innovative security solutions.
Work
Rostov-on-Don, Russian Federation
→
Summary
Managed comprehensive internal IT infrastructure security, conducting vulnerability assessments and incident response to elevate overall protection and ensure compliance.
Highlights
Conducted comprehensive vulnerability assessments of internal IT infrastructure, identifying critical misconfigurations and security flaws to enhance system integrity and resilience.
Executed advanced penetration testing techniques, including NTLM hash interception via Windows network protocols (Responder, CrackMapExec, Impacket) and MITM attacks (mitm6), to simulate real-world threats.
Tested system resilience against Denial-of-Service attacks, performing HTTP flood simulations with HULK and GoldenEye, and communicated findings to IT and Information Security teams for mitigation strategies.
Played a key role in preparing infrastructure for PCI DSS certification audits, actively identifying vulnerabilities, overseeing remediation efforts, and conducting retests, directly contributing to compliance readiness.
Administered SIEM systems, investigating security incidents, generating detailed reports, and establishing new rules and asset groups, which elevated the infrastructure's security posture from 'medium' to 'high' as assessed by external auditors.
Education
→
Bachelor's Degree
Information Systems and Technologies
Grade: Diploma with Honors
Courses
Developed a thesis project on 'Service for finding vulnerabilities in mobile applications for Android,' demonstrating expertise in mobile security and the software development lifecycle.
Led a research and development team for the thesis project, managing market analysis, customer development, competitive analysis, hypothesis formulation, and economic evaluation.
Applied Lean Canvas and agile methodologies to gather functional and non-functional requirements, develop a comprehensive roadmap, prioritize tasks, and oversee MVP implementation and testing.
Languages
French
Proficient
Russian
Native
Spanish
Basic
Korean
Basic
English
Fluent
Skills
Cybersecurity & Penetration Testing
Vulnerability Analysis, Penetration Testing, Web Application Security, OWASP Top 10, CVE, Denial-of-Service (DoS) Testing, NTLM Hash Interception, MITM Attacks, PCI DSS Compliance, SIEM Administration, Incident Investigation.
Tools & Technologies
Responder, CrackMapExec, Impacket, mitm6, HULK, GoldenEye, BurpSuite, Wireshark, Metasploit, sqlmap, Kali Linux, VirtualBox, Jira, Atlassian Confluence, Windows, Linux.
Programming & Scripting
Python.
Network Security
Network Technologies, Network Scanning, Open Port Identification, Outdated Services Detection.
Project Management & Methodologies
Agile, Scrum, Lean Canvas, Roadmap Development, MVP Definition, Requirements Gathering, Team Leadership, Project Moderation.
Professional Skills
Strong Written Communication, Strong Verbal Communication, Problem-Solving, Self-Organization, Goal-Oriented, Persistence, Teamwork, Customer Development (CustDev), Market Analysis.
Interests
Hobbies
Foreign Languages, Painting, Knitting, City Walks, Travel, Running, Calisthenics, Gym, Classical Literature.