Security researcher and AI/ML engineer at INSA, Addis Ababa. I work across two intersecting domains: offensive security (web, API, mobile penetration testing and AI red teaming) and machine learning engineering (model development, adversarial evaluation, and production ML systems).
I graduated from the INSA Talent Center in 2025. Since then I've been doing full-scope security assessments, building ML pipelines, and researching the security of AI systems — where both disciplines converge.
Previously active on GitHub under a different account (now inaccessible). This is my current account from March 2026.
Penetration Tester & AI Security Researcher — INSA (Sep 2025 – Present) Web, API, and mobile security assessments. AI system red teaming — prompt injection, adversarial inputs, model misuse, data leakage. Secure code reviews, CVSS-scored findings, prioritized remediation.
Mobile & Web Pentester — Independent/Contract (2024 – 2025) Manual and automated security assessments across Android/iOS and web applications.
Offensive Security — Web & API Burp Suite · Caido · Metasploit · sqlmap · Nuclei · ffuf · Nmap · Wireshark · tcpdump
Offensive Security — Mobile Burp Suite · Ghidra · JADX · radare2 · apktool · Drozer · ADB
AI / LLM Red Teaming Garak · PromptBench · LangChain · Hugging Face Transformers · custom adversarial evaluation pipelines · prompt injection · jailbreak analysis · model misuse & data leakage
Machine Learning & MLOps PyTorch · TensorFlow/Keras · scikit-learn · XGBoost · LightGBM · Hugging Face · MLflow · DVC · FastAPI · Docker · Streamlit
LLM Engineering LangChain · LlamaIndex · OpenAI API · RAG pipelines · fine-tuning · embedding models · vector databases (Pinecone, Chroma) · prompt engineering
Scripting & Automation Python · Bash · pwntools · scapy · exploit development · fuzzing · CI security integration
- ISO/IEC 27001 Information Security — SkillFront
- Certified Cyber Security Officer (CSCSO) — EU Cyber Academy (2026)
- API Security Fundamentals — APIsec University (2026)
- AI Fundamentals Nanodegree — Udacity (2025)
- Android Developer Fundamentals — Udacity (2025)
- Ethical Hacking 101 (2025)
| Project | Description |
|---|---|
| Web Application Security Assessment | Full VAPT of OWASP Juice Shop — SQLi exploitation, CORS misconfiguration, CSP bypass, server fingerprinting |
| Phishing Detection & Threat Analysis | Forensic analysis of 6 live phishing campaigns — header forensics, infrastructure correlation, IOC extraction |
| API Security Research | OWASP API Top 10 assessment — BOLA, auth bypass, JWT algorithm confusion, mass assignment exploitation |
| Gasha Scanner (private) | Enterprise vulnerability scanning platform — scalable incident response integration, collaborative project |
| PromptVault | LLM red team evaluation suite — prompt injection, jailbreak tracking, refusal quality analysis across repeatable evaluation sets |
| AegisDrift | ML monitoring platform — data drift detection, prediction anomalies, model health alerting for deployed models |
Addis Ababa, Ethiopia