Lyla Mahmoud Assfour

Dynamic IT and Cybersecurity professional with hands-on experience at British Petroleum (BP). Proven track record in conducting network security assessments and enhancing operational efficiency through automation. Strong analytical thinking and effective communication skills drive successful team collaboration and leadership in cybersecurity initiatives. Committed to advancing security practices in fast-paced environments.

A Scalable and Adaptive Identity Access Management Solution for SMBs and Non-Profits, This project developed a scalable, cost-effective Identity and Access Management (IAM) system for SMBs and non-profits, addressing the complexity and high costs of traditional solutions. It features real-time risk assessments, adaptive permissions, and dynamic access control based on device, location, and time. The system includes AES encryption and Multi-Factor Authentication (MFA) for data security, with an intuitive admin and user portal built using Node.js and SQLite for efficient management.

• Binary Exploitation & Malware Analysis, 01/01/25, Exploited stack/heap overflows, bypassed protections (PIE, ASLR), and reverse-engineered binaries using GDB and x86. Conducted malware analysis and authored detailed technical reports.
• Risk Assessment & Security Management, 01/01/25, Built ISO 27001-compliant risk matrices; assessed assets/threats, mapped controls, and created Excel-based reports.
• Penetration Testing & Exploitation, 01/01/25, Performed VM-based internal pentests and web using Metasploit, Burp Suite, and custom scripts; exploited misconfigurations and analyzed privilege escalation vectors.
• Network Security & Threat Detection, 01/01/24, Secured OSPF and switch configs; built rogue MAC detection and route validation with Python, Cisco, and GNS3.
• Digital Forensics Investigation, 01/01/24, Analyzed disk/mobile artifacts with Autopsy and Volatility; reconstructed attack timelines and compiled forensic reports.
• Secure Voting App, 01/01/24, Built an E2E encrypted voting system using three encryption techniques, with secure login, overflow prevention, and Python-based unit testing.
• Secure Full Stack Web Development, 01/01/23, Created responsive websites with PHP/MySQL; implemented secure login and session handling.
• Database Design & SQL Security, 01/01/23, Designed normalized schemas and implemented secure queries with input validation and parameterization.

• Student Union Member, Actively participated in the Student Union at Coventry University, contributing to various events and initiatives aimed at enhancing student engagement and fostering a sense of community on campus.
• Sports Enthusiast, Passionate about staying active and healthy, I engage in CrossFit and Yoga, which help me maintain both physical fitness and mental well-being.
• Charity Work, Committed to giving back to the community, I regularly contribute to charitable causes, focusing on initiatives that support local communities and promote social welfare.

Malware Analysis, Reverse Engineering, Risk Management, Penetration Testing, Digital Forensics, Secure Software Dev, Web Security, Security Assessment, Cryptography, Python, C/C++, Java, JavaScript, PHP, HTML/CSS, SQL, Assembly, GDB, Burp Suite, Metasploit, Wireshark, Nmap, SQLMap, OWASP ZAP, netcat, Autopsy, Volatility, FTK Imager, Full-Stack Dev, Secure Coding, Exploit Dev (Stack/Heap), Threat Modeling, Vulnerability Scanning, Reverse Engineering, Cisco Security, MFA, AES, OpenSSL, GNS3