Author Image

Hi, I am Iason Somarakis

Security Engine|

Iason Somarakis

Senior Security Engineer at NEXOVA

I am Iason Somarakis, I am a seasoned cybersecurity and engineering professional with over a decade of experience in IT, including seven-plus years specializing in offensive and defensive security. I have led and mentored teams, founded a cybersecurity company, and deliver impactful security solutions across diverse sectors such as energy, healthcare, and manufacturing. My expertise includes different types of security assessments, developing custom tools, integrating industry-standard frameworks (e.g., MITRE ATT&CK, NIST CSF), and creating advanced labs and training programs to equip teams with the skills to address real-world threats. I excel at combining deep technical knowledge with strategic leadership to enhance organizations' security posture and resilience.

Problem Solving
Team Work
Creative Thinking
Leadership
Lifelong learner
Adaptability

Skills

Cybersecurity Training & Scenario Development

Designed and delivered 10+ advanced cybersecurity training modules and scenarios, covering OT/IT vulnerabilities, phishing detection, and satellite communication threats. Successfully led training for 80+ participants across multiple industries, leveraging tools like MITRE ATT&CK, Ansible, and custom simulation environments.
Offensive Security Specialist

Performed 30+ penetration tests, across manufacturing, healthcare, and insurance sectors. Proficient in tools like Burp Suite, Nessus, Metasploit, and Cobalt Strike. Developed custom offensive security tools, including a Metasploit RPC API wrapper and a phishing campaign automation stack.
Risk Assessment & Security Architecture

Conducted comprehensive risk assessments and threat modeling for clients across critical industries, aligning solutions with frameworks like NIST CSF, PTES, and OWASP. Implemented proactive security measures to mitigate vulnerabilities, including Nessus-driven assessments and custom remediation strategies.
Infrastructure Automation Engineer

Developed 30+ automation solutions with Ansible, Terraform, and custom scripting to streamline deployment processes for labs and attack simulations. Demonstrated expertise in automated provisioning for space manufacturing and satellite communication scenarios.
Cyber Range Development

Led the design and implementation of a Cyber Range platform used for advanced security training and simulation. Created 15+ dynamic training scenarios integrating Docker, Vagrant, and Caldera, enabling hands-on learning for critical infrastructure defense.
Team Leadership & Project Management

Built and managed high-performing teams for offensive security and scenario development projects. Directed EU-funded initiatives, delivering 10+ technical solutions and ensuring compliance with standards like NIST and GDPR.
Python Development & Tool Engineering

Expert in Python for security tool development, including automation, API integrations, and machine learning models. Developed tools like malicious macro generators and asset discovery solutions used in space and industrial cybersecurity projects.
Space & OT Cybersecurity

Delivered security solutions for space and operational technology, including emulation of satellite-ground communication threats and vulnerabilities in protocols like Modbus/OPC UA. Engineered simulations highlighting cyber-physical impacts of attacks on critical infrastructure.
Agile & Strategic Leadership

Implemented agile methodologies to lead 5-member teams in delivering results for 12+ clients. Cultivated partnerships and managed resources to align technical outcomes with business objectives.

Experiences

1
Security Engineer
RHEA Group | Nexova

August 2022 - Present, Hybrid

Engineering and Cybersecurity Solutions

Responsibilities:
  • Designed and delivered cybersecurity courses, hands-on labs, on topics such as CTFs, social engineering, OT/IT vulnerabilities in Modbus/OPC UA, and threats in satellite-ground communication.
  • Led and implemented a solution to simulate business, attack, and defense flows in space manufacturing. Supporting tailored specification language, automated infrastructure provisioning and an event execution engine using Finite State Machines, leveraging MITRE ATT&CK to model the cyber kill chain.
  • Developed an asset discovery solution integrating network scanners and IT solutions, to map attack surfaces and create “evil twins”.
  • Developed diverse automation solutions and command-line tools to enhance lab and scenario development, including a wrapper for Metasploit’s RPC API and a generator for malicious macro-enabled documents.
CEO, Solution and Security Architect
RAVEN CYBERSECURITY IKE

January 2023 - Present, Hybrid

Cybersecurity and Technology Solutions and Services

Responsibilities:
  • Built and led a team of five to deliver agile projects tailored to client needs, sourced and allocated resources, managed client relationships, established strategic partnerships to enhance business growth, and supervised financials.
  • Conducted security assessments, including penetration tests, phishing campaigns, WiFi security, and physical security, and proposed customized mitigation strategies to reduce risk.
  • Managed post-incident investigations for phishing and ransomware attacks, implementing remediation strategies to restore operations and prevent recurrence.
  • Deployed Endpoint Detection and Response (EDR) solutions and integrated security tools like VPNs, improving the cybersecurity posture of multiple businesses and mitigating hundreds of incidents.
  • Designed and maintained a testing environment using Proxmox, Virtual Machines, and Containers to simulate attacks and test security solutions.
2
3
Senior Security Engineer
SPHYNX Technology Solutions

August 2018 - December 2022, Cyprus

Cybersecurity intelligence, analytics, and assurance services.

Responsibilities:
  • Led offensive security initiatives and performed penetration tests and threat modeling across multiple sectors, including healthcare and energy.
  • Led a team and developed a cyber range product, integrating threat modeling, infrastructure automation, including over a dozen tailored training modules.
  • Designed and implemented a dynamic testing product for modeling and executing automated security assessments, integrating tools such as OpenVAS.
  • Directed and executed technical implementation on EU projects, engineering solutions, designing threat scenarios, and integrating security solutions.
  • Delivered field demonstrations to stakeholders, highlighting KPIs and the effectiveness of security implementations, leading to increased adoption of cybersecurity solutions and a reduced attack surface.
  • Published research papers on Cyber Ranges, IoT, and Healthcare Security, and was recognized as Employee of the Year (2020) for outstanding contributions.
Curvature

October 2015 - December 2016, Netherlands

IT hardware sales and technical support services.

IT Support Technician

April 2016 - December 2016

  • Diagnosed and resolved technical issues across desktops, peripherals, and network devices.
  • Designed and deployed standardized OS and software images for streamlined installations.
  • Managed help desk operations, ticketing systems, and asset management.
  • Managed Active Directory users and policies, ensuring secure access and compliance across branches.
  • Enforced data protection, access controls, and network security measures, reducing the attack surface and potential vulnerabilities.
IT Support/Network Administrator Trainee

October 2015 - April 2016

  • Assisted in the deployment and maintenance of IT systems, including software configurations and upgrades.
  • Provided technical support and training to staff on hardware and software usage.
  • Maintained ticketing systems and contributed to voice services support.
4
5
Technician's Assistant/IT Support
IPEKAT IKE

June 2013 - June 2015, Greece

Construction Services

Responsibilities:
  • Maintained and managed IT equipment for daily operations.
  • Supported staff with technical troubleshooting and basic IT training.

Education
CITY University of London
2019-2024
[Withdrawn] Ph.D student in Asset and Threat Emulation for Cybersecurity Training at School of Mathematics, Computer Sciences & Engineering
Hellenic Mediterranean University
2010-2018
B.Sc. in Computer Software Engineering

Projects

RyoTenkai
Software & Security Engineer 2024

Developed a Python-based RPC client for automating Metasploit Framework interactions. Introduced a “beacon mode” for periodic command execution and data retrieval, streamlining offensive security workflows. This tool enhances penetration testing efficiency and integrates seamlessly with broader security operations.

Hobby Engineering Offensive Security Exploitation
Details
Morgans
Software & Security Engineer 2024

Created a tool for generating macro-enabled documents embedded with multi-stage malware to simulate document-based cyber-attacks. The solution automates testing of organizational defenses against phishing and C2 server exploitation, providing a controlled environment for security assessments.

Hobby Engineering Offensive Security Phishing
Details
Railway OPC UA Cyber Training Scenario
Security Training Engineer 2024

Designed a training scenario to demonstrate vulnerabilities in OPC UA and Modbus protocols in railway systems. Developed a custom OPC UA stack with Python to simulate attacks like unauthorized access and credential interception. Enhanced participant understanding of securing operational technologies in critical infrastructure.

Professional Engineering Offensive Security OT Lab Development
Jeopardy-Style CTF Challenge Development
Security Training Engineer 2024

Designed and deployed three Jeopardy-style CTF challenges focusing on forensics, reverse engineering, and web exploitation. Contributed to CTFd platform integration for seamless user experience. Enhanced the diversity and depth of challenges to cater to a wide range of cybersecurity skills.

Professional CTF Offensive Security Reverse Engineering Forensics
PAEMD
Software & Security Engineer 2024

Led the design and development of a demonstrator simulating cybersecurity risks in space manufacturing (MAIT). Utilized Terraform and Docker to emulate infrastructure and workflows, integrating attack/defense modeling to improve cybersecurity awareness in the aerospace sector.

Professional Industry Manufacturing Attack Simulations Engineering
Details
STS’ Cyber Range Platform
Software & Security Engineer 2020-2022

Spearheaded the design and development of a Cyber Range platform for dynamic cybersecurity labs and training scenarios. Created an infrastructure orchestrator using Python, Docker, and Vagrant. Developed attack engines and scenario libraries for hands-on cybersecurity training.

Professional Industry Training Content Development Lab Development Engineering
Details
RNN-LSTM Network Intrusion Detection
Lead Author and Developer 2018

Developed a deep learning-based intrusion detection system using LSTM networks. Implemented real-time packet analysis and anomaly detection with Python frameworks like Keras and NumPy. The solution was validated using the NSL-KDD dataset.

Academic Deep Learning Network Security Python
Details
Threat Modeling for Space Communication Systems
Security Engineer 2022

Created attack simulations for satellite-ground communication systems, focusing on command injection and spoofing vulnerabilities. Developed training scenarios to secure CCSDS protocols and infrastructure for satellite systems.

Professional Space Threat Emulation Training Content Development
RESIST
Penetration Tester & Project Manager 2018-2022

Contributed to securing critical infrastructure like bridges and tunnels through penetration testing and system-wide security recommendations. Investigated drone-based ICS technologies for damage assessment and simulated real-world attack scenarios to enhance platform robustness.

Professional Research Critical Infrastructure Offensive Security
Details
HOLOBALANCE
Developer & Penetration Tester 2018-2021

Worked on an Android-based educational game and security testing of the HOLOBALANCE platform. Conducted penetration testing of backend systems, web APIs, and Bluetooth devices to ensure compliance with security standards in healthcare.

Professional Research Healthcare Android Unity3D Offensive Security
Details
SCCoE Space Scenario
Security Engineer 2022

Developed scenarios focusing on attack vectors for satellite systems, including spoofing and eavesdropping. Utilized Ansible for automating infrastructure deployment and attack sequences, enhancing cybersecurity training for satellite communications.

Professional Space Training Content Development Threat Emulation
Designing Interoperable Telehealth Platforms
Contributor 2020

Proposed an interoperable telehealth platform integrating IoT devices with cloud infrastructure. Focused on real-time evaluations and personalized coaching for patients with balance disorders.

Research Healthcare IoT Cloud Engineering
Details

Accomplishments

Offensive PenTesting Learning Path
Tryhackme August 2021 - December 2021

Comprehensive course that prepares aspiring security professionals for offensive security operations. Covered topics like web exploitation, privilege escalation, and enumeration techniques.

View Certificate
Advent of Cyber 2021
Tryhackme August 2021 - December 2021

A themed event with 25 unique challenges, offering hands-on experience in areas like digital forensics, cryptography, and basic pentesting concepts. Ranked among top participants for solving all challenges within the timeline.

View Certificate
Hack The Box - Pro Hacker Rank
Hack The Box Achieved in 2024

Achieved the Pro Hacker rank, securing a global position of 391st in 2024. Solved 100+ boxes involving advanced web exploitation, reverse engineering, binary analysis, and privilege escalation.

View Certificate
Cyber Apocalypse 2024
Hack The Box March 2024

Competed in this globally recognized Capture the Flag (CTF) event, ranking in the top 4% worldwide. Tackled challenges in cryptography, reverse engineering, web exploitation, and adversary simulation to showcase advanced problem-solving and collaborative team skills.

TryHackMe - Top 9% Globally
Tryhackme Achieved in 2024

Ranked in the top 9% globally on TryHackMe, completing 200+ hands-on labs and exercises. Specializations include privilege escalation, Active Directory exploitation, and malware analysis, demonstrating mastery of both fundamental and advanced cybersecurity concepts.

View Certificate
NIS2019
ENISA & FORTH September 2019

Summer school with the theme “Challenges of Emerging Technologies”, focusing on AI, 5G, IoT, and Machine Learning. Included workshops on leveraging these technologies for threat detection and mitigation.

View Certificate
NIS2018
ENISA & FORTH September 2018

Summer school with the theme “The Challenge of the Changing Risk Landscape”, featuring hands-on workshops on incident handling, threat intelligence, and real-time security monitoring.

View Certificate
Penetration Testing and Ethical Hacking
Cybrary October 2018

Course that teaches the basic to advanced topics of ethical hacking, including methodology, commonly used tools, and exploitation techniques.

View Certificate
Python for Security Professionals
Cybrary October 2018

Focused on leveraging Python for cybersecurity tasks, including packet manipulation, API integration, and malware analysis using libraries like Scapy and Requests.

The Ultimate Ethical Hacking Course 2017
Udemy October 2017

Taught fundamentals and advanced concepts of ethical hacking with real-world applications, focusing on web application vulnerabilities and social engineering.

View Certificate
Neural Networks and Deep Learning
Coursera September 2017

Course by DeepLearning.AI that explores the inner workings of neural networks and introduces the core building blocks for developing AI models in Python.

View Certificate
EU Scholarship - Android Development for Beginners
Udacity January 2017

Focused on the basics of Android development with hands-on experience toward building first applications, including UI/UX design and app lifecycle management.