Author Image

Hi, I am Iason Somarakis

Iason Somarakis

Senior Security Engineer at NEXOVA

I am Iason Somarakis, I am a seasoned cybersecurity and engineering professional with over a decade of experience in IT, including seven-plus years specializing in offensive and defensive security. I have led and mentored teams, founded a cybersecurity company, and deliver impactful security solutions across diverse sectors such as energy, healthcare, and manufacturing. My expertise includes different types of security assessments, developing custom tools, integrating industry-standard frameworks (e.g., MITRE ATT&CK, NIST CSF), and creating advanced labs and training programs to equip teams with the skills to address real-world threats. I excel at combining deep technical knowledge with strategic leadership to enhance organizations' security posture and resilience.

Problem Solving
Team Work
Creative Thinking
Leadership
Lifelong learner
Adaptability

Skills

Experiences

1
Security Engineer
RHEA Group | Nexova

August 2022 - Present, Hybrid

Engineering and Cybersecurity Solutions

Responsibilities:
  • Designed and delivered cybersecurity courses, hands-on labs, on topics such as CTFs, social engineering, OT/IT vulnerabilities in Modbus/OPC UA, and threats in satellite-ground communication.
  • Led and implemented a solution to simulate business, attack, and defense flows in space manufacturing. Supporting tailored specification language, automated infrastructure provisioning and an event execution engine using Finite State Machines, leveraging MITRE ATT&CK to model the cyber kill chain.
  • Developed an asset discovery solution integrating network scanners and IT solutions, to map attack surfaces and create “evil twins”.
  • Developed diverse automation solutions and command-line tools to enhance lab and scenario development, including a wrapper for Metasploit’s RPC API and a generator for malicious macro-enabled documents.

CEO, Solution and Security Architect
RAVEN CYBERSECURITY IKE

January 2023 - Present, Hybrid

Cybersecurity and Technology Solutions and Services

Responsibilities:
  • Built and led a team of five to deliver agile projects tailored to client needs, sourced and allocated resources, managed client relationships, established strategic partnerships to enhance business growth, and supervised financials.
  • Conducted security assessments, including penetration tests, phishing campaigns, WiFi security, and physical security, and proposed customized mitigation strategies to reduce risk.
  • Managed post-incident investigations for phishing and ransomware attacks, implementing remediation strategies to restore operations and prevent recurrence.
  • Deployed Endpoint Detection and Response (EDR) solutions and integrated security tools like VPNs, improving the cybersecurity posture of multiple businesses and mitigating hundreds of incidents.
  • Designed and maintained a testing environment using Proxmox, Virtual Machines, and Containers to simulate attacks and test security solutions.
2

3
Senior Security Engineer
SPHYNX Technology Solutions

August 2018 - December 2022, Cyprus

Cybersecurity intelligence, analytics, and assurance services.

Responsibilities:
  • Led offensive security initiatives and performed penetration tests and threat modeling across multiple sectors, including healthcare and energy.
  • Led a team and developed a cyber range product, integrating threat modeling, infrastructure automation, including over a dozen tailored training modules.
  • Designed and implemented a dynamic testing product for modeling and executing automated security assessments, integrating tools such as OpenVAS.
  • Directed and executed technical implementation on EU projects, engineering solutions, designing threat scenarios, and integrating security solutions.
  • Delivered field demonstrations to stakeholders, highlighting KPIs and the effectiveness of security implementations, leading to increased adoption of cybersecurity solutions and a reduced attack surface.
  • Published research papers on Cyber Ranges, IoT, and Healthcare Security, and was recognized as Employee of the Year (2020) for outstanding contributions.

Curvature

October 2015 - December 2016, Netherlands

IT hardware sales and technical support services.

IT Support Technician

April 2016 - December 2016

  • Diagnosed and resolved technical issues across desktops, peripherals, and network devices.
  • Designed and deployed standardized OS and software images for streamlined installations.
  • Managed help desk operations, ticketing systems, and asset management.
  • Managed Active Directory users and policies, ensuring secure access and compliance across branches.
  • Enforced data protection, access controls, and network security measures, reducing the attack surface and potential vulnerabilities.
IT Support/Network Administrator Trainee

October 2015 - April 2016

  • Assisted in the deployment and maintenance of IT systems, including software configurations and upgrades.
  • Provided technical support and training to staff on hardware and software usage.
  • Maintained ticketing systems and contributed to voice services support.
4

5
Technician's Assistant/IT Support
IPEKAT IKE

June 2013 - June 2015, Greece

Construction Services

Responsibilities:
  • Maintained and managed IT equipment for daily operations.
  • Supported staff with technical troubleshooting and basic IT training.

Education

[Withdrawn] Ph.D student in Asset and Threat Emulation for Cybersecurity Training at School of Mathematics, Computer Sciences & Engineering
B.Sc. in Computer Software Engineering

Projects

RyoTenkai
Software & Security Engineer 2024

Developed a Python-based RPC client for automating Metasploit Framework interactions. Introduced a “beacon mode” for periodic command execution and data retrieval, streamlining offensive security workflows. This tool enhances penetration testing efficiency and integrates seamlessly with broader security operations.

Morgans
Software & Security Engineer 2024

Created a tool for generating macro-enabled documents embedded with multi-stage malware to simulate document-based cyber-attacks. The solution automates testing of organizational defenses against phishing and C2 server exploitation, providing a controlled environment for security assessments.

Railway OPC UA Cyber Training Scenario
Security Training Engineer 2024

Designed a training scenario to demonstrate vulnerabilities in OPC UA and Modbus protocols in railway systems. Developed a custom OPC UA stack with Python to simulate attacks like unauthorized access and credential interception. Enhanced participant understanding of securing operational technologies in critical infrastructure.

Jeopardy-Style CTF Challenge Development
Security Training Engineer 2024

Designed and deployed three Jeopardy-style CTF challenges focusing on forensics, reverse engineering, and web exploitation. Contributed to CTFd platform integration for seamless user experience. Enhanced the diversity and depth of challenges to cater to a wide range of cybersecurity skills.

PAEMD
Software & Security Engineer 2024

Led the design and development of a demonstrator simulating cybersecurity risks in space manufacturing (MAIT). Utilized Terraform and Docker to emulate infrastructure and workflows, integrating attack/defense modeling to improve cybersecurity awareness in the aerospace sector.

STS’ Cyber Range Platform
Software & Security Engineer 2020-2022

Spearheaded the design and development of a Cyber Range platform for dynamic cybersecurity labs and training scenarios. Created an infrastructure orchestrator using Python, Docker, and Vagrant. Developed attack engines and scenario libraries for hands-on cybersecurity training.

RNN-LSTM Network Intrusion Detection
Lead Author and Developer 2018

Developed a deep learning-based intrusion detection system using LSTM networks. Implemented real-time packet analysis and anomaly detection with Python frameworks like Keras and NumPy. The solution was validated using the NSL-KDD dataset.

Threat Modeling for Space Communication Systems
Security Engineer 2022

Created attack simulations for satellite-ground communication systems, focusing on command injection and spoofing vulnerabilities. Developed training scenarios to secure CCSDS protocols and infrastructure for satellite systems.

RESIST
Penetration Tester & Project Manager 2018-2022

Contributed to securing critical infrastructure like bridges and tunnels through penetration testing and system-wide security recommendations. Investigated drone-based ICS technologies for damage assessment and simulated real-world attack scenarios to enhance platform robustness.

HOLOBALANCE
Developer & Penetration Tester 2018-2021

Worked on an Android-based educational game and security testing of the HOLOBALANCE platform. Conducted penetration testing of backend systems, web APIs, and Bluetooth devices to ensure compliance with security standards in healthcare.

SCCoE Space Scenario
Security Engineer 2022

Developed scenarios focusing on attack vectors for satellite systems, including spoofing and eavesdropping. Utilized Ansible for automating infrastructure deployment and attack sequences, enhancing cybersecurity training for satellite communications.

Designing Interoperable Telehealth Platforms
Contributor 2020

Proposed an interoperable telehealth platform integrating IoT devices with cloud infrastructure. Focused on real-time evaluations and personalized coaching for patients with balance disorders.

Accomplishments

Offensive PenTesting Learning Path
Tryhackme August 2021 - December 2021

Comprehensive course that prepares aspiring security professionals for offensive security operations. Covered topics like web exploitation, privilege escalation, and enumeration techniques.

Advent of Cyber 2021
Tryhackme August 2021 - December 2021

A themed event with 25 unique challenges, offering hands-on experience in areas like digital forensics, cryptography, and basic pentesting concepts. Ranked among top participants for solving all challenges within the timeline.

Hack The Box - Pro Hacker Rank
Hack The Box Achieved in 2024

Achieved the Pro Hacker rank, securing a global position of 391st in 2024. Solved 100+ boxes involving advanced web exploitation, reverse engineering, binary analysis, and privilege escalation.

Cyber Apocalypse 2024
Hack The Box March 2024

Competed in this globally recognized Capture the Flag (CTF) event, ranking in the top 4% worldwide. Tackled challenges in cryptography, reverse engineering, web exploitation, and adversary simulation to showcase advanced problem-solving and collaborative team skills.

TryHackMe - Top 9% Globally
Tryhackme Achieved in 2024

Ranked in the top 9% globally on TryHackMe, completing 200+ hands-on labs and exercises. Specializations include privilege escalation, Active Directory exploitation, and malware analysis, demonstrating mastery of both fundamental and advanced cybersecurity concepts.

NIS2019
ENISA & FORTH September 2019

Summer school with the theme “Challenges of Emerging Technologies”, focusing on AI, 5G, IoT, and Machine Learning. Included workshops on leveraging these technologies for threat detection and mitigation.

NIS2018
ENISA & FORTH September 2018

Summer school with the theme “The Challenge of the Changing Risk Landscape”, featuring hands-on workshops on incident handling, threat intelligence, and real-time security monitoring.

Penetration Testing and Ethical Hacking
Cybrary October 2018

Course that teaches the basic to advanced topics of ethical hacking, including methodology, commonly used tools, and exploitation techniques.

Python for Security Professionals
Cybrary October 2018

Focused on leveraging Python for cybersecurity tasks, including packet manipulation, API integration, and malware analysis using libraries like Scapy and Requests.

The Ultimate Ethical Hacking Course 2017
Udemy October 2017

Taught fundamentals and advanced concepts of ethical hacking with real-world applications, focusing on web application vulnerabilities and social engineering.

Neural Networks and Deep Learning
Coursera September 2017

Course by DeepLearning.AI that explores the inner workings of neural networks and introduces the core building blocks for developing AI models in Python.

EU Scholarship - Android Development for Beginners
Udacity January 2017

Focused on the basics of Android development with hands-on experience toward building first applications, including UI/UX design and app lifecycle management.