I am Iason Somarakis, I am a seasoned cybersecurity and engineering professional with over a decade of experience in IT, including seven-plus years specializing in offensive and defensive security. I have led and mentored teams, founded a cybersecurity company, and deliver impactful security solutions across diverse sectors such as energy, healthcare, and manufacturing. My expertise includes different types of security assessments, developing custom tools, integrating industry-standard frameworks (e.g., MITRE ATT&CK, NIST CSF), and creating advanced labs and training programs to equip teams with the skills to address real-world threats. I excel at combining deep technical knowledge with strategic leadership to enhance organizations' security posture and resilience.
Engineering and Cybersecurity Solutions
January 2023 - July 2024, Hybrid
Cybersecurity and Technology Solutions and Services
Cybersecurity intelligence, analytics, and assurance services.
October 2015 - December 2016, Netherlands
IT hardware sales and technical support services.
April 2016 - December 2016
October 2015 - April 2016
June 2013 - June 2015, Greece
Construction Services
|
|
2019-2024
[Withdrawn] Ph.D student in Asset and Threat Emulation for Cybersecurity Training at School of Mathematics, Computer Sciences & Engineering |
|
|
|
2010-2018
B.Sc. in Computer Software Engineering |
Developed a Python-based RPC client for automating Metasploit Framework interactions. Introduced a “beacon mode” for periodic command execution and data retrieval, streamlining offensive security workflows. This tool enhances penetration testing efficiency and integrates seamlessly with broader security operations.
Created a tool for generating macro-enabled documents embedded with multi-stage malware to simulate document-based cyber-attacks. The solution automates testing of organizational defenses against phishing and C2 server exploitation, providing a controlled environment for security assessments.
Designed a training scenario to demonstrate vulnerabilities in OPC UA and Modbus protocols in railway systems. Developed a custom OPC UA stack with Python to simulate attacks like unauthorized access and credential interception. Enhanced participant understanding of securing operational technologies in critical infrastructure.
Designed and deployed three Jeopardy-style CTF challenges focusing on forensics, reverse engineering, and web exploitation. Contributed to CTFd platform integration for seamless user experience. Enhanced the diversity and depth of challenges to cater to a wide range of cybersecurity skills.
Led the design and development of a demonstrator simulating cybersecurity risks in space manufacturing (MAIT). Utilized Terraform and Docker to emulate infrastructure and workflows, integrating attack/defense modeling to improve cybersecurity awareness in the aerospace sector.
Spearheaded the design and development of a Cyber Range platform for dynamic cybersecurity labs and training scenarios. Created an infrastructure orchestrator using Python, Docker, and Vagrant. Developed attack engines and scenario libraries for hands-on cybersecurity training.
Developed a deep learning-based intrusion detection system using LSTM networks. Implemented real-time packet analysis and anomaly detection with Python frameworks like Keras and NumPy. The solution was validated using the NSL-KDD dataset.
Created attack simulations for satellite-ground communication systems, focusing on command injection and spoofing vulnerabilities. Developed training scenarios to secure CCSDS protocols and infrastructure for satellite systems.
Contributed to securing critical infrastructure like bridges and tunnels through penetration testing and system-wide security recommendations. Investigated drone-based ICS technologies for damage assessment and simulated real-world attack scenarios to enhance platform robustness.
Worked on an Android-based educational game and security testing of the HOLOBALANCE platform. Conducted penetration testing of backend systems, web APIs, and Bluetooth devices to ensure compliance with security standards in healthcare.
Developed scenarios focusing on attack vectors for satellite systems, including spoofing and eavesdropping. Utilized Ansible for automating infrastructure deployment and attack sequences, enhancing cybersecurity training for satellite communications.
Proposed an interoperable telehealth platform integrating IoT devices with cloud infrastructure. Focused on real-time evaluations and personalized coaching for patients with balance disorders.
Comprehensive course that prepares aspiring security professionals for offensive security operations. Covered topics like web exploitation, privilege escalation, and enumeration techniques.
A themed event with 25 unique challenges, offering hands-on experience in areas like digital forensics, cryptography, and basic pentesting concepts. Ranked among top participants for solving all challenges within the timeline.
Achieved the Pro Hacker rank, securing a global position of 391st in 2024. Solved 100+ boxes involving advanced web exploitation, reverse engineering, binary analysis, and privilege escalation.
Competed in this globally recognized Capture the Flag (CTF) event, ranking in the top 4% worldwide. Tackled challenges in cryptography, reverse engineering, web exploitation, and adversary simulation to showcase advanced problem-solving and collaborative team skills.
Ranked in the top 9% globally on TryHackMe, completing 200+ hands-on labs and exercises. Specializations include privilege escalation, Active Directory exploitation, and malware analysis, demonstrating mastery of both fundamental and advanced cybersecurity concepts.
Summer school with the theme “Challenges of Emerging Technologies”, focusing on AI, 5G, IoT, and Machine Learning. Included workshops on leveraging these technologies for threat detection and mitigation.
Summer school with the theme “The Challenge of the Changing Risk Landscape”, featuring hands-on workshops on incident handling, threat intelligence, and real-time security monitoring.
Course that teaches the basic to advanced topics of ethical hacking, including methodology, commonly used tools, and exploitation techniques.
Focused on leveraging Python for cybersecurity tasks, including packet manipulation, API integration, and malware analysis using libraries like Scapy and Requests.
Taught fundamentals and advanced concepts of ethical hacking with real-world applications, focusing on web application vulnerabilities and social engineering.
Course by DeepLearning.AI that explores the inner workings of neural networks and introduces the core building blocks for developing AI models in Python.
Focused on the basics of Android development with hands-on experience toward building first applications, including UI/UX design and app lifecycle management.
