Man Shum

Coconut Creek, FL ***** 754-***-**** adjeoq@r.postjobfree.com

Professional Summary

I am a diligent person with extensive technical skills, knowledge, and experience with Cyber Security, computer systems, and network architectures. I am a skilled ethical hacker with over 5 years of experience penetrating networks and discovering vulnerabilities on networks and computer systems. Using ethical hacking tools and my computer knowledge, I have identified and reported over 300 security issues or bugs in online businesses (Salesforce, Amazon, Zoom, etc.) through Hackerone and Bugcrowd. I am always looking for new ways to push myself and expand my skill set.

Work History

Security Analyst/Bug Bounty Hunter, 08/2017 to Current

Independent/Free-Lance (Hackerone & Bugcrowd)

What is bug bounty? https://cybersecurity.att.com/blogs/security-essentials/how-bug-bounty-programs-work

Search for vulnerabilities in products of international companies (OWASP)

Draft a report on the vulnerabilities discovered, pointing out the reasons for their occurrence and possible ways to eliminate them

Perform patch verification (check fixes for detected vulnerabilities)

Penetration Tester/Ethical Hacker, 04/2018 to 07/2020

BNY Mellon – Orlando, Florida

Manual API and web application penetration testing, utilizing tools such as Burp Suite, Nmap, etc.

Perform security of source code review.

Provide a well-written report on all findings.

Diminished risk by performing retest validation on previously discovered ethical hack issues that application team remediated.

Skills

Proficient popular web application vulnerabilities, including SQL injection, Insecure Direct Object Referencing, Cross-Site Scripting, etc.

Strong experience of manual application penetration testing with Burp Suite (performed by hand, and not through a scanner).

Understanding of scripting and coding languages (Go, Python, Ruby, etc.)

Strong Understanding of Windows, MacOS, Linux, and UNIX–based operating systems, including command line interfaces, etc.

Great Experience with TCP/IP, network discovery, DNS enumeration and finding vulnerability.

Web content management

Strong Understanding of web application programming languages (HTML, JavaScript, PHP, etc.)

Experience with tools: Aircrack-ng, Nmap, Nesuss, Burp Suite, Appscan Enterprise, Metasploit, Wireshark, OWASP-ZAP, etc.

Accomplishments

I've reported over 300 valid vulnerability from Hackerone and Bugcrowd. (https://hackerone.com/manshum12) (https://bugcrowd.com/manshum12)

Discovery of XSS Vulnerability in Jenkins Blue Ocean Plugin, leading to authenticated arbitrary HTML rendering (CVE-201*-*******)

Recognized by Hackerone as a MVP researcher for the year of 2019. (https://hackerone.com/leaderboard/2019/q1) (https://hackerone.com/leaderboard/2019/q2)

My name is listed on Apple Security Researcher Acknowledgements Page (https://support.apple.com/en-us/HT201536)

I have created two git repositories for DNS recon (https://github.com/ManShum812)

I have a recognition letter from Drexel University CISO (https://www.linkedin.com/in/pablogmolina)

Education

High School Diploma: 06/2017

Monarch High School - 500 Wiles Road, Fl 33073

Certifications

Offensive Security Certified Professional (OSCP)