Certified, senior penetration testers who test by hand, verify what they find, and stay accountable through remediation. No junior handoffs, no scan and send reports.
Why every penetration test we run is verified by hand.
“An automated scanner tells you what might be vulnerable. A certified offensive security engineer tells you what actually is, and delivers the proof.
With 16 years in offensive security, a PhD in Computer Science from the Université de Montréal, and certifications including OSCP, OSEP, and OSWE, the majority of my career has been spent finding vulnerabilities that automated tools miss. That work included leading global red team operations at General Motors, simulating nation state level adversaries across cloud, on premises, and hybrid environments. The discipline behind all of it is the same: think like an attacker, verify everything by hand, and never trust a scanner output without a trained engineer behind it.
Most businesses that hire a penetration testing firm receive a report full of unverified scanner findings. The deliverable looks thorough. It rarely is. Automated vulnerability scanners cannot determine whether a finding is actually exploitable in your specific environment, that requires a certified engineer running a manual penetration test. At PlutoSec, every engagement is scoped and led by a senior tester who conducts the assessment by hand, validates each finding with proof of concept evidence, and stays accountable through your remediation cycle. When you fix something, we retest. Nothing closes on a scan result alone.
The team on this page holds the certifications that clients, auditors, and cyber insurers recognize, OSCP, OSEP, OSWE, CISSP, CEH, and more, across web application, API, network, cloud, and red team disciplines. What those credentials represent is a standard of work: findings that hold up under scrutiny, reports you can actually act on, and an engagement that does not end at delivery. That is why our clients stay, and it is the commitment behind every name here.
On behalf of the whole team,
Benjamin Arnaud · Chief Executive Officer
THE ROSTER
Certified specialists, not a rotating bench.
A cross functional team spanning offensive security, security consulting, governance and risk, and client delivery, holding the certifications that auditors and boards recognize. The people who scope your engagement are the people who run it.
Across the team:OSCPCISSPCISMCEHECSACPTECIPP/CCOBIT 5GSIPBSCPCompTIA Security+CompTIA PenTest+CompTIA CySA+Certified in Cybersecurity (CC)PMPAWS Solutions Architect
Filza Arsh
Cyber Security Consultant
Cybersecurity consultant focused on offensive security, cloud security assessments, and compliance, helping startups, healthcare providers, financial institutions, and SaaS platforms across Canada build resilient, manual first security programs.
Filza Arsh
Cyber Security Consultant
Experience
Cybersecurity consultant focused on offensive security, cloud security assessments, and compliance, helping startups, healthcare providers, financial institutions, and SaaS platforms across Canada build resilient, manual first security programs.
Focus
Delivers web application, network, cloud, and API penetration testing alongside vulnerability management and compliance advisory aligned with NIST, ISO 27001, OWASP, PCI DSS, and MITRE ATT&CK, emphasizing real world attack simulation and actionable remediation over automated scanning.
Abdul Jalil
Senior Security Consultant
8+ years in offensive security and manual penetration testing across web applications, APIs, AI chatbots/LLMs, cloud platforms, and internal/external networks for government and enterprise clients.
Abdul Jalil
Senior Security Consultant
Experience
8+ years in offensive security and manual penetration testing across web applications, APIs, AI chatbots/LLMs, cloud platforms, and internal/external networks for government and enterprise clients.
Focus
Leads client facing engagements end to end, scoping, manual exploitation, false positive validation, and executive reporting aligned with SOC 2, ISO 27001, and PCI DSS, using Burp Suite, Metasploit, Nessus, and Kali Linux, and mapping work to OWASP, MITRE ATT&CK, MITRE ATLAS, PTES, and NIST.
Certifications
CISM
CEH
ECSA
CPTE
CIPP/C
CompTIA Security+
AWS Solutions Architect
Chloe Matthews
Senior Cyber Security Consultant
Over a decade in cybersecurity, leading end to end security assessments across cloud, network, application, and internal IT environments.
Chloe Matthews
Senior Cyber Security Consultant
Experience
Over a decade in cybersecurity, leading end to end security assessments across cloud, network, application, and internal IT environments.
Focus
Turns highly technical findings into business ready recommendations, reviews environments against NIST, CIS, ISO 27001, and SOC 2, and analyzes AWS, Azure, and GCP configurations for identity and access control weaknesses.
Certifications
OSCP
CISSP
Karan Gill
GRC Consultant
11+ years leading security governance programs, risk assessments, and compliance readiness for organizations across finance, SaaS, telecom, and public sector environments.
Karan Gill
GRC Consultant
Experience
11+ years leading security governance programs, risk assessments, and compliance readiness for organizations across finance, SaaS, telecom, and public sector environments.
Focus
Prepares clients for SOC 2, ISO 27001, PCI DSS, HIPAA, CIS Controls, and NIST through gap analyses, control mapping, and audit readiness, working directly with engineering and penetration testing teams so technical findings translate cleanly into compliance outcomes.
Certifications
CISSP
COBIT 5
Eric Dawson
Senior Penetration Tester
Senior penetration tester specializing in IoT devices, embedded systems, firmware, and wireless protocols, with broad experience across web apps, APIs, networks, cloud, and full enterprise infrastructures.
Eric Dawson
Senior Penetration Tester
Experience
Senior penetration tester specializing in IoT devices, embedded systems, firmware, and wireless protocols, with broad experience across web apps, APIs, networks, cloud, and full enterprise infrastructures.
Focus
Tears down hardware to find debug interfaces (UART, JTAG, SWD), extracts and analyzes firmware, and tests IoT protocols such as MQTT, BLE, Zigbee, and LoRaWAN using Ghidra, Binwalk, Flipper Zero, HackRF, and Burp Suite, then writes fixes product teams can act on quickly.
Certifications
CEH
CISSP
GSIP
Abdul Basit Baloch
Senior Penetration Tester
6+ years in penetration testing and vulnerability assessment for healthcare, fintech, and other critical sector clients across web, mobile, cloud, and internal networks.
Abdul Basit Baloch
Senior Penetration Tester
Experience
6+ years in penetration testing and vulnerability assessment for healthcare, fintech, and other critical sector clients across web, mobile, cloud, and internal networks.
Focus
Runs advanced red team exercises and real world attack simulations following MITRE ATT&CK and NIST, builds custom tooling in Python and PowerShell, and aligns remediation with ISO 27001, PCI DSS, and GDPR.
Certifications
CEH
CPTE
ISP
Riley Eastwood
Penetration Tester
Penetration tester with deep manual testing experience across web apps, APIs, mobile, networks, cloud (AWS/Azure), and on prem environments, focused on the logic flaws and chained exploits scanners miss.
Riley Eastwood
Penetration Tester
Experience
Penetration tester with deep manual testing experience across web apps, APIs, mobile, networks, cloud (AWS/Azure), and on prem environments, focused on the logic flaws and chained exploits scanners miss.
Focus
Identifies and chains vulnerabilities into realistic, impact driven attack paths, performs privilege escalation and lateral movement across Windows domains and hybrid cloud, investigates IAM and storage misconfigurations, and turns complex findings into clear, visual reports clients can implement.
Certifications
OSCP
CISSP
Caleb Anderson
Penetration Tester
Penetration tester serving finance, SaaS, ecommerce, government, and healthcare clients with manual first testing aligned to OWASP, PTES, NIST SP 800-115, and MITRE ATT&CK.
Caleb Anderson
Penetration Tester
Experience
Penetration tester serving finance, SaaS, ecommerce, government, and healthcare clients with manual first testing aligned to OWASP, PTES, NIST SP 800-115, and MITRE ATT&CK.
Focus
Runs black-, grey-, and white box engagements across web apps, APIs, mobile, cloud, and networks using Burp Suite, Metasploit, Nessus, and Nuclei, delivering client friendly reports with proof of concept, risk scoring, and clear remediation steps.
Certifications
CEH
CompTIA Security+
Ava Whitmore
Penetration Tester
Penetration tester in PlutoSec's UK practice running manual first assessments across web applications, APIs, mobile apps, cloud environments (AWS/Azure), and corporate networks.
Ava Whitmore
Penetration Tester
Experience
Penetration tester in PlutoSec's UK practice running manual first assessments across web applications, APIs, mobile apps, cloud environments (AWS/Azure), and corporate networks.
Focus
Analyzes authentication, authorization, and session flows, performs privilege escalation and lateral movement in hybrid Active Directory, investigates cloud misconfigurations, and builds custom scripts and payloads when off the shelf tools fall short.
Certifications
CEH
Kevin Hoang
Penetration Tester & Cybersecurity Analyst
Penetration tester and cybersecurity analyst with an MSc in Cybersecurity & Information Assurance and a software engineering background spanning enterprise systems, IT infrastructure, and EDI.
Kevin Hoang
Penetration Tester & Cybersecurity Analyst
Experience
Penetration tester and cybersecurity analyst with an MSc in Cybersecurity & Information Assurance and a software engineering background spanning enterprise systems, IT infrastructure, and EDI.
Focus
Conducts penetration tests across network, web, and cloud environments, runs red team engagements and adversary simulations, prioritizes risk through vulnerability assessments, and prepares detailed technical reports with actionable remediation guidance.
Certifications
CompTIA PenTest+
CompTIA CySA+
Certified in Cybersecurity (CC)
Malek Slimi
Penetration Tester
Penetration tester with a background in cybersecurity analysis and architecture, conducting threat analysis and vulnerability testing across operating systems and networks.
Malek Slimi
Penetration Tester
Experience
Penetration tester with a background in cybersecurity analysis and architecture, conducting threat analysis and vulnerability testing across operating systems and networks.
Focus
Hands on with Wireshark, Metasploit, and Kali Linux for threat analysis and exploitation, with lab proven work on Bluetooth attack techniques including BIAS and keystroke injection.
Certifications
CompTIA Security+
Certified in Cybersecurity (CC)
ACE Multicloud Network Associate
Harvey Langford
Associate Ethical Hacker
Associate ethical hacker building hands on offensive security skills across networks and web applications, actively progressing toward advanced offensive certifications.
Harvey Langford
Associate Ethical Hacker
Experience
Associate ethical hacker building hands on offensive security skills across networks and web applications, actively progressing toward advanced offensive certifications.
Focus
Supports penetration testing engagements with enumeration, vulnerability validation, and exploitation practice across network and web targets while working toward the OSCP+ certification.
Certifications
BSCP
Wyatt Callahan
Cyber Security Consultant
Consultant in PlutoSec's UK office, previously an Information Security Analyst at KPMG UK, delivering assessments across cloud, network, application, and identity environments.
Wyatt Callahan
Cyber Security Consultant
Experience
Consultant in PlutoSec's UK office, previously an Information Security Analyst at KPMG UK, delivering assessments across cloud, network, application, and identity environments.
Focus
Evaluates organisations against ISO 27001, NIST CSF, and CIS Controls, assesses AWS, Azure, and hybrid environments for misconfigurations and identity weaknesses, and prepares clients for SOC 2 and cyber insurance readiness.
Certifications
CISSP
Adam Al-Masri
Cyber Security Specialist
Cyber security specialist focused on threat detection, vulnerability management, and incident response, helping organizations build resilient security foundations.
Adam Al-Masri
Cyber Security Specialist
Experience
Cyber security specialist focused on threat detection, vulnerability management, and incident response, helping organizations build resilient security foundations.
Focus
Fine tunes SIEM detections, performs forensic investigations, and improves security processes through automation, smart tooling, and clear communication.
Certifications
CEH
CompTIA Security+
Benjamin Luke Caldwell
Solutions Consultant
Solutions consultant with nine years helping organizations across SaaS, finance, retail, and public sector adopt and operationalize cybersecurity solutions that fit their real business needs.
Benjamin Luke Caldwell
Solutions Consultant
Experience
Solutions consultant with nine years helping organizations across SaaS, finance, retail, and public sector adopt and operationalize cybersecurity solutions that fit their real business needs.
Focus
Works with clients to scope tailored assessment and solution plans, aligns technical delivery with long term business goals, and translates security findings into clear, executive ready recommendations, supporting pre sales, SOWs, and onboarding throughout the engagement lifecycle.
Olayinka Lukman Okanla
GRC Consultant
GRC consultant with an engineering and business consulting background, supporting risk management, compliance processes, and policy implementation across the organization.
Olayinka Lukman Okanla
GRC Consultant
Experience
GRC consultant with an engineering and business consulting background, supporting risk management, compliance processes, and policy implementation across the organization.
Focus
Contributes to governance, risk, and compliance initiatives, supporting risk assessments, secure and compliant operational standards, and cybersecurity best practices, with added strengths in data analysis, market research, and business strategy.
Naumaan Shaikh
GRC & Compliance Analyst
GRC and compliance analyst and MSc Advanced Cyber Security candidate, focused on the documentation that connects technical controls to the boardroom, risk registers, compliance assessments, security policies, and audit evidence.
Naumaan Shaikh
GRC & Compliance Analyst
Experience
GRC and compliance analyst and MSc Advanced Cyber Security candidate, focused on the documentation that connects technical controls to the boardroom, risk registers, compliance assessments, security policies, and audit evidence.
Focus
Conducts governance, risk, and compliance assessments against ISO 27001, NIST CSF, SOC 2, and CIS Controls, and supports the development of information security policies, risk registers, Statements of Applicability, and vendor risk documentation.
Chizuruoke C.
Junior Cybersecurity Analyst
MSc Cybersecurity candidate and systems administrator contributing to ISMS development and structured risk assessments aligned with ISO/IEC 27001.
Chizuruoke C.
Junior Cybersecurity Analyst
Experience
MSc Cybersecurity candidate and systems administrator contributing to ISMS development and structured risk assessments aligned with ISO/IEC 27001.
Focus
Drafts security policies, risk registers, and control documentation, and supports threat modelling exercises and log and network anomaly analysis, backed by a strong Linux administration foundation.
Certifications
OCI Multicloud Architect Professional
Luqman Sattar
Cyber Security Project Manager
Cyber security project manager with a Master's in Project Management, leading cross functional teams and delivering security focused projects in high stakes environments.
Luqman Sattar
Cyber Security Project Manager
Experience
Cyber security project manager with a Master's in Project Management, leading cross functional teams and delivering security focused projects in high stakes environments.
Focus
Brings risk management, stakeholder communication, and agile delivery to cybersecurity engagements, bridging technical execution and strategic vision to keep projects secure, on time, and aligned with business objectives.
Certifications
PMP
Samuel Matthew Doyle
Corporate Business Manager
Corporate business manager driving strategic growth and enterprise relationships, aligning complex cybersecurity requirements with business outcomes.
Samuel Matthew Doyle
Corporate Business Manager
Experience
Corporate business manager driving strategic growth and enterprise relationships, aligning complex cybersecurity requirements with business outcomes.
Focus
Manages corporate accounts and commercial planning, pricing, proposals, and contract coordination, working with C level executives to shape security programs that meet modern compliance and risk expectations.
Asad Qadir
Business Development Manager
Business development manager generating new business for PlutoSec's VAPT, Managed SOC, Cloud Security, and vCISO offerings across SMBs, enterprises, MSPs, and international partners.
Asad Qadir
Business Development Manager
Experience
Business development manager generating new business for PlutoSec's VAPT, Managed SOC, Cloud Security, and vCISO offerings across SMBs, enterprises, MSPs, and international partners.
Focus
Manages the full sales cycle, from scoping and proposals to SOWs, pricing, and project kickoff, advising clients on best fit solutions across pentesting, SOC, SIEM, IAM, and cloud security, and expanding PlutoSec across Canada, the UK, and global markets.
Olan Rewaju
Business Development Manager
Business development manager and cybersecurity professional helping organizations strengthen their security posture across penetration testing, vulnerability management, and cloud security.
Olan Rewaju
Business Development Manager
Experience
Business development manager and cybersecurity professional helping organizations strengthen their security posture across penetration testing, vulnerability management, and cloud security.
Focus
Coordinates security assessments and client relationships, scoping tailored services across penetration testing, cloud security, and vulnerability management programs that align with business objectives and compliance.
Jonathan Zachary
Onboarding Solutions
Owns the client onboarding lifecycle at PlutoSec, turning complex kickoff steps into a smooth, predictable experience for every new engagement.
Jonathan Zachary
Onboarding Solutions
Experience
Owns the client onboarding lifecycle at PlutoSec, turning complex kickoff steps into a smooth, predictable experience for every new engagement.
Focus
Builds onboarding frameworks and checklists, runs kickoff sessions, verifies client environments, and coordinates secure access provisioning across penetration testing, cloud, GRC, and managed security engagements.
Labib Kamran
Full Stack DevOps & Cloud Engineer
Full stack, DevOps, and cloud engineer building and maintaining scalable web applications and cloud infrastructure for PlutoSec's security focused products.
Labib Kamran
Full Stack DevOps & Cloud Engineer
Experience
Full stack, DevOps, and cloud engineer building and maintaining scalable web applications and cloud infrastructure for PlutoSec's security focused products.
Focus
Designs cloud native architecture and CI/CD pipelines, builds backend services and containerized deployments, and focuses on reliability, scalability, and security across the platform.
Get Started
Ready to See What Your Current Security Is Missing?
Book a short consultation with PlutoSec and get a practical view of where your current security model may be exposed.