Whatsapp
Get a quote
Email Us
Call
Skip to content
OUR TEAM

The Engineers Behind Every Engagement.

Certified, senior penetration testers who test by hand, verify what they find, and stay accountable through remediation. No junior handoffs, no scan and send reports.

Meet the Engineers
Benjamin Arnaud, Chief Executive Officer of PlutoSec

Benjamin Arnaud

Chief Executive Officer

Why every penetration test we run is verified by hand.

With 16 years in offensive security, a PhD in Computer Science from the Université de Montréal, and certifications including OSCP, OSEP, and OSWE, the majority of my career has been spent finding vulnerabilities that automated tools miss. That work included leading global red team operations at General Motors, simulating nation state level adversaries across cloud, on premises, and hybrid environments. The discipline behind all of it is the same: think like an attacker, verify everything by hand, and never trust a scanner output without a trained engineer behind it.

Most businesses that hire a penetration testing firm receive a report full of unverified scanner findings. The deliverable looks thorough. It rarely is. Automated vulnerability scanners cannot determine whether a finding is actually exploitable in your specific environment, that requires a certified engineer running a manual penetration test. At PlutoSec, every engagement is scoped and led by a senior tester who conducts the assessment by hand, validates each finding with proof of concept evidence, and stays accountable through your remediation cycle. When you fix something, we retest. Nothing closes on a scan result alone.

The team on this page holds the certifications that clients, auditors, and cyber insurers recognize, OSCP, OSEP, OSWE, CISSP, CEH, and more, across web application, API, network, cloud, and red team disciplines. What those credentials represent is a standard of work: findings that hold up under scrutiny, reports you can actually act on, and an engagement that does not end at delivery. That is why our clients stay, and it is the commitment behind every name here.

On behalf of the whole team,

Benjamin Arnaud · Chief Executive Officer

Certified specialists, not a rotating bench.

A cross functional team spanning offensive security, security consulting, governance and risk, and client delivery, holding the certifications that auditors and boards recognize. The people who scope your engagement are the people who run it.

Across the team:OSCPCISSPCISMCEHECSACPTECIPP/CCOBIT 5GSIPBSCPCompTIA Security+CompTIA PenTest+CompTIA CySA+Certified in Cybersecurity (CC)PMPAWS Solutions Architect
Filza Arsh

Filza Arsh

Cybersecurity consultant focused on offensive security, cloud security assessments, and compliance, helping startups, healthcare providers, financial institutions, and SaaS platforms across Canada build resilient, manual first security programs.

Filza Arsh

Filza Arsh

Experience

Cybersecurity consultant focused on offensive security, cloud security assessments, and compliance, helping startups, healthcare providers, financial institutions, and SaaS platforms across Canada build resilient, manual first security programs.

Focus

Delivers web application, network, cloud, and API penetration testing alongside vulnerability management and compliance advisory aligned with NIST, ISO 27001, OWASP, PCI DSS, and MITRE ATT&CK, emphasizing real world attack simulation and actionable remediation over automated scanning.

Abdul Jalil

Abdul Jalil

8+ years in offensive security and manual penetration testing across web applications, APIs, AI chatbots/LLMs, cloud platforms, and internal/external networks for government and enterprise clients.

Abdul Jalil

Abdul Jalil

Experience

8+ years in offensive security and manual penetration testing across web applications, APIs, AI chatbots/LLMs, cloud platforms, and internal/external networks for government and enterprise clients.

Focus

Leads client facing engagements end to end, scoping, manual exploitation, false positive validation, and executive reporting aligned with SOC 2, ISO 27001, and PCI DSS, using Burp Suite, Metasploit, Nessus, and Kali Linux, and mapping work to OWASP, MITRE ATT&CK, MITRE ATLAS, PTES, and NIST.

Certifications

  • CISM
  • CEH
  • ECSA
  • CPTE
  • CIPP/C
  • CompTIA Security+
  • AWS Solutions Architect
Chloe Matthews

Chloe Matthews

Over a decade in cybersecurity, leading end to end security assessments across cloud, network, application, and internal IT environments.

Chloe Matthews

Chloe Matthews

Experience

Over a decade in cybersecurity, leading end to end security assessments across cloud, network, application, and internal IT environments.

Focus

Turns highly technical findings into business ready recommendations, reviews environments against NIST, CIS, ISO 27001, and SOC 2, and analyzes AWS, Azure, and GCP configurations for identity and access control weaknesses.

Certifications

  • OSCP
  • CISSP
Karan Gill

Karan Gill

11+ years leading security governance programs, risk assessments, and compliance readiness for organizations across finance, SaaS, telecom, and public sector environments.

Karan Gill

Karan Gill

Experience

11+ years leading security governance programs, risk assessments, and compliance readiness for organizations across finance, SaaS, telecom, and public sector environments.

Focus

Prepares clients for SOC 2, ISO 27001, PCI DSS, HIPAA, CIS Controls, and NIST through gap analyses, control mapping, and audit readiness, working directly with engineering and penetration testing teams so technical findings translate cleanly into compliance outcomes.

Certifications

  • CISSP
  • COBIT 5
Eric Dawson

Eric Dawson

Senior penetration tester specializing in IoT devices, embedded systems, firmware, and wireless protocols, with broad experience across web apps, APIs, networks, cloud, and full enterprise infrastructures.

Eric Dawson

Eric Dawson

Experience

Senior penetration tester specializing in IoT devices, embedded systems, firmware, and wireless protocols, with broad experience across web apps, APIs, networks, cloud, and full enterprise infrastructures.

Focus

Tears down hardware to find debug interfaces (UART, JTAG, SWD), extracts and analyzes firmware, and tests IoT protocols such as MQTT, BLE, Zigbee, and LoRaWAN using Ghidra, Binwalk, Flipper Zero, HackRF, and Burp Suite, then writes fixes product teams can act on quickly.

Certifications

  • CEH
  • CISSP
  • GSIP
Abdul Basit Baloch

Abdul Basit Baloch

6+ years in penetration testing and vulnerability assessment for healthcare, fintech, and other critical sector clients across web, mobile, cloud, and internal networks.

Abdul Basit Baloch

Abdul Basit Baloch

Experience

6+ years in penetration testing and vulnerability assessment for healthcare, fintech, and other critical sector clients across web, mobile, cloud, and internal networks.

Focus

Runs advanced red team exercises and real world attack simulations following MITRE ATT&CK and NIST, builds custom tooling in Python and PowerShell, and aligns remediation with ISO 27001, PCI DSS, and GDPR.

Certifications

  • CEH
  • CPTE
  • ISP
Riley Eastwood

Riley Eastwood

Penetration tester with deep manual testing experience across web apps, APIs, mobile, networks, cloud (AWS/Azure), and on prem environments, focused on the logic flaws and chained exploits scanners miss.

Riley Eastwood

Riley Eastwood

Experience

Penetration tester with deep manual testing experience across web apps, APIs, mobile, networks, cloud (AWS/Azure), and on prem environments, focused on the logic flaws and chained exploits scanners miss.

Focus

Identifies and chains vulnerabilities into realistic, impact driven attack paths, performs privilege escalation and lateral movement across Windows domains and hybrid cloud, investigates IAM and storage misconfigurations, and turns complex findings into clear, visual reports clients can implement.

Certifications

  • OSCP
  • CISSP
Caleb Anderson

Caleb Anderson

Penetration tester serving finance, SaaS, ecommerce, government, and healthcare clients with manual first testing aligned to OWASP, PTES, NIST SP 800-115, and MITRE ATT&CK.

Caleb Anderson

Caleb Anderson

Experience

Penetration tester serving finance, SaaS, ecommerce, government, and healthcare clients with manual first testing aligned to OWASP, PTES, NIST SP 800-115, and MITRE ATT&CK.

Focus

Runs black-, grey-, and white box engagements across web apps, APIs, mobile, cloud, and networks using Burp Suite, Metasploit, Nessus, and Nuclei, delivering client friendly reports with proof of concept, risk scoring, and clear remediation steps.

Certifications

  • CEH
  • CompTIA Security+
Ava Whitmore

Ava Whitmore

Penetration tester in PlutoSec's UK practice running manual first assessments across web applications, APIs, mobile apps, cloud environments (AWS/Azure), and corporate networks.

Ava Whitmore

Ava Whitmore

Experience

Penetration tester in PlutoSec's UK practice running manual first assessments across web applications, APIs, mobile apps, cloud environments (AWS/Azure), and corporate networks.

Focus

Analyzes authentication, authorization, and session flows, performs privilege escalation and lateral movement in hybrid Active Directory, investigates cloud misconfigurations, and builds custom scripts and payloads when off the shelf tools fall short.

Certifications

  • CEH
Kevin Hoang

Kevin Hoang

Penetration tester and cybersecurity analyst with an MSc in Cybersecurity & Information Assurance and a software engineering background spanning enterprise systems, IT infrastructure, and EDI.

Kevin Hoang

Kevin Hoang

Experience

Penetration tester and cybersecurity analyst with an MSc in Cybersecurity & Information Assurance and a software engineering background spanning enterprise systems, IT infrastructure, and EDI.

Focus

Conducts penetration tests across network, web, and cloud environments, runs red team engagements and adversary simulations, prioritizes risk through vulnerability assessments, and prepares detailed technical reports with actionable remediation guidance.

Certifications

  • CompTIA PenTest+
  • CompTIA CySA+
  • Certified in Cybersecurity (CC)
Malek Slimi

Malek Slimi

Penetration tester with a background in cybersecurity analysis and architecture, conducting threat analysis and vulnerability testing across operating systems and networks.

Malek Slimi

Malek Slimi

Experience

Penetration tester with a background in cybersecurity analysis and architecture, conducting threat analysis and vulnerability testing across operating systems and networks.

Focus

Hands on with Wireshark, Metasploit, and Kali Linux for threat analysis and exploitation, with lab proven work on Bluetooth attack techniques including BIAS and keystroke injection.

Certifications

  • CompTIA Security+
  • Certified in Cybersecurity (CC)
  • ACE Multicloud Network Associate
Harvey Langford

Harvey Langford

Associate ethical hacker building hands on offensive security skills across networks and web applications, actively progressing toward advanced offensive certifications.

Harvey Langford

Harvey Langford

Experience

Associate ethical hacker building hands on offensive security skills across networks and web applications, actively progressing toward advanced offensive certifications.

Focus

Supports penetration testing engagements with enumeration, vulnerability validation, and exploitation practice across network and web targets while working toward the OSCP+ certification.

Certifications

  • BSCP
Wyatt Callahan

Wyatt Callahan

Consultant in PlutoSec's UK office, previously an Information Security Analyst at KPMG UK, delivering assessments across cloud, network, application, and identity environments.

Wyatt Callahan

Wyatt Callahan

Experience

Consultant in PlutoSec's UK office, previously an Information Security Analyst at KPMG UK, delivering assessments across cloud, network, application, and identity environments.

Focus

Evaluates organisations against ISO 27001, NIST CSF, and CIS Controls, assesses AWS, Azure, and hybrid environments for misconfigurations and identity weaknesses, and prepares clients for SOC 2 and cyber insurance readiness.

Certifications

  • CISSP
Adam Al-Masri

Adam Al-Masri

Cyber security specialist focused on threat detection, vulnerability management, and incident response, helping organizations build resilient security foundations.

Adam Al-Masri

Adam Al-Masri

Experience

Cyber security specialist focused on threat detection, vulnerability management, and incident response, helping organizations build resilient security foundations.

Focus

Fine tunes SIEM detections, performs forensic investigations, and improves security processes through automation, smart tooling, and clear communication.

Certifications

  • CEH
  • CompTIA Security+
Benjamin Luke Caldwell

Benjamin Luke Caldwell

Solutions consultant with nine years helping organizations across SaaS, finance, retail, and public sector adopt and operationalize cybersecurity solutions that fit their real business needs.

Benjamin Luke Caldwell

Benjamin Luke Caldwell

Experience

Solutions consultant with nine years helping organizations across SaaS, finance, retail, and public sector adopt and operationalize cybersecurity solutions that fit their real business needs.

Focus

Works with clients to scope tailored assessment and solution plans, aligns technical delivery with long term business goals, and translates security findings into clear, executive ready recommendations, supporting pre sales, SOWs, and onboarding throughout the engagement lifecycle.

Olayinka Lukman Okanla

Olayinka Lukman Okanla

GRC consultant with an engineering and business consulting background, supporting risk management, compliance processes, and policy implementation across the organization.

Olayinka Lukman Okanla

Olayinka Lukman Okanla

Experience

GRC consultant with an engineering and business consulting background, supporting risk management, compliance processes, and policy implementation across the organization.

Focus

Contributes to governance, risk, and compliance initiatives, supporting risk assessments, secure and compliant operational standards, and cybersecurity best practices, with added strengths in data analysis, market research, and business strategy.

Naumaan Shaikh

Naumaan Shaikh

GRC and compliance analyst and MSc Advanced Cyber Security candidate, focused on the documentation that connects technical controls to the boardroom, risk registers, compliance assessments, security policies, and audit evidence.

Naumaan Shaikh

Naumaan Shaikh

Experience

GRC and compliance analyst and MSc Advanced Cyber Security candidate, focused on the documentation that connects technical controls to the boardroom, risk registers, compliance assessments, security policies, and audit evidence.

Focus

Conducts governance, risk, and compliance assessments against ISO 27001, NIST CSF, SOC 2, and CIS Controls, and supports the development of information security policies, risk registers, Statements of Applicability, and vendor risk documentation.

Chizuruoke C.

Chizuruoke C.

MSc Cybersecurity candidate and systems administrator contributing to ISMS development and structured risk assessments aligned with ISO/IEC 27001.

Chizuruoke C.

Chizuruoke C.

Experience

MSc Cybersecurity candidate and systems administrator contributing to ISMS development and structured risk assessments aligned with ISO/IEC 27001.

Focus

Drafts security policies, risk registers, and control documentation, and supports threat modelling exercises and log and network anomaly analysis, backed by a strong Linux administration foundation.

Certifications

  • OCI Multicloud Architect Professional
Luqman Sattar

Luqman Sattar

Cyber security project manager with a Master's in Project Management, leading cross functional teams and delivering security focused projects in high stakes environments.

Luqman Sattar

Luqman Sattar

Experience

Cyber security project manager with a Master's in Project Management, leading cross functional teams and delivering security focused projects in high stakes environments.

Focus

Brings risk management, stakeholder communication, and agile delivery to cybersecurity engagements, bridging technical execution and strategic vision to keep projects secure, on time, and aligned with business objectives.

Certifications

  • PMP
Samuel Matthew Doyle

Samuel Matthew Doyle

Corporate business manager driving strategic growth and enterprise relationships, aligning complex cybersecurity requirements with business outcomes.

Samuel Matthew Doyle

Samuel Matthew Doyle

Experience

Corporate business manager driving strategic growth and enterprise relationships, aligning complex cybersecurity requirements with business outcomes.

Focus

Manages corporate accounts and commercial planning, pricing, proposals, and contract coordination, working with C level executives to shape security programs that meet modern compliance and risk expectations.

Asad Qadir

Asad Qadir

Business development manager generating new business for PlutoSec's VAPT, Managed SOC, Cloud Security, and vCISO offerings across SMBs, enterprises, MSPs, and international partners.

Asad Qadir

Asad Qadir

Experience

Business development manager generating new business for PlutoSec's VAPT, Managed SOC, Cloud Security, and vCISO offerings across SMBs, enterprises, MSPs, and international partners.

Focus

Manages the full sales cycle, from scoping and proposals to SOWs, pricing, and project kickoff, advising clients on best fit solutions across pentesting, SOC, SIEM, IAM, and cloud security, and expanding PlutoSec across Canada, the UK, and global markets.

Olan Rewaju

Olan Rewaju

Business development manager and cybersecurity professional helping organizations strengthen their security posture across penetration testing, vulnerability management, and cloud security.

Olan Rewaju

Olan Rewaju

Experience

Business development manager and cybersecurity professional helping organizations strengthen their security posture across penetration testing, vulnerability management, and cloud security.

Focus

Coordinates security assessments and client relationships, scoping tailored services across penetration testing, cloud security, and vulnerability management programs that align with business objectives and compliance.

Jonathan Zachary

Jonathan Zachary

Owns the client onboarding lifecycle at PlutoSec, turning complex kickoff steps into a smooth, predictable experience for every new engagement.

Jonathan Zachary

Jonathan Zachary

Experience

Owns the client onboarding lifecycle at PlutoSec, turning complex kickoff steps into a smooth, predictable experience for every new engagement.

Focus

Builds onboarding frameworks and checklists, runs kickoff sessions, verifies client environments, and coordinates secure access provisioning across penetration testing, cloud, GRC, and managed security engagements.

Labib Kamran

Labib Kamran

Full stack, DevOps, and cloud engineer building and maintaining scalable web applications and cloud infrastructure for PlutoSec's security focused products.

Labib Kamran

Labib Kamran

Experience

Full stack, DevOps, and cloud engineer building and maintaining scalable web applications and cloud infrastructure for PlutoSec's security focused products.

Focus

Designs cloud native architecture and CI/CD pipelines, builds backend services and containerized deployments, and focuses on reliability, scalability, and security across the platform.

Get Started

Ready to See What Your Current Security Is Missing?

Book a short consultation with PlutoSec and get a practical view of where your current security model may be exposed.

Book Your Free Security Consultation
Meet Our Cybersecurity Team | OSCP & CISSP Certified | PlutoSec