Senior Security Consultant / Offensive Security Researcher

Supakiad S. (m3ez)

Offensive security consultant building practical security research, reusable tooling, and high-impact vulnerability analysis across modern attack surfaces.

I help organizations identify, validate, and remediate risks across web applications, APIs, mobile apps, Active Directory, internal networks, wireless environments, and thick-client systems.

Web / API Security Secure Code Review Active Directory Mobile Testing Research & Tooling

Current Focus

Practical offensive security. Clear remediation.

My work combines exploitation depth, executive-ready reporting, and pragmatic guidance that engineering teams can act on.

Experience 6+ years

Security consulting, validation, and risk communication.

Credentials 14+ certs

OffSec, CREST, INE, TCM Security, CompTIA, and more.

Recognition MSRC + CTF

Research recognition, live hacking events, and ranked competition results.

About

Clarity, coverage, impact.

I am a Senior Security Consultant focused on offensive security, penetration testing, secure code review, and vulnerability research.

I help organizations identify, validate, and remediate security risks across web applications, APIs, mobile applications, Active Directory, network infrastructure, wireless environments, and thick-client systems.

My work combines practical exploitation, clear technical reporting, remediation guidance, and stakeholder communication.

Operating Style

  • Depth where it matters, not noise for its own sake.
  • Findings mapped to business risk and remediation priorities.
  • Security outputs written for both engineers and leadership.
  • Research and tooling built to improve repeatability.

Expertise

Attack surface coverage.

Web & API Security

Authentication, authorization, business logic, OWASP Top 10, API abuse paths, and secure code review.

Mobile Security

Android and iOS testing, storage review, interception workflows, and platform-specific validation.

Active Directory

Privilege escalation, misconfiguration analysis, lateral movement, and enterprise attack simulation.

Network & Wireless

Internal network exposure mapping, wireless assessment, and practical validation of infrastructure weaknesses.

Thick Client Assessment

Desktop application review, local attack surface mapping, and client-server trust boundary testing.

Reporting & Remediation

Technical findings, executive summaries, CWE and CVSS mapping, and realistic fix guidance.

Credentials

Certifications & training.

Selected Certifications

Focused on red teaming, web security, mobile testing, and secure review.

OSEPOffSec CRTPAltered eWPTXINE CRTACWL OSCP+OffSec OSWEOffSec OSCPOffSec eWPTINE PMPATCM CRTCREST CPSACREST Pentest+CompTIA CEH PracticalEC-Council Security+CompTIA
View Credential Wallet

Compact badge view for quick scanning. Full certificate names remain on the CV and profile references.

Professional Development

Training and labs that sharpen offensive tradecraft.

  • PEN-200, PEN-300, and WEB-300 - OffSec
  • Red Team Professional - Altered Security
  • Red Team Analyst - Cyberwarfare Labs
  • eWPT and eWPTX - INE Security
  • PMPA - TCM Security

Recognition

Security activity.

2026

NCSA AI CTF 2026

Placed 9th personally in the final round.

2026

Microsoft Zero Day Quest Live Hacking Event

Invite-only participant in Redmond, Washington, USA.

2025

Thailand Cyber Top Talent 2025

Placed 6th personally and 13th as a team in the qualifying round.

2025

Microsoft Most Valuable Researchers 2025

Ranked 42nd in the Top 100 Most Valuable Researchers program.

2025

MSRC Leaderboard 2025 Q1

Placed 86th in Microsoft Researcher Recognition Program standings.

2025

Microsoft Zero Day Quest Onsite Event

Invite-only participant in Redmond, Washington, USA.

2024

Thailand Cyber Top Talent 2024

Finished 10th in the final round.

2024

MSRC Leaderboard 2024 Q3

Placed 25th in Microsoft Researcher Recognition Program standings.

2024

Dynamics Researchers Leaderboard 2024 Q3

Placed 6th in Microsoft Dynamics researcher standings.

2024

MSRC Leaderboard 2024 Q1

Placed 32nd in Microsoft Researcher Recognition Program standings.

2023

Most Valuable Researchers 2023

Ranked 68th in the Top 100 Most Valuable Researchers program.

2023

HITB SECCONF CTF 2023

Placed 16th in the Attack-Defense competition.

2023

National WhiteHat Challenge

Winner in National Coding Day 2023.

2023

Office Researchers Leaderboard 2022 Q4

Placed 4th in Microsoft Office researcher standings.

2022

MSRC Leaderboard 2022 Q4

Placed 25th in Microsoft Researcher Recognition Program standings.

2022

MSRC Leaderboard 2022 Q3

Placed 44th in Microsoft Researcher Recognition Program standings.

2022

Thailand Cyber Top Talent 2022

Participant in the NCSA competition program.

2021

Thailand Cyber Top Talent 2021

Participant in the NCSA competition program.

2021

UTCC Cyber Security #2

Participant in the University of the Thai Chamber of Commerce event.

2020

White Hat Hacking for Security

Winner in the DEPA Thailand program.

2019

Financial Cybersecurity Boot Camp

Participant in the Bank of Thailand program.

2019

SOSECURE Hacking Contest

Participant in the SOSECURE competition.

Projects / Research

Research & public work.

Research

WordPress Security Research

Research and tooling for finding high-impact vulnerabilities in WordPress plugins and PHP applications.

Writeups

Vulnerability Analysis

Technical writeups covering exploitation chains, root cause analysis, business impact, and remediation strategy.

Automation

Security Tooling

Reusable scripts and helpers for triage, testing workflows, and secure code review support.

Notes

Secure Code Review Patterns

Source-to-sink notes and vulnerability pattern references built around practical detection logic.

Public Footprint

Profiles, writeups, references.

Verified public links covering research profiles, writeups, advisories, and community recognition.

Writing

Writing & public links.