BooTeen Portfolio

About Me

Full Name: Nguyen Hoang Phi Long (but you can call me Long)

Aliases: BooTeen | Offensive Security Engineer | Penetration Tester

Offensive Security Engineer | Aug 2022 – Present | Kyiv, Ukraine

Adversary Simulation: Planned and executed external, internal, and hybrid penetration tests, identifying exploitable paths in complex infrastructures.
Custom Exploits & Tools: Developed tailored payloads, phishing kits, and automation scripts to support red team operations and vulnerability validation.
Security Posture Assessment: Delivered prioritized risk reports with actionable mitigation strategies, reducing exposure to critical threats by 30%.
Collaborative Remediation: Worked with blue teams and developers to remediate findings, improving mean time to resolution (MTTR).
Red Team Engagements: Simulated APT scenarios and initial access attacks, leveraging social engineering and living-off-the-land techniques.
Toolchain Integration: Integrated and maintained offensive and defensive tools including Cobalt Strike, Burp Suite Pro, BloodHound, and custom scripts.
Government and Enterprise Support: Conducted assessments of critical infrastructure and provided rapid security hardening for national service continuity.

Network Security Support Engineer | Feb 2021 – Aug 2022 | Kyiv, Ukraine

24/7 Operational Support: Monitored mission-critical networks round-the-clock.
Offensive Assessments: Conducted pentesting with tailored remediation strategies.
Strategic Consultations: Advised on compliance (GDPR, CCPA, ISO 27001), reducing audit non-conformities by 25%.
Large-Scale Projects: Led upgrades for 300+ sites and 1,500+ devices.
Incident Response & DLP: Investigated 5,000+ incidents and deployed DLP policies to reduce recurrences.
Tool Integration: Implemented Cisco, Fortinet, Tenable, Qualys, Forcepoint, and SysReptor, improving threat detection by 40%.
Government Collaboration: Supported government infrastructure with rapid response and redundant WiFi during blackouts.

Cyber Security Specialist | Feb 2023 – Aug 2023 | Munich, Germany

Web & Container Security: Safeguarded 1000+ user accounts with comprehensive pentesting.
Docker Optimization: Reduced container image size by 67%, boosting performance.
ISO 27002 Compliance: Developed and enforced security policies, enhancing resilience by 40%.
SDLC Integration: Integrated security checks early in CI/CD, reducing remediation time by 40%.

Junior Embedded Software Developer | Aug 2022 – Dec 2022 | Berlin, Germany

Hardware Security: Conducted hardware penetration tests on charging stations, remediating firmware vulnerabilities for OCTT compliance.
Automated Testing: Developed Python-based OCPP tests, achieving 100% OCTT compliance.
Efficiency Gains: Improved charging station software by 15%, reducing costs.

Certified Penetration Testing Specialist by HackTheBox
Nationwide Network Upgrade: Modernized 300+ sites and 1,500+ devices.
Investigated 5,000+ incidents and implemented effective DLP solutions.
35% improvement in threat detection via MITRE ATT&CK alignment.
67% reduction in Docker image size for a German e-mobility company.
30% reduction in assessment timelines through automation and standardized reporting.
Collaborated with the Ukrainian government to deploy redundant WiFi during blackouts.

Methodologies & Frameworks: MITRE ATT&CK, OWASP Top Ten, PTES
Exploitation: Privilege escalation, pivoting, lateral movement, post-exploitation enumeration
Active Directory Security: BloodHound analysis, Kerberoasting, domain enumeration
Reporting & Documentation: Impact-focused storyboarding and streamlined vulnerability reports

Secure Architecture: Designing GDPR/ISO 27001-compliant environments
24/7 Operational Support: Rapid incident response and high-pressure fault resolution
Telecommunications & Network Management: Routers, switches, DWDM, WiFi, IPS/IDS configurations

Global Standards: GDPR, CCPA, ISO 27000 family, PCI DSS
Policy Development: Implementing DLP, incident response plans, and security benchmarks
Auditing & Gap Analysis: Identifying non-compliance issues and reducing vulnerabilities

Pentest Tools: Nessus, Qualys, Burp Suite, Metasploit
Vendor Solutions: Cisco, Fortinet, Trellix, Tenable, Qualys, Forcepoint, OpenText Fortify, DataSunrise
Programming & Scripting: Bash, Python, C/C++ (automation, custom tool development)
Operating Systems: Linux (Kali, Ubuntu), Windows Server, embedded firmware environments

National Aviation University | Bachelor's in Information and Communications System Security | Sep 2017 – Jul 2021

Relevant Coursework: Network Security, Cryptography, Database Security, Secure Software Development, Wireless & Telecommunication Systems

Certified Penetration Testing Specialist (CPTS) – HackTheBox (Jan 2025)
Certificate ID: HTBCERT-34817AEE23
View Credential
Certified in Cybersecurity (ISC2) – Mar 2024
Certification Number: 1958959
View Credential
Dante Pro Labs (HackTheBox) – Aug 2023
Certificate ID: HTBCERT-AC7B9B1CCC
View Credential
Security+ (CompTIA) – Dec 2021
Candidate ID: COMP001021965250 – Verification: QLHESF9N9C1Q109P
View Credential
Cisco Certified Network Associate (CCNA) – Jun 2021
Cisco ID: CSCO14018602 – Verification: RRM5T2LN3K4QQCCH
View Credential
Trellix Certified Engineer
Qualys Certified Engineer
Tenable Certified Sales Engineer
Fortify Certified Partner Sales Specialist
View Credential