Each year we survey the Cobalt Core, our pentester community, to hear who they enjoyed working with the most. We like to do this to gain insights on who our community values working with and why.
We describe our community as a group of exclusive pentesters with exceptional skills in collaboration, teamwork, technical expertise, and professionalism. What we end up finding out through end-of-the-year surveys, like this one, is that our pentesters share the same values in their Core colleagues. When someone notes why they enjoyed working with another pentester it always comes down to three key qualities: collaboration, technical skills, and overall positive community impact.
Meet the pentesters who were nominated by their peers for possessing these traits and more:
Andreea Cristina Druga | Adruga
Andreea is a pentester with over five years of experience in the security space. She has a Master's in IT&C Security and holds several security certificates including CEH, OSWP, OSCP, and OSCE. Her expertise is in web applications, APIs, console, and mobile applications with a passion for code review (C++, C#, Java). Areas she is currently digging deeper into include reverse engineering and exploit development areas.
She was highlighted for her clear, concise, and efficient communication style. Her pentest peers commented on her professionalism, supportive team spirit, and advanced technical expertise. They mentioned her collaboration on issues and her ability to divide and conquer a pentest target.
What her peers said:
“Andreea is a natural leader, with strong team and customer communication skills during engagements. Her clear, concise, and supportive approach sets a pentest up for success from the start.”
“I had an opportunity to work with Andreea and I felt it was my pentest of the year. Together, we found over 30 vulnerabilities on the target. She was very supportive and was constantly contributing in every way to make the team successful. I hope that I’ll have many more opportunities to work with her.”
Dragos Ionica | Dionica
Dragos has more than seven years of experience in the cybersecurity field, working as a pentester and bug bounty hunter with expertise in web application and infrastructure security testing. In the past, he worked as a senior cybersecurity consultant for industries including financial services, healthcare, telecommunications, retail, and entertainment. In addition, Dragos is certified in RTO, OSCP, OSWP, OSCE, OSWE, GWAPT, GPEN, and GXPN.
His peers commented extensively on Dragos’s speedy communication, supportive nature, team-focused approach, and technical abilities. They highlighted his collaborative nature, positive attitude, fast responses, and technical skills.
What his peers said:
“Dragos is a skilled pentester who is always looking to assist the team in whatever way he can. He is helpful, responsive, knowledgeable, and skilled at triaging reports”
“Dragos takes a teamwork driven approach to pentesting and it made our engagement fun.”
Aditya Agrawal | Exploitprotocol
Aditya is an application security consultant with over five years of experience. He has experience and expertise in web applications, mobile applications, OSINT, and External Network Pentest. In addition, he has authored popular projects like Pentestbox (pentestbox.org), Appie, AppSecWiki.com.
The Core praises Aditya for his customer communication skills, technical skills, and ability to convey coverage. They mentioned that he is excellent at finding unique findings that encourage different approaches to testing and leave his peers thinking in innovative ways.
What his peers said:
“His attention to detail, quality of team updates, quality of findings, and customer-pentester communication is top-notch. I have learned a lot and improved myself over the years from him.”
“Aditya has become a role for me in terms of how to perform a great, collaborative, and communicative pentest. He is thorough in his team updates, produces quality findings, ensures maximum coverage, and maintains a very healthy conversation with the customer.”
Jesus Espinoza | Jespinoza
Jesus Espinoza is an IT security consultant with over 3 years of experience in the security space. He is a bounty hunter and PHP Programmer interested in making process automation tools in his spare time. Jesus loves all things web security and is currently working towards the prestigious eWAPTX v2 certification provided by eLearnSecurity.
Jesus’s pentester peers mentioned that his upbeat attitude, drive, and technical abilities make him a pleasure to work with. They note that his out-of-the-box thinking approach always turns into impressive results and his team oriented collaboration makes him great to work with.
What his peers said:
“He understands the necessary level of commitment that must exist in each project and the quality of his work and findings are excellent. He always goes for more and is constantly looking for ways to improve himself everyday.”
“Jesus always has an upbeat attitude and is super collaborative during the engagement. He also impressed me with his out-of-the-box thinking and quality findings.”
Stefan Nicula | Snicula
Stefan Nicula is a threat researcher and pentester with over five years of experience. His areas of expertise are in penetration testing, malware analysis, reverse engineering, and exploitation techniques. With a passion for Windows internals, vulnerability research, exploit development, and mitigation techniques. He has around five years of pentesting experience and is currently pursuing his Ph.D. in Information Security.
This is the second year in a row that Stefan was nominated by his peers. Similar to last year, his peers continue to celebrate his leadership, technical skills, and professionalism.
What his peers said:
“He is probably the best technical writer out there with solid technical knowledge ranging from Web to Internal Network pentesting. You name it and Snicula will deliver outstanding results. I’ve learned a lot from him.”
“He is super professional, a master of multiple proficiencies, and has impeccable communication skills– both with the customer and the teams he leads”
2020 was an intense year for the entire world but with the help of our pentester community we were able to continue to deliver quality pentest and support the security community. Huge thank you and shoutout to the Cobalt Core – looking forward to 2021 and beyond!