Security Analyst · Penetration Tester · Investigator

Htet Aung

Hacker. Investigator. Security Analyst.

Over two decades of experience finding what others miss — across networks, systems, applications, and the human patterns behind them. Working with ISECOM and Akiya Research Limited on security engagements across the US, Japan, and Europe.

"One of the most engaging and motivated security professionals I've ever had the pleasure of working with."

— Pete Herzog, Creator of OSSTMM, Co-Founder of ISECOM
OSSTMM OPST Certified Penetration Testing OSINT Digital Forensics MBA
Get in touch
Htet Aung
About

Built on two decades of real-world security work

I've spent over two decades finding my way through systems — networks, infrastructure, applications, and the human patterns behind them. What started as system and network administration grew into something I didn't have a word for at first. Pete Herzog, the creator of OSSTMM, gave me that word: hacker.

Not in the headline-grabbing sense. In the truest sense. Someone who looks at a problem from every angle until the system yields. And when it does, I feel energized. That feeling is what drives everything I do.

As a Security Analyst with ISECOM and CTO of Akiya Research Limited, I've led penetration tests for clients across the US, Japan, and Europe — including financial firms, AI companies, and international sports organizations — always under the structured discipline of OSSTMM methodology.

Some of my most meaningful work has happened in the spaces between job titles. Building an early agentic email processing system before AI pipelines had a name. Solving an anonymous identity investigation in under 24 hours that a professional firm couldn't crack in two weeks. These aren't things I was hired to do. They're things I couldn't not do.

"Htet is one of the most engaging and motivated security professionals I've ever had the pleasure of working with. He takes initiative and does the work above and beyond what is expected... He is exactly the kind of person anyone would want to employ for their team."

— Pete Herzog, Creator of OSSTMM, Co-Founder of ISECOM

I hold an MBA from European International University and an OPST certification, and I've contributed to Hacker Highschool — a Microsoft-sponsored security education project — helping build security awareness across communities worldwide. I am based in Yangon, Myanmar, where I continue to pursue research-driven security work with international reach.

20+
Years experience
3
Continents served
24h
Culper solve time
OPST
Certified tester
Offensive Security
Penetration Testing OSSTMM Web App Testing Network Security System Hardening
Investigation & OSINT
Digital Forensics OSINT Metadata Analysis Threat Intelligence
Infrastructure
Network Architecture Cisco Windows Server Cloudflare AWS
Development & Tooling
Python Bash API Integration Burp Suite Nmap
Selected Work

Cases that required more than a checklist

Case 01 · 2021 · OSINT Investigation

Revealing the Founder of Culper Research

Anonymous Identity Investigation · ISECOM / Urvin AI

A US-based client needed to identify the person behind an anonymous short-selling research firm. A professional investigation company had already failed after two weeks. The task was completed in under 24 hours using PDF metadata analysis and open-source intelligence.

OSINT Metadata Forensics Digital Investigation ExifTool
Read case study

"The client first paid a big investigation company to do the job and they failed after 2 weeks of trying. We did it in less than 24 hours."
Case 02 · 2026 · Penetration Test

Web Application Security Assessment — Service Stories

API & Authentication Security · OSSTMM v4

Full-scope penetration test of a US SaaS platform covering API authentication, token lifecycle, user enumeration, and infrastructure exposure. Identified a high-severity account takeover vulnerability (CVSS 8.1) and five additional findings, followed by a re-test validating remediation.

Web App Pentest API Security OSSTMM v4 JWT / OAuth Burp Suite
Read case study

Critical account takeover via non-rotating refresh tokens. CVSS Base Score: 8.1 — High severity.
Case 03 · 2020 · Prototype Build

Early Agentic Email Processing System

AI Pipeline Engineering · Akiya Research / ISECOM

Before LLM pipelines had a name, built a working agentic email system that received forwarded emails, extracted intent, routed requests to an AI disambiguation engine, and returned structured responses to users — fully automated, end-to-end. Delivered under pressure in under 72 hours.

Python Email Automation AI Integration Agentic Pipeline
Read case study

"That's how a hacker works. We knew this wouldn't be an easy task when we asked you to do it, but you kept at it until you figured it out and made it work."
Case 04 · 2025–2026 · Penetration Test

Web Application Security Assessment — Plia

Session Management · XSS · CVE Analysis · OSSTMM v3

Eight findings across a SaaS asset management platform — including Stored XSS, high-severity CVEs, and session authentication flaws. One finding was challenged by the client's AI reviewer and successfully defended on technical grounds. RAV score: 88.9, reducible to 98.6 after remediation.

OSSTMM v3 XSS Session Management CVE Analysis RAV Scoring
Read case study

Finding challenged by client's AI reviewer. Technical argument presented. Developer confirmed: "The penetration tester is correct on both counts."
Recognition

What others have said and trusted

LinkedIn Recommendation — Pete Herzog

"He has clearly been a huge asset to ours. I don't write many recommendations so me doing this just shows that I highly recommend Htet."

ISECOM · Creator of OSSTMM

Ackcent Red Team — Barcelona FC Pentest

When Pete mentioned Htet's team to the Ackcent red team, they responded: "Starry's not a junior! They all thought you were a high-level hacker."

Ackcent Cybersecurity · Spain

Hacker Highschool — Microsoft Sponsored

Co-authored Lessons 13 and 14 (Hacking and Defending Windows 10) for the Hacker Highschool project, sponsored by Microsoft and distributed globally.

ISECOM · Microsoft · Global

European Digital Week — Guest Speaker

Invited as a guest speaker at the International Cybersecurity and Digital Services Protection Conference, part of the European Digital Week virtual event hosted by Ditech Media.

Ditech Media · September 2020

Client Response — Culper Investigation

"The Urvin client is really happy with our work finding that guy. BTW, the client first paid a big investigation company and they failed after 2 weeks. We did it in less than 24 hours."

Pete Herzog · ISECOM · 2021

Hacker Highschool Myanmar Community

Founded and actively runs the Hacker Highschool Myanmar Community, translating open-source security education into Burmese and building the next generation of security professionals in Myanmar.

ISECOM · Myanmar · Since 2014
Contact

Let's work together

Available for remote security engagements, penetration testing, OSINT investigations, and consulting work with international teams. Response within 24 hours.

✉ Send an email LinkedIn Profile