Mo Ashouri

• • Information Security Governance: ISO/IEC 27001 readiness assessments, ISMS design, gap analysis, risk register development, and security policy documentation aligned with enterprise audit standards

• • Penetration Testing and Ethical Hacking: Led pen testing and red team engagements across web applications, APIs, cloud infrastructure, and Kubernetes deployments; RBAC auditing and container hardening reviews

• • Security Incident Management: Senior escalation point for high-severity incidents; coordinated cross-functional response, root cause analysis, and post-incident remediation across enterprise environments

• • Vulnerability Research & Fuzzing: Built an LLM-assisted mutation fuzzer combining source-code analysis with AFL++ to synthesize targeted test cases; confirmed multiple zero-day findings with CVE submissions

• • AI and LLM Security: Prompt injection assessments, AI chatbot safety reviews, and MCP security evaluations; neural network and transformer threat modeling

• • Cryptography and Encryption: Applied protocol review covering ECC (Schnorr signatures), hash functions, homomorphic encryption, zk-SNARKs/STARKs, and TLS/PKI hardening

• • JVM Security: Security audits for Java Virtual Machine components; automated testing frameworks; led secure coding standards and remediation prioritization

• • Systems security research with primary focus on Rust, Golang, and C++ in industrial and embedded security contexts

• • Security analysis of Rust compiler toolchain — large-scale performance and memory safety evaluation (USENIX HotEdge 2020)

• • Developed and evaluated fuzzing frameworks targeting systems-level software written in Rust and C++, with emphasis on industrial protocol parsers and network services

• • Security assessment of Golang-based systems: race condition detection, memory safety analysis, and secure concurrency patterns

• • Applied vulnerability research to industrial security topics including embedded firmware, network protocol security, and low-level systems programming

• • Collaborated with faculty and research groups on secure systems design and automated vulnerability detection tooling

• • Senior software engineering across embedded systems and semiconductor software stacks

• • Internal security audits covering software security, access control, and vulnerability assessments

• • Security policy development and enforcement across development teams

• • Collaborated with cross-functional teams on secure coding standards and software quality frameworks

• • Security findings reporting to management and contribution to IS risk register