Page 1 of 2

Contact

ishaqzafar@gmail.com
+49 176 77522821
📍 Berlin, Germany
in linkedin.com/in/ishaqbukhari
ishaqzafar.com
github.com/keyboardMonkey

Core Competencies

Security Leadership & Strategy
Security Strategy Board Advisory Stakeholder Management Performance Management Trusted Security Advisor Building High-Performing Teams
Secure AI & Transformation
AI Risk Management Data Protection Responsible AI Secure AI Transformation
Platform & Application Security
DevSecOps Secure SDLC Threat Modeling Security Architecture Cloud-Native Security
Cloud & Infrastructure
AWS Azure Kubernetes IaC CI/CD Security
Compliance & Risk
NIST NIS2 GDPR PCI-DSS ISO 27001 EU AI Act
Security Operations
SOC SIEM DFIR Threat Detection Incident Response

Languages

English
Full Professional
German
A2
Syed Ishaq B.
Hands-on Security Leader | Secure AI Transformation Evangelist
Professional Summary

A passionate security leader with 14 years of Infosec experience integrating DevSecOps, Secure SDLC, and platform security into product-driven orgs. Built and scaled 3 large-scale sustainable security functions from ground up, covering AppSec, CloudSec, SOC, GRC, Datacenters and Corporate IT. Combines deep technical fluency in cloud-native architectures, offensive security, and AI risk management with a business-first mindset treating security as an innovation enabler v/s a gatekeeper. Trusted advisor to the leadership and boards on strategic risk, posture, and regulatory compliance across multi-country operations.

Work Experience
HelloFresh
World's leading meal-kit company, 8 brands, 10 million+ customers, 18 geographies.
6 yrs 2 mos
Director / Head of Information Security
Berlin, Germany · Hybrid
Jan 2025 — Present
1 yr 5 mos
  • Leading 7 globally distributed security teams (37 engineers and analysts) with accountability for security vision, strategic roadmap, and compliance posture (PCI-DSS, NIST, NIS2, ISO 27001, EU AI Act) across a multi-country e-commerce platform.
  • Driving platform-first security integration across the product lifecycle: architecting DevSecOps and Secure SDLC frameworks enabling rapid, secure feature velocity through automation and scalable guardrails.
  • Championing secure AI transformation: designing and securing AI capabilities across the business, addressing model risks, data protection, and responsible AI governance aligned with EU AI Act.
  • Serving as trusted security advisor to CTO, C-suite, and Board: delivering data-driven security metrics, strategic risk assessments, and actionable recommendations on security investments and resilience.
  • Establishing metrics-driven governance with standardized KPIs and board-level reporting; cultivating high-performing team culture emphasizing ownership, collaboration, and continuous improvement.
Cyber Security Tribe Lead
Berlin, Germany · Hybrid
Jul 2022 — Jan 2025
2 yrs 7 mos
  • Transformed security from a contractor-heavy squad into a sustainable Tribe with 5 specialized squads (Blue Team, Cloud Security, AppSec, GRC, IT Security), establishing clear ownership, mandate, and career growth paths while eliminating reliance on 3rd-party consultancy firms.
  • Pioneered product-driven security management: introduced dedicated Product Ownership function responsible for tribe vision, strategic roadmap, KPI trees, and security posture analysis across all HelloFresh Group brands.
  • Drove high-impact capability build-outs: stood up 24/7 SOC with detection engineering and threat hunting, launched bug bounty and security champions programs, and extended security coverage to production facilities and distribution centers.
Cyber Security Squad Lead
Berlin, Germany · On-site
Apr 2020 — Oct 2022
2 yrs 7 mos
  • Built HelloFresh's first AppSec program from scratch: CI/CD pipeline hardening with SAST/DAST/IAST integration, launched bug bounty program via Intigriti, established security champions network, and introduced threat modeling into the SDLC.
  • Secured multi-cloud infrastructure across AWS and Kubernetes: implemented cloud IAM governance, secrets management (Vault), perimeter hardening via CloudFlare (bot protection, rate limiting, API shield), and automated corrective actions against misconfigs.
  • Established vulnerability management program: pentesting cadence, supply chain/CVE scanning, and coordinated disclosure workflows; deployed initial SIEM capability with SumoLogic for continuous monitoring.
Reference: Andrew Wurster (Manager) · andrew@awurster.com · LinkedIn
Page 2 of 2

Education

B.S. Software Engineering
Riphah International University
2011 — 2015

Trainings & Certifications

GitHub Advanced Security
GitHub · 2025
AI Security Fundamentals
SANS Institute · Sep 2024
Certified Kubernetes Security Specialist (CKS)
The Linux Foundation · Mar 2022
AWS Certified Security – Specialty
Amazon Web Services · Jun 2021
Offensive Security Certified Professional (OSCP)
Offensive Security · Dec 2020
ISO/IEC 27001:2013 Lead Implementer
SGS Academy · 2016
Network Security & Digital Forensics
SANS Technology Institute · 2014–2016
CEH v9
EC-Council · 2015

Volunteering

Coding Mentor
Master School Berlin
2024 — Present
ERG Founder
HelloFresh Group
2023 — Present
Co-organiser
BSides Islamabad
2021 — Present

Honors & Awards

Outstanding Performer of the Year 2017-18
Outstanding Leadership Award 2016-17
Outstanding Performer of the Year 2015-16
Runner-up, Security Capture The Flag NUST, Islamabad · 2015
Dean's Award for Academic Performance Riphah Int'l University, Islamabad · 2014
Work Experience (continued)
Ebryx (Pvt.) Ltd.
Cybersecurity firm specializing in managed security, incident response, and threat intelligence.
5 yrs 2 mos
Manager Cyber Security Services
Lahore, Pakistan · On-site
Mar 2018 — Mar 2020
2 yrs 1 mo
  • Led the Managed Security Services division delivering DevSecOps, pentesting, and SOC/Blue teaming services.
  • Developed threat hunting playbooks using EDRs, PowerShell, Sysmon, Osquery, RITA, and Bro/Zeek, mapped to the MITRE ATT&CK enterprise matrix.
Lead Security Engineer
Lahore, Pakistan · On-site
Nov 2017 — Mar 2018
5 mos
  • Led DFIR operations: forensic log analysis, adversary detection R&D, and multi-incident triage using CrowdStrike, FireEye (HX, NX, EX), Carbon Black, and Azure Sentinel.
  • Conducted Digital Forensics Compromise Assessments for 10+ leading banks including the national payment gateway, proactively hunting the Lazarus group before they could execute a breach.
Security Analyst
Lahore, Pakistan · On-site
May 2015 — Nov 2017
2 yrs 7 mos
  • Performed 24/7 SOC operations, SIEM administration, sensor deployment, and network/host monitoring across UNIX and Windows environments.
  • Conducted pentesting of network services and developed SIEM correlation rules; generated incident reports and root cause analyses.
Associate Security Analyst
Lahore, Pakistan · On-site
Feb 2015 — May 2015
4 mos
  • Analyzed IDS/IPS alerts, firewall events, and SIEM logs across core network protocols to identify security threats.
Reference: Mustafa Qasim (Manager) · alajal@gmail.com · LinkedIn
Projects & Speaking Engagements
Zeek Agent (bro-osquery)
2017 — 2022
Endpoint monitoring tool for Linux and macOS that reports file, socket, and process events to Zeek (formerly Bro). Combines network and host monitoring with osquery integration. Contributed during tenure at Ebryx.
C++ C Zeek/Bro osquery Linux macOS
Automated DFIR Forensic Artifact Acquisition
2017 — 2020
Open-source toolkit automating the collection and analysis of digital forensic artifacts for incident response engagements. Built and maintained during Ebryx tenure.
Python PowerShell DFIR Forensics Automation
Learnings from the Codecov Breach
DACHSec Germany · Slides · Video
2022
Tales from the Trenches: A Cyber Brawl with an APT Group
BSides Islamabad · Slides · Video
2021
Breaking into Cybersecurity as a SOC Analyst
GISPP Academy · Slides · Video
2020