> whoami
Hi, I'm Ishan Nim — a cybersecurity enthusiast with a sharp focus on offensive security, ethical hacking, and red teaming. I currently lead the Security Research and Analysis Team at S-Pool Inc. in Tokyo, where I dive deep into threat landscapes, vulnerability analysis, and exploit development.
I'm passionate about the darker corners of the internet — from deep/dark web monitoring to payload crafting and adversary simulation. Whether it's developing custom payloads, exploring underground forums, or simulating real-world attacks in red team engagements, I thrive in environments that challenge the limits of security.
I believe in learning by doing and sharing what I learn. I'm active in the infosec community and always looking to connect with others who are just as curious and relentless about cybersecurity.
> career_path
Head of Security Research & Analysis
Leading a team of security researchers focused on threat intelligence, vulnerability analysis, and exploit development. Developing custom red team methodologies and tools for adversary simulation. Conducting deep/dark web monitoring operations and advanced payload engineering.
Security Researcher & Penetration Tester
Led penetration testing engagements for client applications and infrastructure. Researched and documented new attack vectors and exploitation techniques. Developed automated security testing tools and frameworks. Provided security training and awareness programs to technical teams.
Offensive Security Specialist
Conducted red team exercises and adversary simulations for enterprise clients. Engineered custom malware and payloads for targeted assessments. Performed vulnerability research and developed exploits for identified weaknesses. Implemented security automation workflows and tools.
> education
# Formal Education
ICBT Campus
Fukuoka International Academy
西日本アカデミー
# Certifications
Cisco Cybersecurity Specialist (CCS)
Cyber Security Professional Certificate CSFPC
Ethical Hacking Professional (CEHPC)
Generative AI Professional Certification (GAIPC)
CIS Critical Security Control
JLPT Japanese-Language Proficiency Test N3
JLPT Japanese-Language Proficiency Test N5
CEH Master
Certified Ethical Hacker (CEH)
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
Linux Essentials Certification
> ls -la projects/
CVE Feed Translator
An automated tool that monitors CVE feeds, analyzes vulnerability details, and translates technical details into actionable intelligence for security teams.
LLM Pentest Lab
A testing environment for evaluating security vulnerabilities in large language models, including prompt injection attacks and data extraction techniques.
DarkWeb Monitor
A monitoring system that scans dark web forums and marketplaces for mentions of specific keywords, data leaks, or company information.
Payload Forge
A framework for creating and testing custom payloads for red team engagements with evasion techniques against common security controls.
Supply Chain Threat Analyzer
A tool to analyze software dependencies and identify potential security risks in the software supply chain.
Cloud Security Scanner
An automated security scanner for cloud environments that identifies misconfigurations and security vulnerabilities across multiple providers.
> cat articles/recent
Breaking Down LLM Security: Vulnerabilities in Modern AI Systems
An in-depth analysis of security vulnerabilities in large language models and how red teams can exploit them during security assessments.
The Art of Payload Engineering: Evading Modern EDR Solutions
Technical deep dive into advanced payload development techniques that can bypass endpoint detection and response systems.
OWASP API Security: Top 10 Vulnerabilities in 2025
A detailed examination of the most critical API security risks according to OWASP, with practical examples and mitigation strategies.
Threat Hunting with OSINT: Following Digital Footprints
Leveraging open source intelligence gathering techniques for proactive threat hunting and attack surface discovery.
Automating Security: Building Your Own Red Team Toolkit
A guide to developing custom security automation tools for modern red team operations and offensive security assessments.
Supply Chain Attacks: The Hidden Threat to Modern Software
Examining the rising trend of supply chain attacks, their impact, and strategies for defending your organization's software supply chain.
AIセキュリティの重要性
現代のAIシステムにおけるセキュリティの重要性と、組織がAIセキュリティリスクを軽減するための戦略について詳しく解説します。
ダークウェブモニタリング
ダークウェブのモニタリング手法と、企業のデータ漏洩やセキュリティ脅威を検出するための戦略について解説します。
アプリケーションセキュリティのための6ステップロードマップ
アプリケーションセキュリティを段階的に向上させるための包括的なロードマップを提供します。
> contact --secure
Let's Connect
I'm always interested in connecting with fellow security professionals, discussing new techniques, or exploring potential collaborations. Feel free to reach out through any of these channels.