VP, Cybersecurity Strategy & WAAP Product
Link11 GmbH
Building WAAP product from the CISO's side of the table. Translating a decade of defending web & API architectures into the product a European security team actually wants to buy.
About
A cybersecurity leader who builds scalable security organizations by engineering cloud-native defense architectures. I bridge deep technical execution and board-level risk management — the leverage point between the grit of the SOC floor and the framing of a boardroom conversation.
How I think
Three takes I'll defend.
Security looks like a cost center because it lets itself.
Most security leaders complain that the executive team doesn’t see the value. Honest answer: that’s their failure, not the executive team’s. A good security function is operational excellence — time, money, and depth defended every day, mostly invisible. Think of a fighter pilot in a war. The pilot is the only person anyone sees. But it took the engineers, the runway crew, the weapons team, the researchers — months of rigor and repetition — to put that one person in the sky to fight. Management isn’t going to discover that team. Why should they? They’re paid to ask one question: did we win?
So if you’ve got the operational depth and you’re still seen as cost, you’ve got a visibility problem. Not a value problem. Talk about the IR playbook your engineer wrote — and that it now blocks attack X in two minutes, automatically. Ship a monthly defensive-uplift report. Make the kanban visible. Make every member of the crew visible — not just the one who ran the playbook at eleven on a Sunday night.
Compliance is hygiene or it’s theater. There’s no middle.
Paper compliance looks like 99 of 100 boxes ticked. Then a hands-on practitioner goes one layer deeper into access management and finds four teams handing out permissions four different ways — none of which match the process you wrote up for the auditor. The policy passed. The practice never changed.
Why this happens isn’t mysterious. It takes technical depth to even find the four silos, and most security teams don’t have it. Then it takes a leader willing to pick a fight with all four — to design a process that’s coherent to policy and workable across teams — which is harder still. The path of least resistance is to write the policy, pass the audit, and call it done.
Management then gets the worst possible signal: the first cert was cheap. So the next one will be too. The badges go on the website. The leader keeps selling certifications. The four teams keep doing what they’ve always done. The realization that paper compliance was actively worse than no compliance arrives only after the incident. That’s the bill.
AI in defense rewards the curious. Everyone else falls behind.
Good security minds are paranoid. Great ones are paranoid and curious and willing to tinker. AI is the technological shift that reveals which kind you have. The voices saying “that sounds dangerous, we don’t have a policy for it yet” are about to age out of the field — and they should.
We’ve seen this movie. We were paranoid about cloud. We wanted the castle-and-moat back because on-prem had a clean perimeter. That stance lost. Cloud security got invented around the new shape, and now the same controls applied to on-prem look like running Windows 98 in the era of macOS Tahoe.
AI is moving faster. Running a business is becoming cheaper. The “we don’t have headcount” excuse is gone — what’s stopping security teams from spinning up agents and deterministic automations to clear the backlog of golden processes? Nothing, except the willingness to learn.
The curious will skill up, and they’ll shape how AI security gets done. Everyone else — the ones still drafting the policy that says you can’t use it — will become the cautionary tale.
Career
Lahore to Berlin, by way of detection rooms, IaC, and a combined 16-person org.
Sr. Director, Infrastructure & Security (CISO)
Moonfare GmbH
Joined as first security hire. Built the security function to 7 engineers across Detection, AppSec/OffSec, Cloud Security, and InfoSec. In 2024–2025, scope expanded to include Enterprise IT and DevOps, bringing the combined function to 16. Led Moonfare to ISO 27001 in 2024, improved posture 300%, cut AWS spend 50%+ via architectural redesign, and spun up a company-wide AI governance program.
- Built security org to 7 engineers; scope later expanded to lead a combined 16 across Security, IT, and DevOps
- ISO 27001 certification, top-tier audit result
- Monthly security ops report as a management artifact: attacks thwarted, MTTR/MTTD, business cost avoided
- Led multiple incident response engagements end-to-end
Progression within Moonfare
Lead Security Engineer
Aug 2021
6 mos
Sr. Security Manager
Feb 2022
1 yr 8 mos
Director of Security (CISO)
Oct 2023
2 yrs
Sr. Director, Infra & Security (CISO)
Sep 2025
5 mos
Senior Security Engineer
HelloFresh Group
Investigated and mitigated the Codecov supply-chain incident (among others), earning company-wide recognition for response quality. Shipped Python/Docker/Terraform tooling that reshaped forensic speed, and built a custom vulnerability management CLI integrating Jira + GitHub across 1,000+ repos.
The move January 2019
PK → DE Lahore → Hamburg
DevSecOps Engineer
About You SE & Co. KG
Wrote IaC — Ansible, Terraform, CloudFormation, Packer — to deliver security-hardened AWS infrastructure for an enterprise e-commerce PaaS. Built deployment pipelines with health checks, security rulesets, and guardrails embedded directly as code.
Senior Security Engineer (MSSP / SOC)
Ebryx (Pvt.) Ltd.
Worked 24/7 SOC floors. Engineered detection playbooks and SIEM correlation rules against MITRE ATT&CK for IOC hunting and anomaly detection. Embedded as resident security engineer for core clients — built custom AWS monitoring on CloudTrail, VPC Flow Logs, and GuardDuty that became backbone infrastructure at Careem/Uber MEA.
- Detection engineering + SIEM correlation at MSSP scale
- Cloud posture analysis across 50+ AWS accounts at Careem
- On-site incident investigations and network pentests in Karachi
Progression within Ebryx
Associate Security Engineer
Aug 2015
6 mos
Security Engineer
Feb 2016
1 yr 5 mos
Sr. Security Engineer
Jul 2017
1 yr 6 mos
B.E., Computer Software Engineering
National University of Sciences & Technology (NUST)
Where hands-on network security — pfSense, Untangle, L0phtCrack, John the Ripper — pulled me out of traditional dev and into cyber for good.
Moments
Stories behind the timeline — the parts worth telling.
A moment
01 of 03
Supply chain — twice, two hats
Different hats. Same muscle.
Supply-chain incidents are a leadership test more than a technical one — you can do all the IR right and still fail if your communication and prioritization are off.
First as the engineer leading technical response to Codecov at HelloFresh. Later as CISO at Moonfare, coordinating response to a third-party incident where a business counterparty’s breach created potential exposure on our side. Different technical profiles, same operational problem: scan fast, scope impact accurately, brief the board honestly, don’t let the noise derail the business.
I’ve come to think of supply chain as the most under-rated part of the threat model — and the part that’s hardest to run well when everyone’s already tired.
A moment
02 of 03
Moonfare — first hire to 16
Cyber, my way.
I wanted to know exactly why I should do X control before doing it, how it fits in the big picture, and build security as a function that moves the business forward instead of reacting to it.
Started with a small senior team — OffSec+AppSec, Detection & Enterprise Security, InfoSec, Cloud — and a clear thesis: onboard an MSSP for SIEM and detection from day one so internal engineers could focus on hardening, vulnerability management, IAM, and policy. Grew mid-level engineers on both red and blue sides over the next two years. Got Moonfare to ISO 27001 in 2024. The security team grew to 7 engineers across both sides: detection and enterprise security, application and offensive security, cloud and infrastructure security, and information security. In 2024–2025 the scope expanded — DevOps (5) and IT (4) joined under me, bringing the combined function to 16.
The artifact I’m most proud of isn’t a tool — it’s the monthly security ops report. Attacks thwarted. Where they came from. MTTD and MTTR. Business cost avoided. Translating operational security into language the rest of the company could actually read.
A moment
03 of 03
Careem — embedded, Lahore & Karachi
Resident engineer, 50+ AWS accounts.
Careem became my employer's client after a security incident. I got loaned out to build their detection capability from scratch.
Set up detection, ran cloud security posture analysis across 50+ AWS accounts, built CloudTrail rules and detection logic that later became the backbone of their SOC. Helped with several incident investigations, did on-site network pentests at their Karachi office, and worked alongside some of their best engineers.
Being embedded — sitting with a customer, inside their environment, at breach volume — teaches you something you can’t learn in an MSSP seat: security as a thing that happens inside someone else’s business, on their clock, with their priorities on your shoulders. Most of what I know about CISO-side tradeoffs started here.
Credentials
Two tracks, on purpose.
Leadership
What made me credible in a boardroom.
- GSTRT — GIAC Strategic Planning, Policy & Leadership
- CISM — Certified Information Security Manager (ISACA)
- GSLC — GIAC Security Leadership Certification
- GIAC Advisory Board Member
Technical
What keeps me honest in engineering conversations.
- GCSA — GIAC Certified Cloud Security Automation · SANS SEC540 Cloudwars Challenge Coin Winner
- AWS Certified Security — Specialty
- CDP — Certified DevSecOps Professional
- AWS Solutions Architect — Associate
Education
B.E., Computer Software Engineering
National University of Sciences & Technology (NUST), Islamabad · 2011–2015