The first focused dedicated AI company in the maldives focusing on solving language problems focusing Thaana/Dhivehi. Our aim is to make it innovative, affordable and inclusive even for the disabled community. We hope to solve accessibility problems in the long run and creating a positive impact on the society.

I am responsible for the vision and growth of the company. We initially started our base of operations in Maldives and now we are expanding to the SAARC Region as a MSSP for 2024. My keen interest is constant innovation and responsible for driving the R&D unit which at the moment focuses on hardware security (pcb), cyber threat intelligence, kernel security and artificial intelligence. We build proprietary technologies on top of our OEM partner ecosystem products to support channel partners in leveraging cyber security and automations. Oxiqa is also a SaaS company with some commercial products as well.

I was hired as a cyber security consultant primarily for ensuring the security of the maldives electoral process for Presidential elections 2023 and Parliamentary Elections 2024. My primarily responsibility was to propose and assist in the implementation of cyber security controls with a very minimal budget. I was also tasked to assist in the migration of cloud infrastructure to the internal network and ensuring the security of these critical systems and uptime. I was also responsible for designing and implementing ELK Stack for the infrastructure and implement alerts for various kinds of anomalies. The bigip F5 AWAF was also my sole responsibility on the design and implementation after ensuring the security audits (pentest) of the applications. During the Election Day, I was primarily responsible to be on site 24/7 to ensure proactive security and lead the security incidents and remediate all cyber incidents.

I’ve had my fair share of representing the government in various forums and technical high level meetings. During my tenure I was mostly responsible for architecture reviews, egovernment application penetration testing, recommendations at policy level for cyber security, assist in drafting cyber security legislation, educate and awareness for policy makers. I’ve done over more than 100+ web application layer penetration testing.

The organization had a human capacity vacuum and suffered a major downtime of few days due to mismanagement. I was requested to temporarily assist although it became a permanent role later. My sole responsibility was training and creating human capacity. I had to oversee and create a technical working structure and go out of my field of cyber security.My primary focus was training system engineers to get familiar with virtualization, enterprise SAN architecture (iSCSI and FC), decommissioning old infrastructure and organizing the national data center processes, migrations etc. When I took tenure there was several legacy infrastructure, undocumented or poor implementations in virtualization, several pending national data center projects which were already procured few years back. This was one of my most stressful undertaking as it was extremely difficult as the processes were also outdated along with the technology and the hardware with several misconfigurations which can cause unintended downtime during maintenance. The first task was to identify all the misconfigurations and fix them and migrate all the legacy infrastructure which include legacy operating system and virtualization. The next difficult undertaking was lack of human capacity and having to train engineers and providing a leadership role at the same time while undertaking such stressful migrations. I also had to oversee the national computer network and create separate NCN teams, while also ensuring adequate staffing to manage and support entire infrastructure which also included the border control systems. I was also tasked with overseeing the cyber security team and trained engineers during my tenure to support the ict agency. At this time I also had to lead several high profile cyber security APT gov incidents.It was also one of my proud undertaking as I was able to build an excellent team and who were able to take leadership on their own and handle maintenance tasks without any downtime.

During this tenure my work was pretty limited and I was only utilized 30% and that was for only penetration testing. I spent most of my time on r&d and upskilling myself. At the same time I did bug bounty for Facebook, Microsoft etc and reported vulnerabilities in local telecoms and several other companies. I also did occasionally engage in incident response although my skills were limited at this time. Besides that I also did pentests for other sensitive government agencies upon request. I was tasked with implementing a transparent IDPS during presidential elections 2013 which was extremely stressful as there was several communication gaps with the ICT agency and elections commission. I used pfsense with snort and snorby for dashboards which was running on a virtualized server with the two instances. I had to learn to manage my stress without giving up as there was political unrest and it was an unsafe working environment.

The key tasks were to break apps and help fix them.

Vulnerability assessment and penetration testing of the internet banking web and mobile applications.

* blackbox Vulnerability Assessment & Penetration Testing for Internet Banking (ebanking)* BML MobilePay (app) reverse engineering & penetration testing* Whitebox Internal Network Penetration Testing* Whitebox Core Banking Vulnerability Assessment & Penetration Testing