Microsoft Certified: Cybersecurity Architect Expert
Microsoft
Offensive Security Researcher
Sahil Ojha
I help organizations find the weaknesses in their applications and cloud before a real attacker does, then turn those findings into clear fixes a team can act on with confidence.
18+
CVEs
published
published
About
I break things carefully, so they cannot be broken carelessly.
Hi, I am Sahil Ojha, and I have spent my career on the offensive side of security. I study applications, cloud environments, and network infrastructure the way a determined attacker would, then translate what I find into clear, prioritized fixes that a team can actually ship.
Along the way I have reported more than eighteen CVEs across security software, communications platforms, and cloud services, and I hold certifications spanning Microsoft, Google Cloud, AWS, and red team operations. Lately I have been bringing AI and autonomous agents into security operations, so the slow and repetitive parts of testing can keep pace with how quickly software ships today.
Whether the goal is a focused penetration test, a full red team engagement, or a second set of eyes on your cloud posture, I aim for the same outcome every time: fewer surprises, and a security program you can trust.
Experience
Years of building and breaking things
2024
Confidential
Currently doing security engineering, leading operations, and driving AI implementations
2022
Senior Application Penetration Tester
Eminence Ways
2021
Security Researcher
Vairav Tech
Credentials
Certifications that back the work
Current industry certifications across cloud security, red teaming, and information security management.
Certified Red Team Professional (CRTP)
Altered Security
Professional Cloud Security Engineer
Google Cloud
AWS Certified Security Specialty
Amazon Web Services
ISO 27001:2022 Lead Auditor
International Register of Certificated Auditors (IRCA)
Microsoft Certified: Azure Security Engineer Associate
Microsoft
Education
Academic foundation
Master of Science, Cybersecurity Operations
Webster University
Concentration in Cybersecurity Operations Management
Grade point average of 3.7
Bachelor of Science, Computer Networking and IT Security
London Metropolitan University
Graduated with a final grade of 81.39 percent
Vulnerability research
Published CVEs and advisories
Eighteen CVEs I discovered and disclosed responsibly across security software, communications platforms, and AI tooling.
CVE-2023-33730CriticalPrivilege
Escalation
CVE-2025-5352HighStored XSS ·
Lunary AI
CVE-2023-31702HighSQL Injection
CVE-2023-37596HighCross Site Request
Forgery
CVE-2023-37597HighCross Site Request
Forgery
CVE-2023-37599HighBroken Access Control
CVE-2023-31703MediumReflected XSS
CVE-2023-33731MediumReflected XSS
CVE-2023-33732MediumReflected XSS
CVE-2023-34835MediumReflected XSS
CVE-2023-34836MediumReflected XSS
CVE-2023-34837MediumReflected XSS
CVE-2023-34838MediumStored XSS
CVE-2023-34839MediumCross Site Request Forgery
CVE-2023-37189MediumStored XSS
CVE-2023-37190MediumStored XSS
CVE-2023-37191MediumStored XSS
CVE-2023-37598MediumCross Site Request Forgery
Responsible disclosure
Companies I have helped secure
A selection of organizations whose vulnerabilities I discovered and reported ethically, through their official security and bug bounty programs.
Apple
Microsoft
Alibaba
inDrive
GYMSHARK
ZEBRA
Issabel
eScan
Every finding was reported privately and resolved before any public disclosure.
Let's Work Together
Looking for someone to pressure test your security?
I take on penetration testing, red team, and cloud security engagements, along with focused advisory work. Tell me what you are building and I will tell you where it is exposed.