About Abdullah Kareem
From operational infrastructure to evidence-led offensive security.
I'm Abdullah Kareem, known as CyberKareem—an Iraq-based security researcher and penetration tester working across authorized application, API, mobile, infrastructure, identity, and coordinated vulnerability-disclosure engagements.
Operating context · 01
Operational reality changes how I test.
I began in electrical and IT engineering, moved through network operations, and then spent eight years working in enterprise technology and security at UNAMI. That background taught me to consider the environment around a finding—not only whether an issue can be exploited, but how the system is used, who depends on it, and how it can be fixed safely.
Today, I focus on penetration testing, public vulnerability research, and coordinated disclosure. The through-line remains practical: understand the system, validate impact carefully, communicate it clearly, and make remediation useful.
Career path · 02
From systems to security research.
More than a decade across IT, infrastructure, and security—shown without client-sensitive detail or volatile performance metrics.
- 01Apr 2026 — present
Penetration Tester
Ejabi InfoSec
Authorized security assessments, technical validation, and remediation-focused reporting within a peer-reviewed testing team.
- 02Feb — Apr 2026
Cybersecurity Specialist
Smart Oasis Company
Network and identity assessment, vulnerability management, security monitoring, and security-by-design review.
- 03Dec 2017 — Dec 2025
IT & Telecommunications Specialist
United Nations · UNAMI
Eight years supporting multi-site enterprise infrastructure, identity modernization, network operations, security response, and staff awareness.
- 042014 — 2017
Infrastructure foundation
NOC, IT engineering, and technical operations roles
Hands-on work across LAN/WAN operations, network monitoring, enterprise systems, and electrical and IT engineering environments.
Education · 03
Technical depth with an engineering foundation.
MSc Information Security & Digital Forensics
University of East London
Sep 2025 — expected Dec 2026 · in progressMSc Information Technology · Cybersecurity focus
University of the People
Apr 2024 — Aug 2025BSc Electrical & Electronics Engineering
2011 — 2015
Public credentials · 04
Selected, publicly verifiable credentials.
- Certified Information Systems Security Professional · CISSP
- Hack The Box Certified Penetration Testing Specialist · CPTS
- Project Management Professional · PMP
This is a selected set, not an exhaustive certification inventory. Current issuer evidence is available through the linked public profiles.
Publication standard · 05
The same evidence rule applies here.
Public identity should be useful and verifiable without exposing clients, employers, or private research.
- 01
Research claims link to a primary public advisory or vendor record.
- 02
Client and employer work remains generalized unless publication is explicitly cleared.
- 03
Dynamic ranks and totals are dated or linked instead of presented as permanent facts.
- 04
Tools are described by demonstrated behavior and limitations—not broad assurance labels.
Ongoing practice · 06
Labs remain part of the work.
Current platform activity is linked instead of frozen into changing ranks and completion totals.
Context · evidence · remediation
Bring the security question into a defined scope.
For an authorized assessment or advisory conversation, start with the system, desired outcome, and authorization owner—not sensitive target details.
Discuss an assessment