About Abdullah Kareem

From operational infrastructure to evidence-led offensive security.

I'm Abdullah Kareem, known as CyberKareem—an Iraq-based security researcher and penetration tester working across authorized application, API, mobile, infrastructure, identity, and coordinated vulnerability-disclosure engagements.

Operating context · 01

Operational reality changes how I test.

I began in electrical and IT engineering, moved through network operations, and then spent eight years working in enterprise technology and security at UNAMI. That background taught me to consider the environment around a finding—not only whether an issue can be exploited, but how the system is used, who depends on it, and how it can be fixed safely.

Today, I focus on penetration testing, public vulnerability research, and coordinated disclosure. The through-line remains practical: understand the system, validate impact carefully, communicate it clearly, and make remediation useful.

Career path · 02

From systems to security research.

More than a decade across IT, infrastructure, and security—shown without client-sensitive detail or volatile performance metrics.

  1. 01
    Apr 2026 — present

    Penetration Tester

    Ejabi InfoSec

    Authorized security assessments, technical validation, and remediation-focused reporting within a peer-reviewed testing team.

  2. 02
    Feb — Apr 2026

    Cybersecurity Specialist

    Smart Oasis Company

    Network and identity assessment, vulnerability management, security monitoring, and security-by-design review.

  3. 03
    Dec 2017 — Dec 2025

    IT & Telecommunications Specialist

    United Nations · UNAMI

    Eight years supporting multi-site enterprise infrastructure, identity modernization, network operations, security response, and staff awareness.

  4. 04
    2014 — 2017

    Infrastructure foundation

    NOC, IT engineering, and technical operations roles

    Hands-on work across LAN/WAN operations, network monitoring, enterprise systems, and electrical and IT engineering environments.

Education · 03

Technical depth with an engineering foundation.

  • MSc Information Security & Digital Forensics

    University of East London

    Sep 2025 — expected Dec 2026 · in progress
  • MSc Information Technology · Cybersecurity focus

    University of the People

    Apr 2024 — Aug 2025
  • BSc Electrical & Electronics Engineering

    2011 — 2015

Public credentials · 04

Selected, publicly verifiable credentials.

  • Certified Information Systems Security Professional · CISSP
  • Hack The Box Certified Penetration Testing Specialist · CPTS
  • Project Management Professional · PMP

This is a selected set, not an exhaustive certification inventory. Current issuer evidence is available through the linked public profiles.

Publication standard · 05

The same evidence rule applies here.

Public identity should be useful and verifiable without exposing clients, employers, or private research.

Ongoing practice · 06

Labs remain part of the work.

Current platform activity is linked instead of frozen into changing ranks and completion totals.

Context · evidence · remediation

Bring the security question into a defined scope.

For an authorized assessment or advisory conversation, start with the system, desired outcome, and authorization owner—not sensitive target details.

Discuss an assessment