|
I’m Sergey “Kaimi” Belov — a cybersecurity engineer and team lead focused on application security, penetration testing, and security architecture for enterprise and financial systems. Most of my work is about helping companies understand how they can actually be hacked — and then making sure it is me who does it first. My background sits somewhere between low-level development and offensive security: banking, fintech, AI platforms, Big4 consulting, ATMs, payment flows, cloud infrastructure, developer tooling, reverse engineering, SSDLC, threat modeling, and large-scale vulnerability assessments. |
┌─[kaimi@belov.expert]─[~/ops] └──╼ ./profile --brief [+] role : security engineer / team lead [+] focus : appsec, pentest, architecture [+] terrain : banking, fintech, enterprise [+] mindset : offensive, practical, result-first [+] tools : Burp, IDA, nmap, hex editor [+] output : bugs, PoCs, tooling, risk maps, articles |
|
Web, API, mobile-adjacent and enterprise application security: from classic penetration testing to security reviews, SSDLC, threat modeling, and vulnerability management. |
Financial applications, payment systems, ATMs, remote banking, fraud scenarios, business logic, integration flows, and the kind of bugs that do not look scary until money starts moving. |
Reverse engineering, exploit research, infrastructure hardening, CTF/bug bounty background, weird protocol behavior, and occasional late-night experiments with things that should not parse like that. |
> I like security work that produces something concrete:
a reproducible exploit, a working PoC, a clear risk map,
a hardened configuration, a fixed architecture, or a painful
business-risk conversation that should have happened earlier.
- Built and led security teams across banking, fintech, AI platforms, and consulting.
- Worked with systems ranging from ATMs and payment environments to cloud infrastructure and developer tooling.
- Still enjoy getting hands-on with Burp Suite, IDA, nmap, logs, traces, packet dumps, and a good hex editor.
- Active around bug bounty and CTF culture, with a few Hall of Fame mentions along the way.
- Publish tooling, PoCs, security notes, and experiments on GitHub and on the joint blog with d_x at kaimi.io.
- Occasionally comment in media on cybercrime, financial fraud, digital risks, and the practical side of defensive security.
/ research notes / small security tools
/ PoCs / infrastructure experiments
/ hardening snippets / appsec automation
/ reverse engineering / writeups from strange corners
/ threat models / security architecture notes
I’m usually interested in work where security is treated as an engineering and business problem, not a ritual exercise.
Good reasons to reach out:
- security review of an application, platform, or critical business flow;
- penetration testing with realistic attack scenarios and practical remediation;
- threat modeling and security architecture for enterprise systems;
- banking, fintech, payment, fraud, or high-risk application security questions;
- weird bugs, exploit ideas, research notes, or tools worth building.
result != "list of vulnerabilities"
result == "clear attack paths + business impact + prioritized fixes"
