Introduction

I am an experienced information security and secure software development consultant and researcher who can perform web and mobile application penetration tests, automated and manual code reviews, software debugging, security testing on cloud based environments, smartphone platforms such as iOS and Android, and develop security-aware web and mobile applications.


Fields of Interest


Work Experience


Industry Experience


Staff Security Engineer @ VMware, San Francisco Bay Area, CA (11/2017 — present)

Senior Security Engineer @ VMware, San Francisco Bay Area, CA (04/2016 — 10/2017)

VMware virtualizes computing, from the data center to the cloud to mobile devices, to help our customers be more agile, responsive, and profitable. My job functions include providing security advice and expertise to help VMware product teams with Secure Software development throughout product’s lifecycle, finding new vulnerabilities in VMware products, analyzing externally reported vulnerabilities, developing demonstration exploits, developing vulnerability mitigations and workarounds, act as the technical reviewer for external security communications such as VMware Security Advisories, security response engineering and tools development.


Senior Security Consultant @ IOActive Inc., Seattle, WA (10/2014 — 04/2016)

IOActive is an industry leading security services firm. My essential job function is to perform security services for IOActive’s Global client portfolio. These can include penetration testing, vulnerability assessments, reverse engineering, fuzzing, exploit development, and more. The focus of my work is to provide leadership on mobile penetration testing for Android and iOS platforms. Other important job functions include participation in the business development process, performing research and delivering talks at industry events.


Security Consultant @ IOActive Ltd., London, United Kingdom (04/2013 — 09/2014)

The essential job functions include vulnerability assessments and analysis, penetration testing and source code review of web and mobile applications and platforms, reporting and documentation of all security findings, and travel to customer site locations as required. I have performed comprehensive security assessments of Android ROMs for major smartphone vendors. I have carried out code review and penetration testing of smartphone applications (Android, iPhone, iPad and Kindle Fire apps) and C/Java based web services for some of the Fortune top 50 companies. I have also worked in red team network penetration testing for major service providers on behalf of IOActive.


Research Engineer (Mobile App Development Manager) @ Next Generation Intelligent Networks Research Center, Islamabad, Pakistan (03/2012 — 02/2013)

Development of Secure SMS and Secure VoIP applications on Android and iPhone. The core task was to help the programmers apply the theory of information security, cryptography and secure development in real world mobile applications. I managed a team of mobile application developers to achieve these tasks. I was also responsible for completing reports and deliverables to meet requirements of the funding agency.


Research Engineer (Team Lead) @ Next Generation Intelligent Networks Research Center, Islamabad, Pakistan (04/2008 — 08/2010)

The aim of this project was to develop an intelligent security framework for IP Multimedia System (IMS) and Next Generation All-IP Networks, to protect infrastructure nodes and subscribers against IMS framework-related vulnerabilities, SIP protocol vulnerabilities, VoIP/ video/ PoC/ Messaging/ Presence/ Conferencing application vulnerabilities; and voice spam, media plane related vulnerabilities.


Internship Experience


Mobile Development, Security and Testing Intern @ Cigital, New York, NY (05/2011 — 12/2011)

I learned the basics of mobile (Android, Blackberry, iOS) development, and iOS application security. The concentration of my work was centered on penetration testing of a number of iPhone and iPad applications for some of the fortune 50 companies. I also worked on system image security assessment, and some linux based embedded system pen-testing.


Teaching Experience


Visiting Faculty @ National University of Computer & Emerging Sciences, Islamabad, Pakistan (08/2012 — 12/2012)

Courses Taught: Data Communication & Networking


Freelance Experience


Security Advisor @ Secursive Blog, https://blog.secursive.com (02/2020 — present)

I write blog posts on security topics that I find interesting.


Freelance Consultant @ Secursive, https://www.secursive.com (02/2012 — 01/2014)

A freelance Information Security Consultancy and Secure Software Development agency. I provide Secure Software development, Web and Mobile Applications penetration-testing, automated and manual code reviews for security vulnerabilities. Security testing on smartphone platforms such as iOS and Android, is what I love to do. I also provide Security-aware Web and Mobile applications development, Operating System development and Software debugging services.


Education


Degrees


MS Computer Science (Security) @ Columbia University, New York, NY. (2011)


BE Electrical Engineering @ National University of Sciences & Technology, Islamabad, Pakistan. (2008)


Courses



Projects



Publications


Research Topics



Patents


G. Dimitrov, M. Akbar et al. "Persistable identity tokens". US Patent App. 16/709,913. Patent Pending. [Download]


G. McCready, R. Chamarajnager, G. Bollella, M. Akbar et al. "Gateway enrollment for internet of things device management". US Patent App. 15/902,321. Patent Pending. [Download]


M. Akbar et al. "Automating establishment of initial mutual trust during deployment of a virtual appliance in a managed virtual data center environment". US Patent 10,728,243. Patent Granted in 07/2020. [Download]


S. Mukhopadhyay, M. Akbar. "Automating application updates in a virtual computing environment". US Patent 10,416,986. Patent Granted in 09/2019. [Download]


Journal Papers


Salman H. Khan, M. Ali Akbar, et al. "Secure Biometric Template Generation for Multi-factor Authentication". In Pattern Recognition, Elsevier, 09/2014. [Download]


M. Ali Akbar et al. "Securing SIP-based VoIP infrastructure against flooding attacks and Spam Over IP Telephony". In Knowledge and Information Systems, Springer-Verlag, 02/2014. [Download]


Conference Papers


Salman H. Khan, M. Ali Akbar, et al. "Multi-Factor Authentication on Cloud". In IEEE International Conference on Digital Image Computing: Techniques and Applications (DICTA 2015), 11/2015. [Download]


M. Ali Akbar, et al. "The Droid Knight: a silent guardian for the Android kernel, hunting for rogue smartphone malware applications". In Virus Bulletin (VB 2013), 10/2013. [Download]


F. Shahzad, M. Ali Akbar, et al. "Tstructdroid: Realtime malware detection using in-execution dynamic analysis of kernel process control blocks on android". In National University of Computer & Emerging Sciences, Islamabad, Pakistan, 01/2013. [Download]


F. Shahzad, M. Ali Akbar, et al. "A survey on recent advances in malicious applications analysis and detection techniques for smartphones". In National University of Computer & Emerging Sciences, Islamabad, Pakistan, 12/2012. [Download]


M. Ali Akbar, et al. "RTP-Miner: A Real-time Security Framework for RTP Fuzzing Attacks". In 20th International Workshop on Network and Operating Systems Support for Digital Audio and Video (NOSSDAV 2010), Amsterdam, Netherlands, 06/2010. [Download]


M. Zubair Rafique, M. Ali Akbar, et al. "Evaluating DoS Attacks Against SIP-Based VoIP Systems". In IEEE Global Communications Conference (GLOBECOM 2009), Honululu, Hawaii USA, 11/2009. [Download]


M. Ali Akbar, et al. "Application of Evolutionary Algorithms in Detection of SIP based Flooding Attacks". In Genetic and Evolutionary Computation Conference (GECCO 2009), Montreal, Canada, 07/2009. [Download]


M. Ali Akbar, et al. "A Comparative Study of Anomaly Detection Algorithms for Detection of SIP Flooding in IMS". In International Conference on Internet Multimedia Services Architecture and Application (IMSAA 2008), Bangalore, India, 12/2008. (Best Paper Award) [Download]


M. Ali Akbar, et al. "Bit Error Rate Improvement using ESPRIT based Beamforming and RAKE receiver". In IEEE International Multitopic Conference (INMIC 2009), Islamabad, Pakistan, 12/2009. [Download]


M. Ali Akbar, et al. "Fuzz-Fortuna: A fuzzified approach to generation of cryptographically secure pseudo-random numbers". In IEEE International Multitopic Conference (INMIC 2008), Karachi, Pakistan, 12/2008. [Download]


M. Zulkifl Khalid, M. Ali Akbar, et al. "Using Telemedicine as an Enabler for Antenatal Care in Pakistan". In 2nd International Conference on E-Medical System (E-Medisys), Sfax, Tunisia, 10/2008. [Download]


Blog Posts



Achievements