NOMINATION HIGHLIGHTS

Ain Nurlisa Binti Zailan, known professionally as Lisa Zailan, is a Cybersecurity Consultant and Penetration Tester based in Malaysia, currently serving at Cybertronium Sdn. Bhd. Holding a degree in Computer Science with a specialization in Information Security & Assurance, Lisa has built a focused and impressive career in offensive security — distinguished by technical depth, merit-level certifications, and a genuine commitment to uplifting the cybersecurity community around her. She is a compelling nominee for Cybersecurity Professional of the Year.

Technical Excellence in Offensive Security Lisa’s primary specialization lies in Mobile Application Penetration Testing across both Android and iOS platforms — one of the most technically demanding disciplines in offensive security. Her expertise spans the full mobile attack lifecycle: static and dynamic analysis, runtime manipulation using tools such as Frida and Objection, traffic interception via Burp Suite, and automated scanning through MobSF. She also leverages Android Debug Bridge (ADB) for deep device-level testing, reflecting a hands-on mastery that few practitioners at her career stage achieve.

Beyond mobile, Lisa conducts Vulnerability Assessment and Penetration Testing (VAPT) across Web Applications, APIs, and Network Infrastructure. She is equally proficient in Database Server and Operating System Configuration Reviews, applying Center for Internet Security (CIS) Benchmarks to assess security posture against globally recognized standards. Her command of Linux environments, scripting, and secure coding practices rounds out a technically versatile and well-grounded skill set.

Certifications Achieved with Merit Lisa holds two professional certifications from The SecOps Group, both earned with Merit — a distinction that signals exceptional performance, not merely competency: • Certified Mobile Pentester – Android (CMPen-Android) — validating advanced skills in Android application security testing, including bypass of security controls, runtime manipulation, and exploitation of client-side vulnerabilities. • Certified API Pentester (C-APIPen) — demonstrating expertise in API security assessment, authentication bypass, and identifying vulnerabilities in modern API architectures including REST and GraphQL endpoints. Achieving Merit in both certifications reflects a standard of precision and rigor that defines Lisa’s approach to her craft — going beyond the minimum to truly master the subject matter.

Professional Reporting and Client Engagement Technical skill alone does not define a great security consultant — the ability to communicate findings clearly and credibly is equally essential. Lisa demonstrates this balance with skill. She is proficient in preparing detailed technical reports and executive-level summaries, with risk ratings grounded in CVSS 3.1 scoring methodology.