Marsellino Nasry // SARM Security

Offensive Security & Strategic Risk Advisory.

I don't just find vulnerabilities; I quantify their business impact. I partner with organizations to transform security from a technical liability into a strategic advantage, ensuring resilience, compliance, and stakeholder trust.

Initiate Contact >

Proprietary Tooling

Leveraging custom tools like VAMPIRE-X and the SARM suite provides deeper, more relevant insights than off-the-shelf scanners.

Business-Centric Risk

I translate technical findings into quantifiable business risks, enabling informed, strategic decisions at the executive level.

Local & Global Expertise

Deep knowledge of international standards (ISO 27001) and crucial local regulations like the Egyptian Data Protection Law and CBE Framework.

SARM-THREAT-INTEL: LIVE FEED

> Establishing secure connection...

> Connection established. Streaming intel...

> [HIGH] New RCE vulnerability detected: CVE-2025-XXXX in popular web framework. Patch immediately.

> [MED] Phishing campaign impersonating Of_

The Strategic ROI of Cybersecurity

A robust security posture is not an expense; it's a critical investment with tangible returns.

Preventing Financial Catastrophe

Proactive security assessments are an insurance policy against devastating, often business-ending, expenses from data breaches, including regulatory fines, legal fees, and reputational damage.

Avg. Cost of Data Breach (IBM 2023)

$0.00M

Enhancing Brand & Unlocking Growth

In today's market, trust is currency. A demonstrated commitment to security is a powerful differentiator that attracts high-value clients and paves the way for premium partnerships and expansion.

Potential Revenue Impact

+0%

Comprehensive Security Services

A multi-faceted approach to building and validating a robust security posture.

Web Application VAPT: Testing for OWASP Top 10, business logic flaws, and API vulnerabilities.
Network Penetration Testing: Internal and external assessments of network infrastructure and segmentation.
Mobile Application Security: Analysis of iOS & Android apps for client-side and server-side weaknesses.
Red Team Operations: Goal-oriented adversary simulation to test your detection and response capabilities.
ISO 27001 Audits: Gap analysis and readiness assessments for the ISMS standard.
CBE Framework Compliance: Ensuring financial institutions meet the strict cybersecurity requirements of the Central Bank of Egypt.
Egyptian Data Law Audits: Validating that data handling processes comply with Law No. 151 of 2020.
Risk & Control Assessments: Identifying and evaluating security risks to prioritize remediation efforts effectively.
Virtual CISO (vCISO): Providing strategic security leadership and program development on a fractional basis.
Secure Architecture Design: Consulting on building resilient, secure-by-design systems and networks.
Incident Response Planning: Developing and testing IR plans to minimize the impact of a security breach.
Security Awareness Training: Tailored training programs to strengthen your human firewall.

My Strategic Approach: From Audit to Architecture

A proven methodology for delivering tangible security improvements.

Phase 1: Comprehensive Audit & Risk Assessment

We begin by understanding your business. I conduct thorough IT audits against frameworks like ISO 27001 and COSO, identifying gaps between your current state and your compliance requirements. This phase delivers a clear roadmap prioritized by business risk.

Phase 2: Offensive Security & Threat Simulation

Here, we validate the risks. Using my custom toolkit and advanced methodologies, I simulate real-world attacks through comprehensive penetration testing and vulnerability assessments. This isn't just a scan; it's a measure of your true defensive capabilities against a skilled adversary.

Phase 3: Secure Infrastructure Design & Consultation

Security shouldn't be an afterthought. I help you build it in from the ground up. I provide expert consultation on designing and implementing secure network architectures, applying principles like defense-in-depth and zero-trust to create a foundation that is inherently resilient, scalable, and secure.

The SARM Security Arsenal

Leveraging proprietary technology for a decisive intelligence advantage.

VAMPIRE-X

Comprehensive vulnerability analysis and management engine.

$ sudo ./vampirex.py 10.10.1.0/24 -s vuln
# Correlates Nmap, Nuclei data
# Cross-references with CISA KEV
# Generates risk-prioritized plan

SARM-Security

Advanced reconnaissance and information gathering framework.

$ ./sarm-security -d domain.com
# Discovers subdomains & tech
# Identifies data leaks
# Builds attack surface map

SARM-CVE-DB

Real-time CVE and threat intelligence aggregation hub.

$ ./sarm-cvedb --query Log4j
# Ingests NVD and CISA feeds
# Enables proactive defense
# Facilitates rapid risk assessment

Compliance: The Business Imperative

Navigating the complex landscape of local and international cybersecurity regulations.

ISO/IEC 27001

The global benchmark for managing information security. Compliance demonstrates a mature, risk-based security program to partners and customers worldwide.

Egyptian Data Protection Law

Mandates strict controls for protecting the data of Egyptian citizens. My audits ensure you avoid severe penalties and reputational damage.

CBE Cybersecurity Framework

A mandatory requirement for the Egyptian financial sector, demanding rigorous controls and regular testing, which my services are designed to address.

Frequently Asked Questions

What do I receive at the end of an engagement? +

You receive a detailed technical report with reproducible findings, risk scores (CVSS), and clear remediation guidance. More importantly, you get an executive summary that translates these risks into business context and a strategic debrief session to plan your path forward.

How long does a typical penetration test take? +

Duration depends entirely on the scope. A small web application test might take one to two weeks, while a full red team operation against a large enterprise could span several weeks or months. We define the timeline clearly during the scoping phase.

Why not just use an automated scanner? +

Automated scanners are good for finding low-hanging fruit, but they miss complex vulnerabilities, business logic flaws, and cannot comprehend context. A manual, expert-led assessment identifies the critical, high-impact risks that automated tools simply cannot see, preventing false positives and providing true insight.

What's Next? Build Your Digital Fortress

Ready to transform your security from a liability into your greatest asset? Let's connect. I provide the expertise and tooling to build a truly resilient organization.

Send a Secure Message

Direct Channels

Find Me

linktr.ee/Marsellino.Nasry

Gmail

marsellino.nasry@gmail.com

WhatsApp

(+20) 10 19392651

LinkedIn

linkedin.com/in/marsellino-nasry