

Co-Founder & COO at Qualysec | Penetration Testing & Compliance Specialist
Pabitra Kumar Sahoo is a cybersecurity researcher, penetration testing specialist, and co-founder of Qualysec, where he serves as COO. He has spent his career building expertise at a precise intersection that most security professionals treat as separate disciplines – technical attack simulation and security education for non-specialist audiences. On the technical side, Pabitra's work centres on penetration testing across web, mobile, API, and network attack surfaces, using industry-standard tooling including Burp Suite, Metasploit, Nessus, and OWASP ZAP. His methodology follows established frameworks like OWASP Testing Guide, OWASP MASVS for mobile assessments, and NIST guidelines for vulnerability management. The findings he and his experienced team identify are mapped to recognised risk taxonomies that compliance teams and CISOs can act on directly. His current research focus is the security of IoT devices and AI/ML-driven systems, 2 domains where attack surface complexity is growing faster than the security industry's ability to assess it. Specifically, he examines how traditional penetration testing methodologies need to be adapted for non-standard endpoints, embedded firmware, and model inference pipelines. These areas are increasingly relevant to clients in healthcare technology, industrial automation, and connected device manufacturing. Pabitra has contributed extensively to Qualysec's published body of work on PCI DSS compliance testing, GDPR Article 32 security requirements, HIPAA-aligned assessments, and SOC 2 readiness. His writing consistently prioritises accuracy and operational relevance over generalisation, and has been shared and referenced across cybersecurity communities and news forums internationally. He is also a certified practitioner in a variety of professional certifications such as CEH, CISSP, Certified Cyber Security Analyst, OSCP, CISM, and ISO/IEC 27001:2022 Information Security Associate, which further supports his proficiency in offensive security and governance-based systems.


