Hi, I'm Nirmal 👋
Building Secure Digital Futures with CryptoGen Nepal, Safeguarding Digital Assets Across 🇳🇵🇬🇧🇺🇸🇦🇪🇦🇺
ND

About

I am a cybersecurity visionary committed to strengthening digital ecosystems against evolving threats. With over a decade of experience, I serve as Co-Founder and CTO of CryptoGen Nepal, where my team and I provide cutting-edge services and solutions in Offensive Security, Defensive Security and Governance, Risk, and Compliance (GRC). Our pioneering work has been recognized with prestigious accolades, including the ICT Startup Award and being listed among the Top 250 MISSPs worldwide, solidifying our role in shaping Nepal's cybersecurity landscape.

Work Experience

C

CryptoGen Nepal Pvt. Ltd.  
Co-Founder
Full-time

2019 - Present
Chief Technology Officer
I currently oversee all operations, especially in light of our vacant CEO position. My primary responsibilities include managing team leads and overseeing projects across the Offensive Security, Security Operations Center (SOC), R&D, GRC and Sales departments. While I provide oversight for all these areas, I am currently focused on the R&D department where I am involved in building product architecture, conducting feasibility testing and developing prototypes, whether on Figma or through coding. Despite my wide range of responsibilities, I am more inclined toward Offensive Security as I have been professionally involved in cybersecurity for nearly a decade with most of my career focused on the attack side performing Vulnerability Assessment and Penetration Testing. I also collaborate closely with the SOC team engagements on Digital Forensics and Incident Response, Malware Analysis and SIEM Engineering. As I transition more of my duties to department leaders, my current focus is shifting toward Lead Generation, People Relations, Brand Development and Marketing.
S

Softwarica College of IT & E-commerce  
Part-time

2022 - Present
Lecturer
I leverage my industry expertise in cybersecurity as a Part-Time Lecturer at Softwarica College of IT and eCommerce, where I design and deliver hands-on modules like Practical Penetration Testing, Web Security, Cyber Security Career Development, and Red Team Management. My teaching philosophy centers on bridging theory with real-world scenarios—equipping students with actionable insights into today’s threat landscape while guiding them in carving out strategic career paths. By emphasizing offensive security tactics, defensive best practices, and emerging trends, I aim to empower the next generation of cybersecurity professionals to thrive in a dynamic, high-stakes field.
P

Pentester Nepal  

2017 - Present
Community Leader
Pentester Nepal is the largest cybersecurity community in Nepal, with over 6,000 members where enthusiasts collaborate to advance their skills and careers. As a community leader for more than 7 years, I have initiated and participated in various initiatives aimed at fostering growth and driving cybersecurity innovation. Our community thrives on mutual support, offering members opportunities to network with peers, share knowledge, and tackle real-world security challenges. Whether you’re a seasoned professional or just starting your journey, Pentester Nepal welcomes anyone passionate about ethical hacking and cybersecurity.
O

OWASP Nepal  
Former

2021 - 2024
Community Leader
The Open Web Application Security Project (OWASP) is a nonprofit foundation dedicated to improving software security, boasting over 275 local chapters worldwide. In my role as the Chapter Leader for OWASP Nepal, I have been instrumental in organizing cybersecurity events, raising awareness, sharing knowledge and training individuals about cybersecurity and potential threats. These initiatives are designed to foster collaboration among professionals and enthusiasts in Nepal's cybersecurity community.
E

Eminence Ways Pvt. Ltd.  
Former
Full-time

2016 - 2019
Senior Security Researcher
In my role at Eminence Ways, I led Web, Mobile and API Security Penetration Testing projects as a team lead focusing primarily on clients in the banking and financial sectors, including banks, PSPs, and PSOs as well as software companies and government entities and other businesses. My responsibilities included managing the Web/Mobile/API security team, recruiting and onboarding new talent, participating in project kick-off and closure meetings, presenting technical findings to stakeholders, reviewing team-prepared reports to ensure quality and exploiting and bypassing vulnerabilities to assess and improve security as an escalation point for the Application Security Team.

Education

I

Indira Gandhi National Open University  

-
Bachelor of Computer Applications
R

Reliance International Academy  

-
+2 in Computer Science
M

Machchhindra Higher Secondary School  

-
School Leaving Certificate
J

Joseph High School  

-
Primary School

Languages

Nepali
English
Hindi

Skills

Penetration Testing
Incident Response
Digital Forensics
Malware Analysis
SIEM Engineering
Threat Intelligence
Security Awareness
Security Training
Security Research
Information System Audit
Cybersecurity Consulting
Security Strategy
Public Speaking
Leadership
DevSecOps
C
C++
PHP
Python
JavaScript
Node.js
JAVA
React
Next.js
Typescript
Go
Docker
Elasticsearch
Kibana
Logstash
OpenSearch
Media Coverages

Recent Media Coverages

I have been invited to speak on various topics related to cybersecurity and here are some of my recent notable appearances.

Python Powered "Cyber Security" - Tools, Techniques, Exploitation and Automation | PyCon JP 2024

Python Powered "Cyber Security" - Tools, Techniques, Exploitation and Automation | PyCon JP 2024

Python has always been recognized as a language for web development, automation, analysis, and AI/ML. However, it has been crucial for cybersecurity experts as well. In my talk, I highlighted how Python is used in cybersecurity and the various areas where it plays a significant role.

youtubePyCon JP
Episode 148: Cyber Security, World of Hacking, Cyber Safety - Sushant Pradhan Podcast

Episode 148: Cyber Security, World of Hacking, Cyber Safety - Sushant Pradhan Podcast

I was invited to the Sushant Pradhan podcast, where we discussed cybersecurity topics such as sidechannel vulnerabilities, IoT security, user awareness, zero-click attacks, MITM attacks, AI in cybersecurity, blockchain, scam calls, bug bounty hunting, and cyber safety practices for individuals and businesses.

youtubeSushant Pradhan
राहदानी प्रणालीमा 'र्‍यान्समवेअर' आक्रमण 'शंकास्पद' - SAROKAR

राहदानी प्रणालीमा 'र्‍यान्समवेअर' आक्रमण 'शंकास्पद' - SAROKAR

The Department of Passport (Nepal) was compromised and scams and hacking were on the rise. To raise awareness, we were invited to Kantipur TV for the show called "Sarokar" where I, Bijay Limbu (VAIRAV Tech) and SP Deepak Awosti (Cyber Bureau) had an insightful session. I believe it had a significant impact on viewers.

youtubeKantipur TV HD
खतरनाक 'नेपाली गर्ल'को सर्च अपरेसन - TechPana

खतरनाक 'नेपाली गर्ल'को सर्च अपरेसन - TechPana

Nepali Girl was an Android trojan spreading in Nepal via WhatsApp. It stole sensitive information from victims' devices, compromising their privacy and security. Believed to have stolen crores from bank accounts, the Cyber Bureau made arrests. We analyzed the trojan and shared our findings on a leading tech portal "TechPana".

TechPana
CryptoGen Nepal
Hacktivities

Notable Hacktivities

I find it fascinating to research and develop new things and engage in other cybersecurity activities. Here are some of my notable hacktivities.

  • F

    First International Conference as a Speaker - PyCon JP 2024

    Japan

    I have always believed and still do that Python is one of the most suitable languages for cybersecurity as it is used everywhere from exploit development to automation. Since people generally don’t think about this aspect much, I always wanted to highlight its importance. Finally, I got the opportunity to do so at PyCon JP 2024 and I express my gratitude to PyCon JP for this oppurtunity.
    PyCon JP
  • T

    Top 10 Ethical Hacker in The World by EC-Council

    Worldwide

    I was listed among the top 10 ethical hackers in the world by EC-Council, a renowned organization known for its prestigious certifications like Certified Ethical Hacker (CEH). This recognition was awarded in the second quarter of April 2021 by EC-Council itself.
    EC-Council
  • M

    My first CVE was officially assigned "CVE-2021-3258"

    Worldwide

    Question2Answer.org is the developer of Q2A, a platform similar to WordPress but specifically designed for Question and Answer forums like Stack Overflow. In 2017, I discovered a stored XSS vulnerability that could lead to account takeover. The issue was promptly fixed by the development team. However, considering its global usage, I obtained a CVE for this vulnerability in 2021, marking my first CVE assignment.
    NIST
    MITRE
    youtubeYoutube
  • F

    Finding XSS on Samy Kamkar's Site

    Worldwide

    Samy Kamkar, a legendary figure in the world of security, has crafted his website in a way that makes it nearly impossible to even view the code, let alone find an XSS vulnerability. Yet, I managed to uncover one on his site, which felt like a huge achievement. Samy is a master in many areas of security, and finding a vulnerability on his site is something I will always cherish. He is the mastermind behind the MySpace XSS worm, the world’s fastest-spreading JavaScript-based worm. The fact that I was able to find the same vulnerability on a legend’s site and contribute to securing it makes this discovery feel like a milestone in my own journey.
    Samy Kamkar
    Wikipedia
  • T

    Top 25 in YESWEHACK Platform

    Worldwide

    It was the first quarter of 2017 when one of Europe's earliest bug bounty platforms, BugBounty Factory (now called YesWeHack) had recently launched. I spent a significant amount of time on the platform and ranked among the Top 25 bug bounty hunters.
    YEWWEHACK
  • 1

    1st Runner Up in HackBack CTF 2017

    Nepal, Kathmandu University

    HackBack, held as part of Kathmandu University's annual IT Meet in 2017 and organized by Rigo Technology, featured Nepal's first on-site CTF competition. I secured 1st Runner-Up in this prestigious event.
Certifications

That Define Me

I am passionate about continuous learning and earning certifications to stay ahead in my field. Among the 15+ professional certifications I have achieved, here are some of my recent and notable ones.

  • I

    ISO/IEC 27001:2022 - Lead Auditor

    International Organization for Standardization

  • D

    DevSecOps - Introduction

    AppSecEngineer

  • C

    Certified Ethical Hacker - Master

    EC-Council

  • C

    Certified Ethical Hacker - Practical

    EC-Council

  • C

    Certified Payment Card Industry Security Implementer

    SISA Infosec

  • C

    Certified Ethical Hacker - ANSI

    EC-Council

Contact

Get in Touch

Want to connect? Goto my Linktree Profile and find the best way to reach me.

LinkedIn
X