5+ years of experience. 200+ security projects completed. Specializing in web & mobile application security, API testing, and secure code review. Helping organizations understand and fix their real vulnerabilities.
I'm a penetration tester with 5+ years of experience across 200+ security projects, specializing in the security of web and mobile applications, APIs, and cloud infrastructure. I participate in the entire process, from scoping and execution to reporting, focusing on identifying real vulnerabilities and providing clear, actionable recommendations.
Beyond testing, I'm the CEO & Founder of The Free Security, a non-profit organization providing free penetration tests to organizations that need them, performed by people I personally mentor and train.
I also served as a Teaching Assistant at the Faculty of Computing in Belgrade, helping shape the next generation of security professionals through hands-on education.
Industry-standard methodologies, manual testing, actionable results
I approach every engagement from the adversary's perspective. Instead of running automated scans and calling it a day, I dig deep to find the vulnerabilities that real attackers would exploit, including the ones tools miss entirely.
Security findings only matter if you can act on them. I write clear, prioritized reports that explain what was found, why it matters, and exactly how to fix it. No jargon, no hundred-page fluff.
Whether you're a startup preparing for your first pentest or an enterprise running quarterly assessments, I adapt my methodology to your size, budget, and risk profile while keeping the same rigorous quality.
From first contact to final retest, here is what working with me looks like
You reach out with your requirements. I share a sample report and methodologies relevant to your project so you can see exactly how I work.
We define the exact targets, testing boundaries, methodology, and timeline together.
You receive a clear proposal with scope, approach, deliverables, timeline, and pricing.
Access is granted, credentials are shared securely, and testing rules of engagement are confirmed.
Thorough manual and automated testing following OWASP and PTES. Critical findings reported immediately.
Detailed report with findings, risk ratings, proof-of-concept exploits, and actionable remediation steps.
After your team applies fixes, I verify that vulnerabilities are properly remediated. Available for calls throughout remediation to walk through the report and help developers fix vulnerabilities.
Industry-recognized credentials that validate deep technical expertise
From education to leading security assessments
Non-profit pentesting & mentorship initiative
As the CEO & Founder of The Free Security, I lead a non-profit initiative that provides free penetration tests to organizations that can't afford professional security assessments.
Every test is conducted by aspiring penetration testers whom I personally mentor and train. This creates a unique cycle: organizations get real security improvements, and the next generation of security professionals gets hands-on experience under expert guidance.
Teaching real-world pentesting skills through supervised live engagements
Helping organizations improve their security posture at zero cost
All engagements follow industry methodologies and standards
Pentesting stories, techniques, and lessons learned
They're not the same service. Why pentests cost what they cost, what you're risking when you give someone access to your systems, and why cutting corners is the most expensive decision.
Read more →What to look for in a pentester, which certifications actually matter, what a quality report includes, and how to avoid paying for an empty deliverable.
Read more →You deleted it. You moved on. But the Wayback Machine didn't. Learn how archived URLs and cached pages become real attack vectors.
Read more →Whether you need a security assessment, have a question, or want to collaborate, I'd love to hear from you. I typically reply within 24 hours.
Based in Belgrade, Serbia, working remotely worldwide. Available for penetration testing, security consulting, and training engagements.