Hello! My name is Marcin Piosek and I have been working in the IT Security industry since 2013. Before that, I was engaged in programming and computer network management. Currently, I work as a Pentester, IT Security Consultant and provide technical support to the sales department.

On this website, you will find information about my activity and publications.

Books

Introduction to IT Security

(2023, PL) Together with several other authors, I had the opportunity to co-create second book in my career, “Wprowadzenie do bezpieczeństwa IT” (also known as “Introduction to IT Security”). The book is written in Polish and covers a broad range of topics in the field of IT security. It is targeted at audiences such as:

1) IT managers interested in IT security
2) Individuals from the IT field wanting to learn current security recommendations
3) Those taking their first steps in the area of technical IT security
4) People responsible for implementing security measures in organizations
5) Pentesters wanting to expand their knowledge in different areas related to IT security

My chapter, titled “Penetration Testing” has the following introduction:

The “Penetration Testing” chapter was created for those who wish to acquire or organize knowledge related to the essence and the process of conducting penetration tests from an organizational standpoint. In this chapter, I will outline the individual steps that need to be taken to define the scope of work, choose the appropriate methodology, and set requirements for the summary report. The information provided here should suffice for independently coordinating penetration tests from defining the scope to accepting the work.

The knowledge presented in this chapter is based on experience from over 550 penetration tests conducted in 2021 and 750 completed projects in 2022. In each case, I was the person responsible for defining the scope of work and assisting with problem-solving during their execution.

The goal of this text is not to convey knowledge about all possible techniques for conducting penetration tests, nor to discuss the career path of a pentester. Readers of this chapter do not need any experience other than what comes from working in the broadly defined IT industry.

Authors of the individual chapters are:

  1. On Ethics in Hacking (Gynvael Coldwind)
  2. What Every Administrator Should Know About Web Application Security (Michał Sajdak)
  3. Android – System Security and Basic Penetration Testing of Mobile Applications (Marek Rzepecki)
  4. iOS – System Security and Basic Penetration Testing of Mobile Applications (Marek Rzepecki)
  5. Penetration Testing (Marcin Piosek)
  6. Introduction to Cyber Threat Intelligence (Bartosz Jerzman)
  7. Threat Modeling and Risk Analysis of Applications (Łukasz Basa, Wiktor Sędkowski)
  8. Introduction to the MITRE ATT&CK® Framework (Wojciech Lesicki)
  9. Cryptology at a Glance (Iwona Polak)
  10. Introduction to the Security of Industrial Control Systems (ICS/OT) (Marcin Dudek)
  11. Data Security at Rest – Encryption and Data Deletion (Krzysztof Wosiński)
  12. OSINT – An Introduction (Tomasz Turba)
  13. Physical Security – Asset Protection (Tomasz Dacka)
  14. Modern Fuzzing (Marek Zmysłowski)
  15. Email Message Authentication Mechanisms – SPF, DKIM, and DMARC (Grzegorz Trawiński)
  16. Hashcat - Racing Against Time in a Balance of Forces and Resources (Konrad Jędrzejczyk)
  17. Introduction to the Metasploit Tool (Piotr Ptaszek)
  18. PowerShell in Offense (Paweł Maziarz)

For more information about the book you can:

  • visit https://wydawnictwo.securitum.pl/ksiazka-wprowadzenie-do-bezpieczenstwa-it-tom-1,
  • download mediakit from https://cdn.sekurak.pl/ksiazka2/mediakit-ksiazka-wdbit.pdf.


    • Web application security

    (2019, PL) I'm the happy and proud co-author of the book "Bezpieczenstwo aplikacji webowych" (Web application security; https://sklep.securitum.pl/ksiazka-bezpieczenstwo-aplikacji-webowych; PL only) in which I wrote several chapters, such as:

    1. Authentication, session management and authorization
    2. Advantages and disadvantages of OAuth 2.0 from a security perspective
    3. SameSite flag - how does it work and what does it provide protection against?
    4. Burp Suite Community Edition - introduction to HTTP proxy
    5. Path Traversal vulnerability
    6. Command Injection and Code Injection vulnerabilities
    7. Introduction to WebSocket security

    Table of content: download.

    Certificates

    • Certified Kubernetes Security Specialist (CKS) #LF-dldt1fl2zr (since 2024)
    • Certified Kubernetes Administrator (CKA) #LF-7jlmfe3i7t (since 2024)
    • Microsoft Certified: Cybersecurity Architect Expert (SC-100) #FB89F55D8D444608 (since 2023)
    • Microsoft Certified: Azure Security Engineer Associate (AZ-500) #52FDD24AEF427CBF (since 2023)
    • Certified Ethical Hacker #ECC47891281092 (since 2017)
    • Offensive Security Certified Professional #OS-101-04018 (since 2014)

    CVE

    Lectures

    Publications

    CTFs