Profile

Heshan Perera

Offensive Security Engineer / Penetration Tester

About Me

Offensive Security Professional with a strong emphasis on practical, hands-on learning and real-world application. I have developed deep technical expertise in modern attack methodologies, red teaming, and defensive strategies through hands-on experience and continuous learning, staying adaptable to the rapidly evolving cybersecurity landscape.

Skilled in organizing and creating Capture The Flag (CTF) challenges, mentoring others, and contributing to the growth of the cybersecurity community. I enjoy designing realistic scenarios that test both offensive and defensive security skills.

Experienced in offensive security practices including penetration testing, vulnerability assessments, and simulating real-world attack scenarios to improve security posture.

Outside of cybersecurity, I love creating content about the things I do, including pentesting, gaming, and sharing knowledge. I’m especially passionate about playing Chess and blending gaming with my creative side.

Professional Journey

Associate Engineer - Information Security

RedCERT (Pvt) Ltd

June 2025 - Present

  • Conduct Internal and External Red Team operations for leading Sri Lankan banks and companies, providing actionable remediation recommendations.
  • Perform advanced penetration tests on web applications and network infrastructures, and assist with remediation to defend against real-world attacks.

Head Of CTF

HashX (Pvt) Ltd

April 2024 - June 2025

  • Lead the research and development initiatives of the CTF department, fostering innovation and ensuring the department remains at the forefront of the industry
  • Manage CTF events and infrastructure, ensuring seamless operations and performance
  • Maintain quality control of challenges to guarantee fairness, scalability, and consistency in competitions
  • Create advanced-level CTF challenges focused on Network, Web Penetration Testing, and Forensics

Trainee - Cyber Security

Hatton National Bank PLC

June 2024 - June 2025

  • Run internal red team assessments and operations to simulate real-world attacks and identify weaknesses in the bank's security posture
  • Conduct vulnerability assessments and penetration testing on the bank's web applications, mobile platforms, and internal networks to identify and mitigate security risks
  • Report findings directly to the Chief Information Security Officer (CISO) and provide actionable remediation strategies
  • Monitor and report on Data Loss Prevention (DLP) and Endpoint Detection and Response (EDR) solutions to ensure the security of sensitive information and systems
  • Support various information security operations and collaborate with teams to address complex security challenges

Certified & Battle Tested

OffSec Experienced Penetration Tester (OSEP)

// OffSec Experienced Penetration Tester (OSEP)

// Issued: March 2026

Certified Red Team Expert (CRTE)

// Certified Red Team Expert (CRTE)

// Issued: November 2025

Hack The Box Certified Penetration Testing Specialist (HTB CPTS)

// Hack The Box Certified Penetration Testing Specialist (HTB CPTS)

// Issued: February 2025

Hack The Box Certified Web Exploitation Specialist (HTB CWES)

// Hack The Box Certified Web Exploitation Specialist (HTB CWES)

// Issued: August 2025

HashX Certified CTF Engineer (HashX C-CE)

// HashX Certified CTF Engineer (HashX C-CE)

// Issued: April 2025

ISC2 Certified In Cybersecurity

// ISC2 Certified In Cybersecurity

// Issued: April 2025

Proofpoint Certified Security Awareness Specialist

// Proofpoint Certified Security Awareness Specialist

// Issued: July 2023

Red Team Analyst [CRTA] - CyberWarfare Labs

// Red Team Analyst [CRTA] - CyberWarfare Labs

// Issued: July 2025

OffSec Experienced Penetration Tester (OSEP)

// OffSec Experienced Penetration Tester (OSEP)

// Issued: March 2026

Certified Red Team Expert (CRTE)

// Certified Red Team Expert (CRTE)

// Issued: November 2025

Hack The Box Certified Penetration Testing Specialist (HTB CPTS)

// Hack The Box Certified Penetration Testing Specialist (HTB CPTS)

// Issued: February 2025

Hack The Box Certified Web Exploitation Specialist (HTB CWES)

// Hack The Box Certified Web Exploitation Specialist (HTB CWES)

// Issued: August 2025

HashX Certified CTF Engineer (HashX C-CE)

// HashX Certified CTF Engineer (HashX C-CE)

// Issued: April 2025

ISC2 Certified In Cybersecurity

// ISC2 Certified In Cybersecurity

// Issued: April 2025

Proofpoint Certified Security Awareness Specialist

// Proofpoint Certified Security Awareness Specialist

// Issued: July 2023

Red Team Analyst [CRTA] - CyberWarfare Labs

// Red Team Analyst [CRTA] - CyberWarfare Labs

// Issued: July 2025

Words from the Community

Suresh Emmanuel

Suresh Emmanuel

Chief Information Security Officer

Hatton National Bank PLC

I'm incredibly fortunate to have Heshan as part of the CISO office at HNB. His impact has been nothing short of extraordinary. From his first day, Heshan's positive attitude and forward-thinking vision have consistently driven success. Heshan's expertise in offensive security is truly remarkable. He possesses a rare ability to think outside the box, uncovering vulnerabilities with a level of ingenuity that significantly enhances Bank's security posture. His rapid completion of the CPTS (Certified Penetration Testing Specialist) exam, becoming the youngest in the country to achieve this feat in record time, speaks volumes about his dedication and talent. Beyond his technical prowess, Heshan is a dedicated cybersecurity advocate. He shares his knowledge generously, teaching undergraduates and organizing engaging CTF events, fostering the next generation of cybersecurity professionals. His role as Head of the CTF Department at HashX Sri Lanka, where he designs innovative scenarios, further demonstrates his leadership and passion for the field. Heshan's contributions to the team and organization are invaluable. He is a true asset, and I wholeheartedly recommend him. Any organization would be lucky to have him.