Hamrah Security

Hamrah Security Logo

Security for your org through

Partnership

Hamrah Security is the practice of Qasim Ijaz, a security leader who taught offensive security at Black Hat and now runs cybersecurity team for a multi-billion-dollar healthcare organization. Strategy, testing, or incident response: Hamrah stands with you.

Hamrah (pronounced "ham-raah") is Urdu for "ally" or "fellow traveler." Just as an ally stands by you, Hamrah Security stands with you, guarding your digital world against emerging threats.

15+ Years in the field

Trusted where it counts

Hamrah is the distillation of a career spent leading security where the stakes are highest. A sample of the roles behind it:

  • Director of Cyber Security at a multi-billion-dollar healthcare org: Cut incident response time; advises the SLT on risk and AI governance.

  • Director of Offensive Security at a security services firm: Built the offensive security, vCSO advisory, and vulnerability management practices.

  • Senior Manager, Attack Simulation at a Fortune-scale health insurer: ran a global bug bounty program and set the attack-simulation strategy.

  • Director, Penetration Testing for a national cybersecurity consultancy: Led the offensive service lines and doubled training conversion.

  • Assistant CISO at a healthcare security & compliance firm: Drove SOC 2 alignment and led the offensive security team.

WHAT WE DO

Three ways we stand with you

Advise

Cybersecurity Advisory

  • vCISO / vCSO advisory & program development

  • Board- & C-suite risk communication

  • Security as a business enabler (incl. AI / shadow-AI governance)

  • Guidance through cloud migration, M&A

  • Secure Software Development Lifecycle

  • A security strategy leadership understands and funds.

Prepare

Incident Response Preparedness

  • IR planning & tabletop exercises

  • Detection engineering & automation

  • Continuous purple teaming

  • Respond in minutes, not days, with a pre-built runbook and detection tuned before the incident

Validate

Penetration Testing

  • Network, cloud & web app pen testing

  • EntraID/Azure, AWS, GCP & on-prem

  • Red team & attack simulation

  • Bug bounty program design & management

Attacker's instincts. Executive's judgment.

Qasim Ijaz

Qasim Ijaz has spent his career on both sides of the firewall. As a penetration tester and red teamer, he attacked some of the world's largest cloud providers, banks, and healthcare enterprises to find what real adversaries would. As a security leader, he's built and scaled the programs that defend them. Today he directs cybersecurity for a multi-billion-dollar healthcare organization, through detection engineering, automation, and continuous purple teaming.
That dual fluency is what Hamrah is built on. Qasim is known for turning technical risk into decisions a board can act on, across vCSO advisory, vulnerability management, and cloud migrations during mergers.
He's a teacher at heart, mentoring emerging professionals because the best way to secure the industry is to grow the people in it.

Mentorship & community

Securing the industry means growing its people

  • Taught the "Adaptive Penetration Testing" course at Black Hat US & EU

  • Lead Instructor, OSCP Bootcamp (Evolve Academy)

  • Instructor, Cybersecurity Bootcamp at the Georgia Institute of Technology

  • Speaker across the BSides circuit (Atlanta, Augusta, Charleston, Denver, Pittsburgh, San Antonio, San Diego), plus NOLACON, BrrCon, HackRedCon, and Pacific Hackers Conference

  • A 4,000-strong following in the security community

Let's connect

Security through Partnership

Scoping a pen test, standing up a program, or staring down an incident? Start with a conversation.

Drop us a note.

Please fill out the form below to connect with Hamrah Security.By providing a telephone number and submitting this form you are consenting to be contacted by SMS text message. Message & data rates may apply.

© 2026 Harmah Security | Committed to protecting organizations with expert cybersecurity solutions.