$ whoami

Nazmul Haque Jowel

Security Researcher · Bug Bounty Hunter

I find and responsibly disclose critical web vulnerabilities — work that has earned 470+ HackerOne reputation, monetary rewards, and recognition from some of the world's largest organisations.

470+ HackerOne Rep Monetary Rewards BugHunt 2026 Finalist
View recognitions → Get in touch
Nazmul Haque Jowel
root@jowel:~$
// recognised by
NASAUnited NationsWHOSony DisneyThomson ReutersStanford U.S. Dept. of EducationBugcrowdHackerOne
01

About

I'm a security researcher based in Dhaka, Bangladesh, focused on offensive security — web application penetration testing, vulnerability discovery, and responsible disclosure. Since 2023 I've reported validated critical and high-severity findings across major bug bounty programs.

I'm currently completing a B.Sc. in Software Engineering at Daffodil International University, where my thesis proposes a context-aware cybersecurity maturity framework for higher-education institutions.

location
Dhaka, Bangladesh
university
Daffodil International University
degree
B.Sc. Software Engineering
cgpa
3.52 / 4.00
graduation
Expected 2026
focus
Offensive Security
0 HackerOne reputation
0 Hall-of-fame recognitions
0 Certifications
Monetary rewards earned
02

Recognitions & Hall of Fame

Public acknowledgements for responsibly disclosed vulnerabilities and security work. Click any card to view the letter or certificate.

03

Experience

Security Researcher — Bug Bounty

Jan 2023 — Present

HackerOne · Remote

  • Discovered and responsibly disclosed critical and high-severity web vulnerabilities.
  • Earned 470+ reputation and monetary rewards through validated reports.
  • Recognised by NASA, the UN, WHO, Disney, Sony, Thomson Reuters, and Stanford.

Security Consultant / Penetration Tester

2024 — 2025

Kahf Yazılım A.Ş · BPDB

  • Performed web application penetration testing and security assessments.
  • Delivered actionable reports with exploitation paths and remediation guidance.

CTF Organiser & Problem Setter

2026

Cybersecurity Awareness Day — DIU

  • Organised a university-wide Capture The Flag competition.
  • Designed challenges spanning web security, OSINT, and real-world attack scenarios.
04

Projects

featured · thesis

Context-Aware Risk Model

Interactive demonstration of my thesis: a context-aware cybersecurity risk-rating model and institutional maturity self-assessment for higher-education, going beyond CVSS to weigh exploitability, asset criticality, and exposure.

TailwindChart-free SVGVanilla JSResearch
Open the live demo →
WiseCart

WiseCart

A smart product-comparison platform to find the best deals across online stores — compare prices and features in one place.

HTMLCSSJavaScript
View on GitHub →
tui_mor

tui_mor

A Flask app powered by deep learning to detect brain tumours from MRI scans — upload an image for instant AI-driven analysis.

PythonFlaskDeep Learning
View on GitHub →
portfolio

portfolio

A clean, responsive showcase of security research, bug bounty achievements, and professional certifications.

HTMLCSSJavaScript
View on GitHub →
05

Skills & Certifications

offensive_security

Web App Security
95
Penetration Testing
90
Vulnerability Research
90

recon_osint

Recon
90
OSINT
85
Asset Enumeration
85

reporting

Technical Reports
90
Security Documentation
85

certifications

  • Certified AppSec Practitioner v2 (CAP)
  • Google Cybersecurity Professional Certificate
  • Certified Cyber Security Analyst (C3SA)

toolkit

Burp SuiteNmapNucleiSubfinderffuf PythonBashLinuxGitHackerOne
06

Contact

Open to security research roles, freelance pentesting, and collaboration. The fastest way to reach me:

email jowel2305341452@diu.edu.bd phone (+880) 1974933788 linkedin linkedin.com/in/nazmul-haque-jowel hackerone hackerone.com/naga_nazmul github github.com/KafkaScribe
location Dhaka, Bangladesh