Cybersecurity · Systems · Low-Level Engineering

Tomasz
Pieniążek

Cybersecurity specialist and C programmer focused on systems that must stay predictable under pressure. I analyze attack surfaces, build reliable tooling, and write code close to the metal.

View ProjectsContact
01Profile

Engineering with an attacker mindset.

I prefer understanding systems at implementation depth: interfaces, assumptions, and failure behavior.

I am Tomasz Pieniążek, a Poland-based builder focused on cybersecurity and low-level programming. My work combines hands-on offensive thinking with practical systems engineering.

I am also a student (2022-2027) at Techni Schools, a private technical school focused on programming.

I care about clear threat models, robust internals, and tooling that stays useful under real constraints. If something matters, I want to know how it fails and how to make it fail safely.

Most of my projects are built to learn deeply: write it yourself, test it hard, observe behavior, and iterate from evidence.

Operating Principles

  • Security before features when trust boundaries are unclear.
  • Explicit tradeoffs over accidental complexity.
  • Low-level understanding as a force multiplier.
02Expertise

Security-first engineering domains

Linux Administration

Terminal-first administration with operational control over hosts, services, and network boundaries.

  • Permissions, processes, services, and system logs
  • iptables/nftables rules, cron scheduling, and systemd management
  • Hands-on CLI workflow for daily operations
Linuxsystemdiptablesnftables

Web Application Security

Practical OWASP-driven testing with focus on root cause and exploitability, not checklist-only scanning.

  • OWASP Top 10: SQLi, XSS, CSRF, SSRF, IDOR, broken auth and more
  • Cookies, sessions, JWT behavior and auth edge cases
  • Same-origin policy and CORS misconfiguration analysis
OWASP Top 10AuthCORSJWT

Network Security

Network-layer reasoning for detection, segmentation, and attack-path analysis across real environments.

  • Firewalls and IDS/IPS concepts
  • VPN and proxy behavior in secure architectures
  • Traffic analysis for anomaly and exposure detection
FirewallsIDS/IPSVPNTraffic Analysis

Cryptography Basics

Security design awareness around cryptographic primitives and common implementation failures.

  • Symmetric vs asymmetric cryptography and hashing
  • Digital signatures, PKI, and trust chains
  • Pitfalls: ECB mode misuse, padding-oracle style weaknesses
PKISignaturesHashingCrypto Pitfalls

Reverse Engineering Basics

Binary analysis fundamentals for understanding unknown code paths and low-level behavior.

  • Reading disassembly and control-flow patterns
  • Calling conventions and stack/register reasoning
  • Basic x86/x64 reversing workflow
Disassemblyx86/x64Calling ConventionsRE
03Stack

Languages, tools, and technical terrain

Core capabilities across programming, security tooling, and operations.

Programming Skills

  • Git

    Daily

    Version control for code, experiments, and release flow

  • Python

    Strong

    TensorFlow, PyTorch, pandas, matplotlib

  • Python Environments

    Strong

    pip, venv, virtualenv dependency management

  • Jupyter

    Working

    Prototyping and data exploration

  • C

    Advanced

    Systems programming and performance-focused implementation

  • Make / CMake

    Strong

    Build systems for C projects

  • GDB

    Non-negotiable

    Stepping, breakpoints, and memory inspection

  • LLM Engineering

    Active

    OpenAPI usage, simple MCP servers, and LM Studio workflows

Security Tools

  • Burp Suite

    Core

    Primary web testing platform

    Recommended Core Tool

  • CyberChef

    Frequent

    Rapid data transformation and decoding

  • OpenSSL

    Frequent

    TLS and crypto inspection workflows

  • Nikto

    Frequent

    Web server scanning and baseline checks

  • sqlmap

    Frequent

    SQL injection testing automation

  • Metasploit

    Working

    Controlled exploit framework usage

  • Nmap

    Frequent

    Recon and service enumeration

  • Gophish

    Working

    Phishing simulation awareness

  • Wazuh

    Working

    SIEM and monitoring operations

Operations

  • Linux Administration

    Daily

    permissions, processes, services, logs

  • Service Control

    Daily

    systemd units, restart policies, lifecycle ops

  • Task Scheduling

    Strong

    cron jobs and automated maintenance

  • Network Control

    Strong

    iptables/nftables filtering and policy setup

04Projects

Selected builds and security experiments

A focused selection of production-minded security engineering work.

HomeLab

Active Build

A practical cybersecurity lab environment for testing attack paths, detection quality, and hardening decisions under controlled conditions.

Used as a repeatable proving ground for security workflows across network and application layers, with emphasis on evidence-driven remediation.

LinuxWazuhNmapBurp SuiteNetworking
Open Details

ScanPanel

Production-Ready MVP

A full-stack security scanning platform that orchestrates Nmap, OpenVAS, Nuclei, and Nikto with live scan tracking, normalized findings, and analyst-focused triage workflows.

Built and shipped end-to-end architecture with queue-driven workers, scanner adapters, result deduplication, and production-focused reliability fixes so scans run consistently in containerized environments.

Next.jsFastAPIPostgreSQLRedisDockerOpenVASNmap
Open Details

Database-Engine

In Progress

Custom database engine project focused on understanding storage internals, query execution, and performance tradeoffs at implementation level.

Builds low-level systems skills by implementing core database mechanisms directly instead of relying on black-box abstractions.

C/C++Data StructuresStorage EngineQuery Processing
Open Details
05Education & Experience

Learning and internship timeline

2022 - 2027

Student, Niepubliczne Technikum Programistyczne Techni Schools

Private programming-focused technical school. According to Techni Schools materials, the program extends core curriculum with cybersecurity, AI, and game programming, and emphasizes practical learning on business-used technologies (including web/backend, cloud/devops, and low-level C/C++), plus internship-oriented experience.

technischools.com

2023

Summer Cybersecurity Internship at Empik

Internship period focused on practical exposure to security workflows and team operations.

2024

Summer Cybersecurity Internship at Empik

Second internship term with expanded cybersecurity responsibilities and hands-on tasks.

2025

Summer Cybersecurity Internship at OTCF

Summer internship centered on real-world security processes and operational support.

2025 | Ongoing

Cybersecurity Intern at OTCF

Ongoing internship role with continued growth in security engineering and incident-aware operations.

06Contact

Open to collaboration and security work

GitHub

TomekPieniazek

LinkedIn

Tomasz Pieniążek

Email

tomek.pieniazek@omnimap.pl