Skip to content
View marksowell's full-sized avatar
💻
Focusing
💻
Focusing

Organizations

@zoom @checkpoint-pentest

Block or report marksowell

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
marksowell/README.md

Mark Sowell

Hi! I'm Mark

I am an experienced penetration tester and application security leader specializing in offensive security, security consulting, presales, and application security strategy across the following areas:

  • Web applications
  • Mobile applications (Android & iOS)
  • Desktop applications
  • APIs, SDKs, and Web Services
  • Cloud and SaaS platforms
  • Microservices and containerized applications
  • Serverless and distributed applications
  • AI-enabled platforms, integrations, and emerging technologies

Over the years, I have led application security initiatives, offensive security programs, and large-scale security assessments to strengthen security posture and reduce organizational risk.

Experience:

  • Strategic Leadership: Defining methodologies, creating tooling and workflows, and establishing best practices across offensive security and application security programs.
  • Security Consulting & Advisory: Principal-level application security leader and trusted advisor across web, mobile, cloud, API, AI, and enterprise security initiatives.
  • Presales & Customer Engagement: Supporting engagements from discovery and scoping through technical strategy, executive communication, delivery, and long-term customer success.
  • Team Leadership & Mentorship: Leading and mentoring penetration testers and security consultants through hiring, onboarding, escalations, technical enablement, and quality assurance across distributed teams.
  • Application & Platform Security: Assessing APIs, OAuth integrations, SaaS platforms, cloud-native applications, AI-enabled workflows, and distributed architectures.
  • AI & Emerging Technologies: Evaluating AI-enabled applications and integrations while helping organizations understand emerging attack surfaces and security risks.
  • Comprehensive Security Assessments: Leading external, internal, application, cloud, red team, and physical security assessments including attack path analysis, remediation guidance, and executive reporting.
  • Cross-Functional Collaboration: Partnering with engineering, product, architecture, operations, and security teams to improve remediation efforts and secure development practices across complex environments.

I focus on combining deep technical expertise with leadership to help organizations build scalable and effective security programs.

Here are some stats about the languages I use in my repositories:

Top Langs

Connect with me

marksowell.com    Mark Sowell | LinkedIn    Mark Sowell | X    Mark Sowell | GitHub    Mark Sowell | Slack    Mark Sowell | Discord    Mark Sowell | YouTube    Mark Sowell | Telegram    Mark Sowell | Medium

Research platforms

Mark Sowell | TryHackMe    Mark Sowell | Hack The Box    Mark Sowell | HackerOne    Mark Sowell | Bugcrowd   

Certifications

Mark Sowell | Accredible    Mark Sowell | Credly    Mark Sowell | EC-Council   

Bookshelf

Goodreads Logo

Scrolling Image

Pinned Loading

  1. aws-account-finder aws-account-finder Public

    Find an AWS Account ID from any S3 Bucket

    Python 3

  2. Info-Leakage Info-Leakage Public

    Burp Suite extension designed to help security professionals search for custom sensitive information in HTTP responses

    Python 10 1

  3. stars stars Public

    A curated list of my GitHub stars!

    7 3

  4. kautolog kautolog Public

    Automatic terminal session logging for Bash and Zsh. Captures every command, prompt, and output in real time, with per-session files, replay support, and optional cloud sync. Ideal for security exa…

    Python 10

  5. Kali-Linux-to-DigitalOcean Kali-Linux-to-DigitalOcean Public

    A GitHub Action to convert the Kali Linux Generic Cloud Image and upload it to Custom Images in DigitalOcean.

    15 57

  6. DigitalOcean-Droplet-Deploy DigitalOcean-Droplet-Deploy Public

    Deploy a DigitalOcean Droplet with Docker, Nginx, and automatic HTTPS

    3 1