Available for work
An Ethical H4cker — ethically breaking systems to uncover vulnerabilities and elevate organizations’ security posture.
ECE
PRC
ECT
PRC
CWES/CBBH
HackTheBox
CAPen
The SecOps Group
eJPT
INE Security
What I can do
From web applications to internal networks. Thorough vulnerability assessments and penetration testing that uncover real-world vulnerabilities, strengthening infrastructures, and deliver commercial-grade reports with clear remediation guidance.
From detection to containment. Structured incident response and case handling across various blue team domains such as email security, endpoint security, web security, and identity security.
From design to deployment. Built AI-driven solutions, mobile applications, and Python modules extending ERP functionality, streamlining real-world challenges, and delivering scalable, production-ready systems across enterprise environments.
Learnings
Gained hands-on experience in modern web application security through CWES, covering end-to-end offensive techniques, vulnerability exploitation, and structured penetration testing methodologies. Developed practical skills in identifying and exploiting common web vulnerabilities including SQL injection, cross-site scripting (XSS), command injection, file inclusion, authentication weaknesses, and session security flaws across realistic attack scenarios in controlled environments.
Built proficiency in analyzing HTTP traffic, using web proxies, conducting reconnaissance, fuzzing, and performing JavaScript deobfuscation to uncover hidden attack surfaces and security misconfigurations. Strengthened understanding of request manipulation, enumeration techniques, and web application behavior analysis to support comprehensive and systematic security assessments across diverse targets.
Explored advanced web security topics including API security testing, GraphQL attacks, file upload exploitation, brute-force techniques, and assessments of commonly deployed applications such as WordPress and similar CMS platforms. Applied offensive methodologies to simulate real-world attack chains, validate vulnerabilities, and assess potential business impact across modern application environments and architectures.
Enhanced the ability to execute structured penetration testing workflows from information gathering and exploitation to impact analysis and professional reporting. Developed a methodical approach to vulnerability validation, risk prioritization, and remediation guidance, reinforcing practical offensive security skills aligned with real-world web application assessments, security operations, and bug bounty processes.
Demonstrated practical expertise in identifying, exploiting, and reporting security vulnerabilities in modern web applications through hands-on penetration testing methodologies.
View credential →Validated foundational offensive security skills in network enumeration, exploitation, web application testing, and real-world penetration testing workflows.
View credential →Built foundational and intermediate Python programming skills through hands-on problem solving, automation, data handling, file operations, regular expressions, testing, and object-oriented programming concepts.
View credential →Professionally licensed in electronics engineering and technical operations, with competencies in communications systems, electronics design, troubleshooting, maintenance, and applied engineering principles.
About me
I'm Jyd Rey Mercado, a dedicated information security professional who consistently demonstrated academic excellence and now applies the same level of discipline, commitment, and continuous learning to my professional career.
I have experience in both offensive and defensive cybersecurity domains, with a stronger focus on security assessments which strengthen the security posture of applications and network infrastructures.
Security Stack
Work
- Conducts vulnerability assessments and penetration testing across web applications and network systems.
- Delivers comprehensive security assessment reports and remediation recommendations.
- Supports case handling in blue team domains including Email Security, Web Security, Identity Security, and Endpoint Security.
- Trained computer vision models such as YOLOv8 for real-world detection and classification.
- Built monitoring applications for tracking system status, performance, and sensor outputs in real time.
- Designed and implemented embedded system solutions integrating software with physical hardware components.
- Trained in Enterprise Resource Planning (ERP) application module development.
- Built custom Python modules extending ERP functionality.
- Experienced using Docker for containerization and multi-container management.
Background
Polytechnic University of the Philippines
2020 - 2024
Angono National High School
2018 - 2020
Muzon National High School
2014 - 2018Get in touch
I'm open to security engagements including but not limited to penetration testing, vulnerability assessments, and bug bounty hunting.