Cybersecurity undergraduate and web developer based in Sri Lanka, passionate about penetration testing, VAPT, and ethical hacking.
Loading
Cybersecurity undergraduate and web developer based in Sri Lanka, passionate about penetration testing, VAPT, and ethical hacking.
I'm Nethra Wedage — a cybersecurity practitioner, IT Executive, and web developer based in Sri Lanka. I spend my days hardening enterprise infrastructure and my evenings breaking into machines on HackTheBox. This page is the full story.
My Story
My journey into technology didn't start with a career plan — it started with curiosity about how systems actually work underneath the surface. As a teenager I was already tinkering with Linux, reading CVE disclosures for fun, and trying to understand why software breaks the way it does. That curiosity turned into a deliberate path in cybersecurity.
"The best defence is understanding exactly how the offence thinks — so I made sure to learn both sides."
I started formally at CICRA Campus — picking up my Certificate in Ethical Hacking in 2020, then the Advanced Certificate in Network & System Administration (NVQ 4), then a full Diploma in Cyber Security (NVQ 5). Each qualification added depth: from basic vulnerability identification, through enterprise infrastructure, to structured penetration testing methodology.
Professionally, my first real-world exposure came through IT support roles at Commercial Bank and MAS Intimates — high-pressure environments that showed me how real organisations manage (and mismanage) their infrastructure. Seeing the gap between textbook security and what organisations actually run in production was eye-opening, and it sharpened my focus on practical, context-aware security work.
Today I serve as Executive — IT at Timex Garments, where I lead the full IT function: designing and deploying Active Directory environments, managing Windows Servers, overseeing network infrastructure, and building internal tooling in PHP/MySQL. Alongside that, I'm completing my HND in Cybersecurity at Esoft Metro Campus and actively pursuing offensive skills through CTF platforms, self-led VAPT engagements, and independent research.
"I'm not just studying security. I'm practising it — on real infrastructure, real machines, real problems."
The goal is to move fully into offensive security consulting — performing penetration tests and VAPT engagements professionally, producing clear risk-rated reports that actually drive remediation, and eventually contributing to the security community through research and open tooling.
Years in professional IT across banking, manufacturing & enterprise environments
CTF challenges solved across web, reversing, crypto, and forensics categories
Production web projects and internal tools shipped, from portfolio sites to full IMS builds
Formal qualifications in cybersecurity, networking, and system administration
What I Enjoy
Currently Focused On
I believe the security industry needs practitioners who understand both sides of the fence — people who can build reliable infrastructure and then stress-test it like an adversary would. That dual perspective is what drives everything I do.
Understanding attack patterns is the only reliable way to build defences that hold under real-world conditions.
The threat landscape shifts daily. CTFs, writeups, labs, and certifications are the ongoing cost of doing this job well.
A finding no one understands doesn't get fixed. Security value is only delivered when findings reach the right audience.
Every engagement runs within explicit scope, with proper authorisation, and with the client's best interests first.
Skills
Security
Development & Infrastructure
Journey
Timex Garments (PVT) Ltd. · Promoted from Staff Officer IT
Leading the full IT function — Active Directory design and deployment, Windows Server management, network infrastructure, endpoint security via Kaspersky, and internal software development. Built a PHP/MySQL Inventory Management System from scratch. Managed a complete server environment overhaul across AD, File, Web, and Kaspersky servers.
MAS Intimates (PVT) Ltd. · via Eureka Technology Partners
On-site support for one of Sri Lanka's largest apparel manufacturers — hardware, software, and network troubleshooting across a large multi-department production environment. Gained exposure to enterprise-scale IT operations under high uptime pressure.
Commercial Bank (PVT) Ltd. · via Zeal (Pvt) Ltd
Technical support in a high-security banking environment — maintaining critical systems, responding to incidents, and ensuring uptime across branch operations within strict compliance and audit frameworks. First real exposure to regulated-industry IT security practices.
Key Projects
Esoft Metro Campus
Advanced program covering offensive and defensive cybersecurity — network security architecture, ethical hacking methodologies, digital forensics, incident response, and secure software development. Extends the CICRA foundation into a comprehensive, degree-pathway qualification.
CICRA Campus
NVQ Level 5 qualification covering vulnerability assessment, network defence, penetration testing methodology, and security policy development. Provided the structured methodology framework underlying all subsequent professional security work.
CICRA Campus
Deep coverage of Windows Server administration, Active Directory, network protocols, and enterprise infrastructure management. The skills gained here directly enabled later roles managing real corporate environments at Timex and MAS.
CICRA Campus
Foundation skills in ethical hacking, basic vulnerability identification, and security testing — the starting point that confirmed cybersecurity was the path to commit to fully.
Certifications
Targets
Let's Work Together
Whether you need a penetration test, a VAPT engagement, a web project, or just want to talk security — let's get in touch.
