Hassan Mussana
VP Cybersecurity Strategy//Link11//Frankfurt & Berlin
About

A cybersecurity leader who builds scalable security organizations by engineering cloud-native defense architectures. I bridge deep technical execution and board-level risk management — the leverage point between the grit of the SOC floor and the framing of a boardroom conversation.

Career

Lahore to Berlin, by way of detection rooms, IaC, and a 16-person security org.
Feb 2026 — Present
Current
Frankfurt, DE
Product
VP, Cybersecurity Strategy & WAAP Product
Link11 GmbH

Building WAAP product from the CISO's side of the table. Translating a decade of defending web & API architectures into the product a European security team actually wants to buy.

Aug 2021 — Jan 2026
4 yrs 6 mos
Berlin, DE
Leadership
Sr. Director, Infrastructure & Security (CISO)
Moonfare GmbH

Joined as first security hire. Left having built a 16-person function across Information Security, Enterprise IT, and Cloud Infrastructure. Led Moonfare to ISO 27001 in 2024, improved posture 300%, cut AWS spend 50%+ via architectural redesign, and spun up a company-wide AI governance program.

  • First security hire → 16-person org (7 security, 5 DevOps, 4 IT)
  • ISO 27001 certification, top-tier audit result
  • Monthly security ops report as a management artifact: attacks thwarted, MTTR/MTTD, business cost avoided
  • Led multiple incident response engagements end-to-end
Progression within Moonfare
Lead Security Engineer
Aug 2021
6 mos
Sr. Security Manager
Feb 2022
1 yr 8 mos
Director of Security (CISO)
Oct 2023
2 yrs
Sr. Director, Infra & Security (CISO)
Sep 2025
5 mos
Jun 2020 — Jul 2021
1 yr 2 mos
Berlin, DE
Engineering
Senior Security Engineer
HelloFresh Group

Investigated and mitigated the Codecov supply-chain incident (among others), earning company-wide recognition for response quality. Shipped Python/Docker/Terraform tooling that reshaped forensic speed, and built a custom vulnerability management CLI integrating Jira + GitHub across 1,000+ repos.

The move January 2019
PK DE Lahore → Hamburg
Jan 2019 — May 2020
1 yr 5 mos
Hamburg, DE
Engineering
DevSecOps Engineer
About You SE & Co. KG

Wrote IaC — Ansible, Terraform, CloudFormation, Packer — to deliver security-hardened AWS infrastructure for an enterprise e-commerce PaaS. Built deployment pipelines with health checks, security rulesets, and guardrails embedded directly as code.

Aug 2015 — Dec 2018
3 yrs 5 mos
Lahore, PK
Consulting
Senior Security Engineer (MSSP / SOC)
Ebryx (Pvt.) Ltd.

Worked 24/7 SOC floors. Engineered detection playbooks and SIEM correlation rules against MITRE ATT&CK for IOC hunting and anomaly detection. Embedded as resident security engineer for core clients — built custom AWS monitoring on CloudTrail, VPC Flow Logs, and GuardDuty that became backbone infrastructure at Careem/Uber MEA.

  • Detection engineering + SIEM correlation at MSSP scale
  • Cloud posture analysis across 50+ AWS accounts at Careem
  • On-site incident investigations and network pentests in Karachi
Progression within Ebryx
Associate Security Engineer
Aug 2015
6 mos
Security Engineer
Feb 2016
1 yr 5 mos
Sr. Security Engineer
Jul 2017
1 yr 6 mos
Sep 2011 — Jun 2015
4 yrs
Islamabad, PK
Education
B.E., Computer Software Engineering
National University of Sciences & Technology (NUST)

Where hands-on network security — pfSense, Untangle, L0phtCrack, John the Ripper — pulled me out of traditional dev and into cyber for good.

Moments

Stories behind the timeline — the parts worth telling.
A moment 01 of 03
Supply chain — twice, two hats

Different hats. Same muscle.

Supply-chain incidents are a leadership test more than a technical one — you can do all the IR right and still fail if your communication and prioritization are off.

First as the engineer leading technical response to Codecov at HelloFresh. Later as CISO at Moonfare, coordinating response to a third-party incident where a business counterparty’s breach created potential exposure on our side. Different technical profiles, same operational problem: scan fast, scope impact accurately, brief the board honestly, don’t let the noise derail the business.

I’ve come to think of supply chain as the most under-rated part of the threat model — and the part that’s hardest to run well when everyone’s already tired.

↑ Back to timeline
A moment 02 of 03
Moonfare — first hire to 16

Cyber, my way.

I wanted to know exactly why I should do X control before doing it, how it fits in the big picture, and build security as a function that moves the business forward instead of reacting to it.

Started with a small senior team — OffSec+AppSec, Detection & Enterprise Security, InfoSec, Cloud — and a clear thesis: onboard an MSSP for SIEM and detection from day one so internal engineers could focus on hardening, vulnerability management, IAM, and policy. Grew mid-level engineers on both red and blue sides over the next two years. Got Moonfare to ISO 27001 in 2024. Took on DevOps and IT in 2024–2025, reaching 16 headcount at peak: 7 security, 5 DevOps, 4 IT.

The artifact I’m most proud of isn’t a tool — it’s the monthly security ops report. Attacks thwarted. Where they came from. MTTD and MTTR. Business cost avoided. Translating operational security into language the rest of the company could actually read.

↑ Back to timeline
A moment 03 of 03
Careem — embedded, Lahore & Karachi

Resident engineer, 50+ AWS accounts.

Careem became my employer's client after a security incident. I got loaned out to build their detection capability from scratch.

Set up detection, ran cloud security posture analysis across 50+ AWS accounts, built CloudTrail rules and detection logic that later became the backbone of their SOC. Helped with several incident investigations, did on-site network pentests at their Karachi office, and worked alongside some of their best engineers.

Being embedded — sitting with a customer, inside their environment, at breach volume — teaches you something you can’t learn in an MSSP seat: security as a thing that happens inside someone else’s business, on their clock, with their priorities on your shoulders. Most of what I know about CISO-side tradeoffs started here.

↑ Back to timeline

Credentials

Two tracks, on purpose.
Leadership

What made me credible in a boardroom.

  • GSTRT — GIAC Strategic Planning, Policy & Leadership
  • CISM — Certified Information Security Manager (ISACA)
  • GSLC — GIAC Security Leadership Certification
  • GIAC Advisory Board Member
Technical

What keeps me honest in engineering conversations.

  • GCSA — GIAC Certified Cloud Security Automation · SANS SEC540 Cloudwars Challenge Coin Winner
  • AWS Certified Security — Specialty
  • CDP — Certified DevSecOps Professional
  • AWS Solutions Architect — Associate
Education

B.E., Computer Software Engineering
National University of Sciences & Technology (NUST), Islamabad · 2011–2015