818-9609-443
LSCP performs penetration testing and consulting on:
LSCP also conducts white-box penetration testing of applications via security code review.
Review of server configurations and social engineering attacks
are offered as a part of internal infrastructure penetration testing.
Sam Lyhin is a penetration testing leader with a decade of full-cycle offensive security across web, mobile, infrastructure, cloud, and AI/ML systems – scoping, testing, reporting, and validating remediation through to closure. He works with banks, financial-services firms, government, and global corporates, turning complex technical risk into clear, prioritized guidance for engineers and executives alike.
His edge is depth. Backed by years of hands-on programming in Python, Java, C/C++/C#, Node.js, PHP, and .NET, Sam’s white-box source-code reviews consistently surface high- and critical-severity issues that automated scanners and black-box testing miss – with roughly a 90% hit rate across engagements and in the LSCP Responsible Disclosure Lab. His research record includes 12+ CVEs, public exploits, bug-bounty findings (including Slack), and Level 3 standing on the Synack Red Team.
Sam also leads AI red teaming of production ML systems – finding vulnerabilities like prompt injection and model evasion mapped to MITRE ATLAS – alongside cloud penetration testing across AWS, Azure, and GCP and incident response for malware and business-email compromise. He previously built and led offensive security as a Manager at Deloitte before founding LSCP.
Beyond client work, he shares applied security insight through the EXP Lore Cyber® podcast and his ongoing The Security Spirit® commentary.
Sam holds a Bachelor’s degree in Applied Cryptography, from the National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”. Also, Sam holds the following subject-matter certifications:
