Hi, I’m Mateusz Lewczak—though many know me as LeftarCode. I work as a Penetration Tester at SECURITUM, where I get to turn my passion for offensive security into real-world impact every day. Specializing in Hardware Security and Desktop Application Security, I thrive on understanding how systems are built—and then figuring out how to break them before the bad guys do.

For over three years at SECURITUM, I’ve led more than 150 web application pentesting projects for some of Europe’s biggest companies. Every project is a chance to learn something new, and I enjoy sharing these insights with my fellow security professionals.

Before joining SECURITUM, I sharpened my skills as a Junior Cybersecurity Engineer at BLUE energy Sp. z o.o., running penetration tests, building automation tools, reviewing source code, and even setting up secure infrastructures with Infrastructure as Code (IaC). I also gained a solid technical foundation working as a Full-stack Developer, IT Support Specialist, Junior Node.js Developer, and Junior Android Developer—experiences that taught me a lot about teamwork, development, and troubleshooting.

When I’m not at work, I’m busy expanding my horizons. I’m currently studying Applied Computer Science at the Warsaw University of Technology, fueled by a lifelong curiosity about program analysis and verification. My academic journey started at the Zespół Szkół Teleinformatycznych i Elektronicznych, where I was honored with the Polish Prime Minister Scholarship.

I also love to experiment with side projects. Whether I’m developing the khazad-dum library to secure application secrets with TPM2, creating hashslayer—a tool that shows off AWS EC2 FPGA power for cracking hashes—or building an educational OS called bubelos, I’m always exploring new ideas. I even dive into projects that cover everything from cold boot attacks and TPM security to Python hacking, a C++ path tracing engine, and an educational microcontroller.

Sharing knowledge is just as important as gaining it. I’ve had the pleasure of speaking at events like Sekurak Academy, BSides Warsaw, and Mega Sekurak Hacking Party, where I discuss everything from cutting-edge pentesting techniques to practical lessons from the field. My work has been featured in several publications on securitum.com, covering topics that range from managing application secrets to the intricacies of cold boot attacks.

My guiding philosophy is simple: “If You Can Make It, You Can Break It!” I truly believe that understanding how something is built is the first step to keeping it secure. When I’m not testing systems or speaking at conferences, you’ll find me writing on my blog leftarcode.com or curating practical insights on boringitsec.com.

Thanks for stopping by—I’m always excited to connect with fellow tech enthusiasts and security professionals!