I like to make, break, and fix things to see how they work inside out.

I started in InfoSec with an software development background and leveraged it for vulnerability research, while expanding on infrastructure security. Previously, I was a Senior Security Consultant at Security Compass. It's amazing to have a career that revolves around my hobbies.

On the offensive side, I like to find high impact vulnerabilities, develop implants, and plan targeted operations. On the defensive side, I've implemented a enterprise-wide SDLC initiative and have taught defensive web security courses internationally.

Some of my free time is spent writing code, reversing, researching malware, or participating in CTFs. A subset of my past findings have CVE identifiers:

  • CVE-2016-5563: Unauthenticated and Privileged RCE in Oracle OPERA
  • CVE-2016-5564: Exposure of Oracle SQL Database Credentials in Oracle OPERA
  • CVE-2016-5565: Session Hijacking via Exposed Logs in Oracle OPERA
  • CVE-2017-3762: Insecure OS Credentials Storage in Lenovo Fingerprint Manager
  • CVE-2018-11228: Unauthenticated RCE via Bash Shell Service in Crestron TSW-XX60
  • CVE-2018-11229: Unauthenticated RCE via Command Injection in Crestron TSW-XX60

Outside of work-related interests, I try to stay updated on emerging technologies (e.g. space exploration and AI) to the extent I can practically understand them. I also like to consume anything that reminds me of The Twilight Zone, read science fiction, and spend time with friends and family.

The views expressed here are mine alone and not necessarily representative of the views of my employers. The information contained within this website is supplied "as-is" with no warranties or guarantees of use or otherwise. I accept no responsibility for any damage caused by the use or misuse of such information.