Aug 2023 – Jan 2024 · 5 mos · New York City Metropolitan Area · On-site

Jul 2023 – Jul 2023 · 0 mo · San Francisco Bay Area · Hybrid

Jul 2021 – Jul 2023 · 2 yrs · San Francisco Bay Area · Hybrid

• Worked with the AWS Console team to secure new features and maintain the
• security of legacy systems. Helped develop threat models, pentest scoping, and
• did pentest work with teams
• Started an open source security group to maintain a consistent bar for open
• source software produced by AWS
• Coordinated and reviewed the security of dozens of services simultaneously to
• ensure the Buy With Prime product's secure, timely launch
• Performed penetration tests on new and existing AWS services
• Built automated tooling to maintain baseline security controls for 100+ new
• services being launched
• Became SME for authentication, authorization, and front-end security within
• team
• Worked cross function with formal reasoning specialists to model
• authentication and authorization properties of systems to identify
• vulnerabilities
• Authored guidance for entire AWS Security organization, as well as served as
• one of the editors for the AWS security knowledge base
• Mentored new security engineers through complex reviews

Sep 2021 – Present · 4 yrs 6 mos · Hybrid

Aug 2019 – Jun 2021 · 1 yr 10 mos · Pleasanton, California, United States

• Performed vulnerability research on customer facing and internal applications
• Performed security audits and code review on business critical infrastructure
• Performed network penetration testing against corporate and production systems
• to find and remediate vulnerabilities
• Performed Red Teaming exercises, involving evaluations of Workday from low or
• non-privileged access
• Authored novel malware frameworks and infrastructure to avoid SOC detections
• Started the open sourcing program for Workday offensive security and
• contributed the first tool
• Co-maintainer and co-architecture of Workday's custom, scaling, automated SAST platform
• Managed entire pentest lifecycle, including scoping, threat modeling,
• developer interaction, and follow up, in addition to executing tests
• Developed process and procedure for scaling security reviews, as well as
• automation to aid with processes and procedures

Jun 2018 – Aug 2018 · 2 mos · Pleasanton, CA

• Worked as a penetration tester on various internal and external applications, primarily web based
• Helped develop SAST/DAST automation solutions to aid in security review scaling
• Managed kickoff and wrapup meetings, as well as worked with development teams to remediate security vulnerabilities.

Jun 2017 – Sep 2017 · 3 mos · Pleasanton, California

• Worked as a penetration tester on various internal and external applications, primarily web based.
• Consulted and gave recommendations on improvement to cryptography systems being implemented by Workday.
• Build custom penetration test automation tooling for security team

Jun 2016 – Jan 2017 · 7 mos · Pleasanton, CA

• Worked as a penetration tester on various internal and external applications, primarily web based.
• Wrote and deployed a Java-based LDAP/S library for developers.
• Deployed Splunk dashboards for easier Tier 1 incident response.

Jun 2018 – Jun 2019 · 1 yr

• Instructor for CPE 357 (Systems Programming)
• Instructor for CPE 453 (Intro To Operating Systems)
• Instructor for CPE 213 (MATLAB for Engineers)

Sep 2015 – Jun 2019 · 3 yrs 9 mos

• • Tutored students on concepts including introductory programming, data structures, Java OOP, computer architecture, and systems programming

Sep 2015 – Jun 2018 · 2 yrs 9 mos

• TA for courses: Intro to Programming, Intro to Databases, Systems Programming, Network And Web Security, and Intro to Security
• Wrote and maintained the automatic grading tools used by various professors
• Helped professors develop security-oriented class material for Intro to Security courses

Mar 2015 – Sep 2015 · 6 mos

• Contributed to open source product Mattermost, the central platform for SpinPunch
• Developed and maintained a ground up Go server
• Developed and maintained a Flux-style React web app
• Created CLI-style interface for shortcuts to key actions in Mattermost

Aug 2013 – Jan 2014 · 5 mos · San Rafael, California

• Data mined the Kaiser patient database, forming and testing different hypothesizes using statistical analysis, and generating graphical information to convey said hypothesizes.
• Published a paper which was accepted in the Society for Critical Care Medicine Journal. Presented findings at the annual congress