Oct 2022 – Jun 2023 · 8 mos · Vancouver, British Columbia, Canada · Remote

• I was given an idea for a static analysis tool. The tool should generate an OpenAPI specification document from the source code of the back end without dynamic analysis.
• I devised methods to implement the idea from scratch. Came up with ways to extract information from code and process it to generate the output. The code is written in Go.

Apr 2019 – Jul 2022 · 3 yrs 3 mos · Vancouver, British Columbia, Canada

• Hacking videogames sparks joy.
• Worked on most games and services released during my employment.
• Some examples: Star Wars: Squadrons, FIFA, Battlefield 2042, C&C Remastered, Origin, and EA (Desktop) App.
• Game clients, servers, mobile and web companion apps, some cloud infrastructure, and 3rd party integrations.
• Static Analysis: Created custom Semgrep rules and found vulnerabilities in code. Popular languages were C, C++, Java, Python, Go, and even Rust.
• Documentation: Everything I did and learned is internally documented.
• Automation: Wrote glue code and customized Nuclei, Burp, and Masscan to scan the internal network for specific issues.
• Coordinated Disclosure program: Handled incoming reports and performed triaging, variant hunting, and root cause analysis.
• What I didn’t do: Break DRM, bypass Anti-Cheat, or create cheats. These are handled by a different team.

Nov 2016 – Mar 2019 · 2 yrs 4 mos · Washington DC-Baltimore Area

• Enterprise Blockchain platforms: These platforms leverage the technology but are NOT cryptocurrencies. We developed a tool to attack Hyperledger Fabric and presented it at DEF CON 26.
• Thick-clients (native and managed code).
• Reverse engineering custom protocols (usually binary). I have written a couple of custom fuzzers.
• Mobile applications: Mainly Android and iOS, some Windows Mobile, even Blackberry.
• Web applications: This is our bread and butter. Currently, I mostly do manual testing with Burp. But I used to run Appscan daily when I had just started in the industry.
• Tool development: Most of my tools used to be in Python, now everything is in Go.
• Cryptography: I have analyzed complex systems, white-box cryptography, and even some custom ciphers.

May 2013 – Nov 2016 · 3 yrs 6 mos · Washington D.C. Metro Area

• Started as an Associate Consultant in May 2013, worked my way up.
• Cigital joined the Synopsys Software Integrity Group (SIG) in December 2016.

Sep 2012 – Dec 2012 · 3 mos · Washington DC-Baltimore Area

• Course assistant for Theory of Computation graduate course.
• Holding regular office hours.
• Grading homeworks and assignments.