Feb 2025 – Oct 2025 · 8 mos · Greater Pittsburgh Region · Remote

• Execution Lead: Scope and perform offensive security engagements including red teaming, internal/external penetration tests, cloud, web, mobile, etc.
• Research & Innovation: Drive R&D initiatives in EDR security and Windows internals. Discovered vulnerabilities and wrote exploits for multiple Windows driver 0-days.
• Training & Content Development: Develop technical content and deliver offensive security talks and trainings both remotely and at infosec conferences.
• Operational & Team Leadership: Mentor and guide a team of consultants and offensive security engineers.

Nov 2023 – Mar 2024 · 4 mos · Remote

Mar 2023 – Feb 2025 · 1 yr 11 mos · Remote

• I lead UPMC's Red Team, executing offensive security engagements such as red team engagements, infrastructure penetration tests, web app pentests, purple team engagements, and PCI pentests. I also do research into evasion & stealth practices including EDR evasion.
• Infrastructure penetration testing & red teaming
• Offensive capabilities development & EDR research (C, C++, scripting)
• Web application security & penetration testing
• Active Directory security

Nov 2021 – Mar 2023 · 1 yr 4 mos · Remote

• Lead red team & offensive security activities: penetration tests, red team engagements, "purple" team activities working with SOC, compliance testing, etc.
• Application security: web application assessments & scanning with Burp Pro/Enterprise and AppScan, investigating results, communicating issues to app owners and consulting on remediation
• Vulnerability assessment & management activities: manual vulnerability analysis & identification, scripting, assisting in Rapid7 Nexpose/InsightVM scanning activities
• Training: mentor vuln team members and cross-train other teams in technical cybersecurity skills

Mar 2023 – Mar 2025 · 2 yrs · Hybrid

• I currently provide instructor-led training and course development for technical cybersecurity courses to help students prepare for certification exams such as the industry-leading OSCP (OffSec Certified Professional) and OSED (OffSec Exploit Developer).
• I have played a key role in content development for the PEN-200 OSCP course as well as led the content development for the EXP-301 OSED course including custom lab development. I am currently working on developing content for the PEN-300 OSEP course as well.

Aug 2021 – Present · 4 yrs 7 mos · Pittsburgh, Pennsylvania, United States

• Security consulting: penetration testing (infrastructure, web app, PCI, red team), security architecture, training, forensics, etc.
• Offensive security training

Apr 2020 – Nov 2021 · 1 yr 7 mos · Remote

• Infrastructure and web application penetration testing.
• Internal pentests
• External pentests
• Web application pentests
• Mobile application pentests
• PCI pentests

Jan 2019 – Apr 2020 · 1 yr 3 mos

• Offensive security consulting including infrastructure & network pentesting, exploit development, web application pentesting & souce code review, and adhoc hacking things for clients.

Jan 2017 – Jan 2019 · 2 yrs

• Completed four rotations: Cyber risk management, Linux system administration, network engineering, and red team.
• I performed offensive security tests, including: wireless and infrastructure penetration tests on hospital networks, web application tests, and mobile/medical device penetration tests. I ended up spearheading the development of the Red Team, supporting the vulnerability management & application security team.

May 2016 – Jan 2017 · 8 mos · Greater Pittsburgh Region

• Threat intelligence custom tool development, phishing incident response.