Dec 2023 – Jun 2024 · 6 mos

• Advised startup founders whose companies are working towards addressing the 17 Sustainable Development Goals.
• Provided coaching and guidance on a wide range of topics related to Security. These requests encompass building robust security protocols, developing incident response plans, enhancing cybersecurity awareness and training, implementing access control measures, and ensuring data protection and compliance.

Nov 2023 – Jun 2024 · 7 mos

• Conducted comprehensive security analysis of Google Cloud Platform (GCP) products, identifying critical vulnerabilities across various product classes.
• Leveraged threat intelligence data to uncover and exploit new attack vectors, successfully compromising over 200 high-value production systems on GCP.
• Contributed to developing an internal tool to map potential attack paths within GCP infrastructure, catering specifically to Alphabet's extensive use of GCP services.
• Designed and executed strategic offensive security campaigns, providing leadership and mentorship to team members throughout the initiatives.
• Developed and documented security policies for implementing cloud security products, including VPC-SC, within Google's GCP infrastructure.

Sep 2022 – Oct 2023 · 1 yr 1 mo

• Became subject matter expert in cloud database products offered by GCP.
• Ensured the implementation and design of safe architecture within GCP products by consulting various product teams.
• Designed, created, and maintained continuous integration tooling used internally to detect vulnerabilities in code.
• Planned, led, and executed red team exercises to exfiltrate user data. Discovered new exfiltration vectors and web application vulnerabilities in public Google products.
• Conducted design and implementation reviews for products handling user and financial data.

Jun 2021 – Aug 2021 · 2 mos · Greater Seattle Area

• Contributed to developing Golang-based tooling to detect security misconfigurations and vulnerabilities in infrastructure as Code (Terraform).
• Wrote peer-reviewed software design document outlining the development I completed.
• Integrated tool into existing Continuous Integration pipelines and
• pre-deployment checks.
• Developed the dynamic generation of functions for a library used to convert
• Terraform resources to cloud metadata. Used Ruby and the Embedded Ruby
• templating engine to generate and test entries dynamically.

Jan 2021 – Apr 2021 · 3 mos · Tempe, Arizona, United States

• Performed source code reviews, network, cloud, and web application penetration tests.
• Built internal scripts, tools, and methodologies.
• Developed comprehensive and accurate reports along with presentations for both technical and executive audiences.
• Worked with client security and IT operation teams to implement remediation plans.

Jun 2020 – Aug 2020 · 2 mos · Rome, New York, United States

• Engaged in intensive Advanced Course in Engineering (ACE) cyber warfare boot camp through rigorous coursework, research, and multi-domain field operations.
• Solved graduate-level challenges for open-ended Air-Force relevant problems in exploit development, hardware security, covert communications, software reverse engineering, and red team operations.
• Participated in leadership and technical development under the mentorship of distinguished leaders in the government and military.
• Planned, lead, and executed a simulated cyber warfare campaign.