Jan 2023 – May 2024 · 1 yr 4 mos · NYC · Remote

Dec 2021 – Dec 2022 · 1 yr · NYC

• Emoji curator: Uploaded over 160 Slack Emojis, notably cat-popcorn, vince-2, tada-its-beans, behind-seven-hotdogs, and party-fidget-spinner.

Jan 2019 – Jan 2023 · 4 yrs

• Rambling for hundreds of hours.
• Terminal & Bash: command line tools, including awk and sed, on a Ubuntu virtual machine setup via vagrant.
• Linux & Windows Sysadmin Fundamentals: Linux filesystem and hierarchy, file and user permissions (ACL), cronjob scheduling and crontab, managing running processes and services, package managers, password auditing tools like 'john', system privileges, Active Directory, group policies.
• Archiving and Logging Data: archiving tools (tar), auditing and logging tools (journalctl, logrotate, auditd).
• Network Security: Secure network architecture & diagrams, firewall configuration and management, snort rules, network security monitoring tools, port scanning (nmap), packet inspection (wireshark).
• Cloud Security: Microsoft Azure, configuring VNETs, deploying applications on Docker containers via Ansible playbooks, load balancers, security groups, virtualization, redundancy.
• Cryptography: Symmetric & asymmetric cryptography, hashing algorithms, OpenSSL, GPG, SSL/TLS certificates, hashcat, rainbow tables, steganography, digital signatures.
• Web Application Security: SQLi, XSS, RCE, code injection, Burp Suite.
• Penetration Testing: Recon, OSINT, metasploit, msvenom, searchsploit, heartbleed, shellshock, exploitation, meterpreter shell, privilege escalation, persistent access.
• SIEM: Splunk, ELK stack (Kibana), configuring alerts, thresholds, baselines.
• Digital Forensics: Data recovery and analysis from an imaged iPhone via Autopsy.
• Projects: Playing the role of both offense and defense.
• Governance, Risk, & Compliance: OWASP threat model, training & awareness, policies & standards, risk management, business continuity planning, disaster recovery, governance frameworks, security program effectiveness, organizational security culture & hygiene, auditing, risk analysis and threat modeling to conceptualize, quantify, and communicate the risk of threats to the proper managerial stakeholders.

Aug 2018 – Dec 2021 · 3 yrs 4 mos · NYC

• Applying hacker-repellent spray (organic, grass fed, non-GMO) to infra, apps, people, and door hinges.
• Infrastructure and application monitoring and hardening.
• Leading the vulnerability management program.
• DevSecOps: Securing containers, third party dependencies, CI/CD pipeline, IAM, IaC
• Cloud security and hardening.
• Conducting code and design reviews.
• Opening and reviewing PRs (Ruby, Python, Terraform, Ansible, Java, Bash)
• Running internal penetration tests.
• Managing vendor penetration tests and red teams, from scoping to remediation.
• Devising a DLP program.
• Devising incident response playbooks.
• Wrote policies to achieve and maintain SOC2 compliance.
• Email security (DMARC/DKIM/SPF).
• Enhancing SIEM usage and the logging pipeline.
• Handling vendor relationships and tool management.
• Working closely with various teams and stakeholders across the org.
• Building a security roadmap.

Sep 2015 – Aug 2018 · 2 yrs 11 mos · NYC

• Trade offer: I get to hack, you get a PDF.
• Conducted penetration tests and vulnerability assessments on various platforms and environments, including: Web applications and services, native Windows applications, internal and external network security assessments, IEEE 802.11 wireless penetration tests, cloud provider configuration reviews, code review, software architecture and design reviews. Also managed bug bounties and immediate response for large clients.