About
- Security engineer with 6+ years of experience pentesting and securing both web and mobile applications.
- Deep understanding of web security vulnerabilities and how to find, fix, and prevent them.
- Strong communicator able to explain complex technical details to any technical level audience, in small or large groups.
- Experienced at managing a large bug bounty program and building strong relationships within the researcher community.
Experience
- Application security stuff with a focus on building automated vulnerability hunting
- Identified, fixed, and prevented security and privacy flaws in the code bases of Facebook and its family of products
- Seattle bug bounty lead, one of the core managers of program health, roadmap, triage, payouts, tooling, and live events
- Performed security reviews, improved static analysis tooling, and participated in various oncall rotations
- Collaborated cross-functionally with development teams, legal, comms, and other security teams
- Drove creation and adoption of the Private Bounty Program and Facebook-specific security documentation
- Developed and presented internal talks, Open Houses, Q&A panels, and recruiting events
- Supported the Internet Bug Bounty program as the Facebook panel member
- Engaged in penetration tests and code reviews for Fortune 100 tech companies
- Discovered vulnerabilities in web apps, mobile apps, networks, network devices, architecture designs, and source code
- Tech led over 75% of engagements and directly managed consultants
- Performed self-directed research outputting an internal tool, Blackhat Arsenal presentation, and ToorCon talk
- Found vulnerabilities in FactSet systems, applications, and products and managed their remediation
- Performed threat modeling, wrote security policies, and provided developer security
Projects
Project 2501
- Designed and developed infrastructure and tooling to perform large scale asset enumeration and monitoring of bug bounty programsBuilt a Flask web application front end that uses Redis-backed Celery queues to call a micro-service architecture backend comprised of custom AWS Step functions, Lambda Functions, Docker containers (ECS), SQS notification queues, S3 files, all stored in MySQL on RDSIntegration with Slack and email for alerts and notifications
Wireless Elephant in the Room
- Found zero days in 20 common off-the-shelf home routers including command injection via the Internet, auth bypass, ISP backdoor, and moreWorked with router manufacturers to get the discovered issues resolvedPresented findings, discovery process, and recommendations at ToorCon San Diego