Obligatory whoami…
“The more I learn, the more I realize how much I don’t know.” - Albert Einstein
That statement appropriately encapsulates my journey through the realm of cybersecurity thus far (since 2012), and I don’t expect that to change any time soon. I’ve had a number of people ask me how I ended up in the wonderful world of penetration testing, reverse engineering, exploitation development, etc. offensive security. My answer never wavers - a healthy combination of curiosity and chance. Early in my collegiate career as a computer/software engineer, I had been exposed to the fundamentals of computer networking (mainly the inner workings of the TCP/IP stack and OSI reference models). At one point in the curriculum, my professor briefly described the mechanics of a Man-in-the-Middle attack. Naturally, I took it upon myself to conduct further research on my own time, which led me to the discovery of various open-source security tools, blog posts describing use cases for web proxies, the list goes on. This behavior intensified as I progressed through my undergraduate courses (e.g., computer architecture, modern cryptography).
Fast-forward a few years - I had experienced various positions at a few unique organizations. Data analysis, e-Discovery, software engineering. Although each and every one of these experiences were critical in building my technical skill set and further sharpening my problem solving abilities, there still existed a seemingly unquenchable thirst for more knowledge. That’s when I decided to go back to school for my Masters and focus all of my efforts towards breaking into cybersecurity. I was fortunate enough to attend courses delivered by multiple, well-respected security researchers, such as Alex Sotirov, Brad Antoniewicz, Aaron Portnoy, among others. Those two years ultimately kickstarted my shift in career path, leading me to where I am now.
I’m currently a member of the Offensive Security team at a Bay Area security startup, where I leverage my experience and expertise to further improve the company’s platform, and ultimately protect its customers. Prior to my current position, I was a member of an internal red team at a FAANG company for about four years, during which I spent most of my time designing, leading and executing covert red team operations. Additionally, I amassed over five years of experience as a security consultant, where I took part in a wide spectrum of projects: external and internal network penetration testing, red team exercises and adversary simulation, social engineering, web/mobile/thick client application assessments, and much, much more.
In my free time, when I’m not attempting to put a dent in my seemingly ever growing reading list (a vast majority of it courtesy of No Starch Press and cruising Twitter), I enjoy building and customizing mechanical keyboards, trying new craft beer, listening to heavy metal, spending quality time with my family and, occasionally, flying JetLevs.