Summary
Experience
Senior Ethical HackerSecureWorks
- Led 15+ complex penetration testing engagements annually for Fortune 500 clients, identifying an average of 7 critical vulnerabilities per engagement.
- Developed and implemented automated scanning tools that reduced manual vulnerability assessment time by 30%, improving efficiency and coverage.
- Mentored a team of 3 junior penetration testers, enhancing team skill sets and increasing overall project delivery capacity by 20%.
Penetration TesterPalo Alto Networks
- Executed black-box and white-box penetration tests on web applications, APIs, and network infrastructure, discovering 50+ unique vulnerabilities.
- Reported findings and provided actionable remediation strategies, contributing to a 15% improvement in application security posture.
- Participated in red team exercises, successfully breaching internal systems and demonstrating critical gaps in existing security controls.
- Authored comprehensive security assessment reports, detailing vulnerabilities, risks, and mitigation steps for both technical and non-technical stakeholders.
Projects
Automated Web Vulnerability Scanner
- Developed a Python-based tool utilizing custom regex and known vulnerability patterns to automate the detection of common web vulnerabilities (XSS, SQLi).
- Achieved a 90% detection rate for OWASP Top 10 vulnerabilities in test environments, significantly reducing initial assessment time.
- Integrated with a CI/CD pipeline, enabling continuous security scanning for new code deployments.
Custom Exploit Development Framework
- Built a modular C/Python framework for rapid development of exploits for zero-day vulnerabilities in a controlled lab environment.
- Successfully exploited 3 distinct service vulnerabilities using the framework, demonstrating its adaptability and effectiveness.
- Documented exploit development process to streamline knowledge sharing and training for new security researchers.
Cloud Security Posture Management (CSPM) Script Suite
- Designed and implemented a suite of Bash and Python scripts to assess and enforce security best practices across AWS and Azure environments.
- Automated the detection of misconfigured S3 buckets, exposed network ports, and IAM policy violations, improving compliance by 40%.
- Provided real-time alerts for critical security deviations, reducing potential breach exposure by an estimated 50%.
Education
Carnegie Mellon UniversityMaster of Science in Cybersecurity
- Specialized in advanced network penetration testing and secure software development methodologies.
- Graduated with a 3.9 GPA, focusing on reverse engineering and incident response.
University of California, BerkeleyBachelor of Science in Computer Science
- Achieved Dean's List for 6 consecutive semesters; GPA: 3.8/4.0.
- Awarded 'Outstanding Senior Project' for developing a real-time intrusion detection system prototype.
Skills
Penetration Testing Tools
MetasploitBurp SuiteNmapKali LinuxOWASP ZAPWireshark
Programming & Scripting
PythonBashGoC/C++PowerShellJavaScript
Cloud & Container Security
AWS SecurityAzure SecurityGCP SecurityKubernetes SecurityDocker SecurityTerraform Security
Vulnerability Management
OWASP Top 10CVECVSSSAST/DASTThreat ModelingRisk Assessment
Operating Systems & Networking
Linux (RedHat, Debian)Windows ServerActive DirectoryTCP/IPFirewallsVPN