• Conduct thorough penetration testing on hardware and embedded systems, including IoT devices, automotive systems, industrial control systems (ICS), and other critical infrastructure.• Identify, analyze, and document security vulnerabilities and exploits in hardware and firmware.• Provide detailed reports and presentations to stakeholders, outlining findings and remediation strategies.• Mentor junior team members and contribute to the development of best practices and testing standards.

• Perform technical research on latest n-day vulnerabilities.• Develop capabilities for core business product to test vulnerability status of worldwide devices.• Author scripts and software changes to improve research team’s productivity.

• Proactively penetration test primarily web applications serving both internal (~1.5m) and external (global) customers. • Domains include developer and internal tooling, authN/authZ mechanisms, and public-servicing web applications.

• Ensured high security and safety bar prior to major company deployments and milestones.• Reverse engineered hardware and software using IDA, Ghidra, Jadx, and other tools to develop implementations for novel exploit concepts.• Performed both black and white box penetration tests on hardware, software, and infrastructure.• Provided and drove expert remediation working with cross-team and cross-org stakeholders.

• Reviewing design and architecture ensuring high security bar for new AWS features and services.• Threat modeling new features of internal and external-facing AWS services.• Working with service teams to mitigate and learn from potential threats.• Participating in on-call rotations for security reviews.

• Protecting Alarm.com external customers and internal infrastructure by discovering vulnerabilities, driving their remediation, and offering security guidance. • Authoring software to automate stages of the penetration testing and reverse engineering lifecycle increasing pentest throughput.• Researching and authoring whitepaper(s) on long-term technical capabilities to knowledge-share with and add to the team. • Performing chip-off, firmware dumping, custom file unpacking, and binary reverse engineering to support pentesting of proprietary software and protocols. • Operating devices under test on an instrumented network to understand device behavior and possible vulnerabilities. • Summarizing findings in proof-of-concepts and formal write-ups, and presenting to management stakeholders. • Participating in on-call rotations and incident response as on-call security point-of-contact.

• Reverse engineered mobile and embedded devices and software to analyze functionality and security implications. • Researched the functionality of emerging and existing technologies at all constituent logical layers.• In support of stakeholders throughout the US Government, advised on the implications of findings.• Delivered concise, rigorous prototype implementations and formal reports.

• Algorithms & Programming 1 and 2 (Java).• Media Apps (Python/Blender).• Help run Dr. Norm Bashias's student labs.• Mentor students on a one-to-one and one-to-many basis.• Grade and provide feedback for student assignments.

• Wrote Dockerized application to dynamically load and run Python security and quality plugins on Github PRs as they're committed. • Utilized Celery task queue with Redis backend for PR monitoring.• Created documentation for engineers to author plugins to suit security and quality needs of their organization.• Partook in penetration tests, code reviews, and threat modeling for Twilio products and features.

• Tightened SDLC feedback loop by automating code analysis upon submission to CI system.• Worked cross-team to track down and address potential security concerns in C/C++ codebase.• Performed and validated continuous dynamic analysis of deployments improving product security. • Consistently evaluated new security tools to automate and integrate into our SDLC.• Created framework leveraging LDAP hierarchy for test coverage and security report accountability.

• Assist in basic design and implementation (front-end and back-end) of tools and applications to improve processes used by R&D departments.• Communicated cross-team to accommodate needs and design details from groups we supported. • Worked on C# MVC web app to save support and installs teams 90% of previous software packaging time. • Assist in training and support of end-users on developed applications.• Continue successful support of solution until no longer in use.