I'm a security engineer based in Toronto. I break things for a living — web apps, APIs, cloud infrastructure, and whatever else is in scope. I've spent over a decade doing penetration testing, security code review, and offensive security research.
I hold an OSCP certification and a BCS in Computer Science (Honours, Co-op) from the University of Waterloo, where I studied distributed systems, computer security, and machine learning.
I've disclosed vulnerabilities in products from Oracle, Elastic, JetBrains, and WordPress, and published research on topics like Less.js RCE, ImageMagick exploitation, and JavaScript XSS mitigation. My CVEs include CVE-2020-13864, CVE-2020-7015, CVE-2019-15848, and CVE-2018-2625.