|Penetration Testing||Burp Suite OWASP Zap nmap Nessus Kali|
|Security Code Review||Brakeman FindSecBugs Semgrep Checkmarx Fortify|
Senior Application Security Engineer, Software Secured2018-03 — Present
Performing web, network, and mobile penetration tests and secure code review for a variety of platforms and applications. Guiding clients in application security tasks like threat modelling, secure design and vulnerability remediation and scoring. Owning team resources like test plans, payload databases, and report QA. Mentoring and assisting team members in their approach to security testing. Delivering quality content for the company blog.
- Reported multiple CVEs listed below.
- Delivered high quality reports to clients containing many high severity vulnerabilities for a diverse set of applications and products.
- Advised client developer teams on threat modeling, secure design/architecture, and risk classification/remediation.
- Performed quality control on outgoing client reports for the entire team.
Application Security Engineer, Software Secured2014-05 — 2018-03
A broad role covering both software development and application security tasks. Writing code focused around the Node.JS stack. Performing web application penetration tests and secure code review for a variety of platforms and applications. Some example applications include:
- Performed statis, dynamic and hybrid security tests against a wide variety of web applications. Used a variety of tools including: Burp Suite, OWASP ZAP, nmap, Nessus, Checkmarx, Fortify, Brakeman, Kali Linux
Web Application Developer, SecDev Cyber2012-10 — 2014-05
Building internal tools in support of analytics and business requirements. Releasing visualizations for external consumption.
- Created and launched multiple web visualizations to production.
- Built to completion, internal statistics tracking web application.
Programmer Analyst, Canadian Medical Protection Association2012-01 — 2012-06
Building internal tools and production websites using Java and Web Technologies.
- Performed software development and upgrades for public doctor facing knowledge website.
Offensive Security Certified Professional (OSCP), Offensive Security2017-05 — 2017-09
Completed the OSCP certification.
Computer Science, Honours, Co-operative Program, University of Waterloo2006-09 — 2011-12
Completion of a Computer Science focused education.Software Design and Architectures Distributed Systems Computer Networks Computer Security and Privacy Introduction to Artificial Intelligence Advanced Offerings in Computer Science - Machine Learning
Exploiting Less.js to Achieve RCE, Software Secured Blog2021
Elementor Page Builder 2.9.8 Stored XSS, Software Secured Blog2020
Jetbrains TeamCity Reflected XSS, Software Secured Blog2019
ImageMagick RCE Take 2, Software Secured Blog2018
CVE-2020-13864, CVE-2020-13865, Elementor2020
Stored XSS in Elementor
Stored XSS in Kibana TSVB
CVE-2019-15848, JetBrains TeamCity2019
Reflected XSS in JetBrains Teamcity
CVE-2018-2625, Oracle Weblogic2018
XXE in Oracle Weblogic