I’m a hacker, sysadmin, and software developer. Most importantly, I am an engineer — that means that I see problems and find solutions. My areas of interest include network, systems, and embedded security, as well as network and systems administration/engineering. The bulk of my professional and hobby security work is done in an offensive context, with occasional software development, usually to create tools that support or enable my other skills. My hobbies are playing video and tabletop games, reading sci-fi and fantasy books, cooking and baking, and dabbling in electrical engineering.

I currently work at Google as a Senior Security Engineer performing Adversary Simulation and Red Team operations. My areas of focus include application, cloud, and hardware security.

This is my personal site, where you can find some information about me, my blog, a list of my projects, and my contact info.

I’ve given a number of talks at various security and tech conferences. Here are some examples (newest first):

• BSides Orlando 2020 — Adventures in Perimeterless Homelabbing (2020-11, make sure your PDF reader shows the speaker notes): An overview of “perimeterless” or “zero-trust” networking with examples of how to implement it in the real world, first in your lab and then in prod at scale.
• SCaLE 18x — Hosting Your Own Media and Other Homelab Shenanigans (2020-03): A 90 minute talk with my friend Morgan Gangwere on our (mis)adventures in homelabbing. Slides are available here.
• ToorCon 21 — Mocking HTTP Services with Burp (2019-11): A lightning talk about a Burp extension I wrote for quickly mocking HTTP-based services. Slides are available here, and more information about the extension is available here.

I am also a regular participant at an internal lightning talks program. While many of those talks aren’t publishable due to NDAs, here are a few that are:

• Beyond /dev/urandom — The State of Randomness in Linux (2020-08)
• Common Vulnerability Scoring System (CVSS) (2020-06)
• Bufferbloat, or why you can’t download games and Netflix at the same time (2020-03)
• WireGuard, VPN of the Future (2020-03)
• WebAuthn — Solving Password Fatigue, Phishing, and More (2020-02)
• ZeroTier — Reimagining the VPN (2020-01)

My full résumé is available by request. Highlights:

Skills

• Skilled at security analysis of all kinds, with particular expertise in networks, applications, systems, and embedded hardware
• Served as a network, application, and embedded security engineer for various clients in a consulting role
• Deep knowledge of Windows and Linux internals as well as networking minutiae including TCP/IP stack
• Familiar with modern applied cryptography
• Strong technical communication skills including report writing and public speaking
• Semi-professional electrical engineering skills including circuit design, board layout, and design for manufacturing
• Capable of building, administering, and troubleshooting computer networks on a variety of hardware and operating systems
• Experience with devops technologies

Education

• Achieved the Offensive Security Certified Expert (OSCE) certification in 2020 after achieving the OSCP certification in 2019
• Achieved the eLearnSecurity Certified Professional Penetration Tester (eCPPTv2) certification in 2020.
• Graduated summa cum laude from the University of New Mexico with a BS in Computer Science in 2018
• Studied abroad for a year at Waseda University, one of Japan’s top 3 universities

Achievements

• DEF CON Black Badge holder; member of the winning team of the DEF CON 29 Blacks in Cybersecurity CTF
• Regular speaker at security and technology conferences as well as for internal lightning talk programs
• Winner of SANS Core NetWars at RSA Conference, and two-time participant at the NetWars Tournament of Champions
• Completed the Microcorruption embedded security CTF; globally ranked at number 405 of over 62,000 players.

Feel free to contact me with any questions about any of my projects. You can find the source code, and in some cases binaries, on my GitHub page.

For sensitive communications, I have published keys on this site using the Web Key Directory standard, and on the MIT PGP Key Server. This means that for most implementations of PGP my key will be automatically discovered and used, but you can also find a local mirror of my public key here if you wish to download it manually. You can also import the key using my Keybase profile, or use Keybase Chat.