I'm a hacker, security analyst, sysadmin, and engineer.
I'm a hacker, security analyst, and sysadmin. Most importantly, I am an engineer — that means that I see problems and find solutions. My specialties are in network and systems security, administration, and engineering. I also do application security assessments and general security engineering, as well as software development, usually to create tools that support or enable my other skills. My hobbies are playing video and tabletop games, reading sci-fi and fantasy books, and dabbling in electrical engineering.
I do application, network, and systems security assessments and engineering for Independent Security Evaluators, a security consultancy. As part of my work, I publish blog posts whenever I have interesting findings or useful advice to share. You can find them on my blog. The posts that are directly relevant to my work are also published on ISE's blog.
This is my personal site, where you can find some information about me, a list of my projects, and my contact info.
While on an assessment for a client I needed a way to intercept certain HTTP API calls and dynamically generate a response while allowing other calls to go through to the real application's servers. I came across an extension for BurpSuite that allowed the user to select specific API calls to intercept and reply with static content, but I needed the ability to dynamically generate responses, so I added that functionality to the extension and published my changes. The extension now supports redirecting any HTTP request to any other URL, or replying to the call based on the contents of a file, or generating a response either by piping the content of the call to a program or by calling the program as a CGI script.
This was an assignment for UNM's Design of Large Programs class, meant to demonstrate multithreading concepts in Java. It implements a 10,000 × 10,000 cell Game of Life simulation using an arbitrary number of threads. Several presets are included, and the user interface is designed to be as responsive and scalable as reasonably possible.
Source is available on Github.
My full résumé is available by request. Highlights:
Feel free to contact me with any questions about any of my projects. You can find the source code, and in some cases binaries, on my Github page.
I am available for ongoing and project-based consulting work; I am not currently looking for a new job, but if you think you have a particularly good offer or fit for me, please send me the details.
For sensitive communications, I have published keys on this site using the Web Key Directory standard, and on the MIT PGP Key Server. This means that for most implementations of PGP my key will be automatically discovered and used, but you can also find a local mirror of my public key here if you wish to download it manually. You can also import the key using my Keybase profile, or use Keybase Chat.
My current local time is .