A relatively recent graduate of George Mason University, I'm fundamentally interested about how to get slower things done quickly (automation), how to make things that are working break (security), and how to make things that are broken work (development).
I work at the Crypsis Group as one of their earliest employees (~10 employees at the time, May 2016), and continue to work for them after their Palo Alto Networks acquisition. I've had a direct role in a lot of different pots at Crypsis, from leading a incident response R&D project that made millions to working with the Director of IT to get SOC2 Type 1 (company acquired before Type 2 period) for Crypsis.
As a remote worker, generally I like to spend a decent amount of my free time in whatever city I'm in. Previously that's been DC and Philadelphia, but I have immediate family in London and NYC and plan to rent in the Central US throughout Spring 2021.
1,000s of suspicious hosts triaged
Platform that collected, processed (parsers, analyzers, etc), and ingested forensic details of checked-in systems at scale. Used as the main Crypsis driver for the majority of the company's existence (still used as a secondary system).
Crypsis ELK-SIFT Auto-Scaling Fleet
Investigation servers spinning up and down daily
Responsible for the pipeline of infrastruction integrated with our ticketing system to automatically spin up/down servers - commonly referred to as "ELK/SIFT" internally - though they are customized much more. Highly customized base image, deployment pipeline, and controls all made with careful consideration to the daily process of a DFIR consultant. A significant footprint of Crypsis's infrastructure.
Serverless document management system Implemented a system in AWS utilizing Zappa, a serverless framework system. Secured via a 2FA system and user management admin system - including 2FA lockout mechanisms. Also included serverless antivirus scanning. If a document was uploaded and failed a scan, it was locked out from the user, requiring a rotatable unlock password to load. Very strong CI/CD. Worked with a real company as part of our college capstone project. Lead development.
patriotCTF 2018 Head Organizer
Attended by ~80 including multiple schools from the tri-state area
Organized one of George Mason University's most significant cybersecurity events to date, bringing in competitive teams from most major schools in the VA region, as well as one or two from Maryland. Accepted and delivered on corporate sponsors.
GRR Fleet Management System
Large scale response system
Multi-tenant secure system built to allow consultants to quickly spin up internet facing (leveraging SNI) by writing Nginx, HAProxy rules and Docker infrastructure on the fly over a provisioning API, providing both timed health feedback (scanning proxies for orphaned routes, etc) and provisioning results via Slack.
Forensics Extraction via OAuth Flaw
OAuth abuse returns Digital Forensics artifact
Abused a major cloud provider's OAuth process in order to access account insights to faciliate forensic investigations, giving a massive competitive advantage to Crypsis. Note: did not hack anyone else's Oauth tokens or compromise any accounts.
Forked from the extremely impressive Timothy Chen