While working in a software development role among other roles at a startup, I found a greater interest in offensive security. Apart from my technical capabilities, I have experience in risk analysis, high pressure environments, and playing a role on successful teams.


Department of Homeland Security Technical Capability Assessment, Level 2, Vulnerability Assessment & Mitigation and Response

Tryhackme top 3%

CompTIA Security+ & PenTest+ - In-Progress (Can be completed w/in 120 days of employment)

Auburn University - Philosophy


Calibir Inc; Chicago, IL; Active

Student Manager, Auburn University Men’s Basketball; Auburn, AL 2017-2020

Tryhackme (student/hacker)


1. Cross-Site Scripting (XSS):

1.1 Conducted comprehensive security assessments to discover XSS flaws, leveraging both manual and automated testing techniques.

1.2 Familiarity with secure coding practices such as input validation, output encoding, and Content Security Policy (CSP) implementation.

2. Cross-Site Request Forgery (CSRF):

2.1 Conducted targeted testing to simulate CSRF attacks, including analyzing the impact of forged requests on application functionality and data integrity.

2.2 Provided recommendations to implement CSRF protection mechanisms such as anti-CSRF tokens, referrer validation, or SameSite cookies.

3. Server-Side Request Forgery (SSRF):

3.1 Expertise in identifying and exploiting SSRF vulnerabilities to manipulate server-side requests.

3.2 Implemented effective mitigation strategies, including input validation, whitelist-based URL filtering, and secure configuration of server components.

4. XML External Entity (XXE) Attacks:

4.1 Proficient in identifying and exploiting XXE vulnerabilities in XML parsing functionality.

4.2 Proposed mitigation techniques such as disabling external entity resolution, implementing strict input validation, or adopting secure XML parsers.

5. Security Misconfigurations:

5.1 Conducted in-depth security assessments to identify common misconfigurations, such as default credentials, exposed sensitive information, or unnecessary open ports.

5.2 Provided detailed recommendations to address misconfigurations, including secure configuration guides, security hardening, and regular configuration audits.


Security Tools: Nmap, Wireshark, Burp, Hydra, BeEF, John the Ripper, metasploit, sqlmap, nikto are used the most. Can work with plenty more, and can learn plenty more.

Operating Systems/Cloud Providers: Windows, MacOS, Kali Linux, Debian / AWS, Azure

View original