tl;dr

all things security: OffSec, InfraSec, AppSec/ProdSec, CloudSec, etc. i’m also into reverse engineering, malware analysis/development, AI-boosted pentesting, and pretty much all kinds of tech mischief i can integrate into my professional career.

experience

nov 2024 - present

staff security engineer @ Turo

head engineer for infrastructure security, detection + response, application security.

jul 2024 - nov 2024

senior security engineer @ Numerator

focal point between SecOps, DevOps, IT, Platform, and Data teams.

scouring and securing engineering architecture and infrastructure: cross-stack vulnerability management (discovery, triage, reporting, remediation, tracking), identity + access management, API security, Terraform guardrails, container + cluster security, incident response.

dec 2021 - dec 2023

security researcher @ Trustwave SpiderLabs

investigated attacks and vulnerabilities for key clients in telecommunications, energy, and national security.

lots of deep research and red teaming (offensive security), specifically around database security, to build up threat intelligence.

built sensors based on collected intelligence (attacker + malware behaviour, OSINT, dark net markets, shadow channels, c) to keep clients up-to-date and protected.

jun 2018 - dec 2021

lead database developer @ Veryon

entry-level software + database development.

data warehousing, ETL, automations, etc.

education

bachelor of engineering @ Western U

majored in electrical and computer engineering, with a specialization in information theory and wireless transmission. aduated in 2018.

languages

english: native

hindi: native

urdu: native

french: intermediate

arabic: intermediate

mandarin: rudimentary

interests

homelab

philosophy

reading

photography

dancing

basketball

tech + skills

frontend

React • Angular • Vue.js • JavaScript • TypeScript

backend

Java • Python • C/C++/C# • Node.js • Ruby • Go • Ruby on Rails • .NET • Express.js • Flask • Django • Spring ot • RESTful + GraphQL APIs • Docker • Kubernetes • gRPC

databases

PostgreSQL • MySQL • MS SQL Server Oracle • MongoDB • Cassandra • Redis • Elasticsearch • Snowflake

devops + infra

AWS • Azure • Jenkins • GitLab CI • GitHub Actions • Docker • Kubernetes • OpenShift • Ansible • Terraform • Puppet • Chef

AI/ML + data

TensorFlow • PyTorch • Pandas • NumPy • Matplotlib • Tableau • Deep Learning (RNN/CNN) • ETL

insights

Prometheus • Grafana • Datadog • ELK • Splunk • Git • Jira • Confluence

penetration testing

Metasploit • Burp Suite • nmap • Nessus • ZAP

network security

ASA/Palo Alto • Snort/Suricata• VPN • NAC • SSL/TLS • TCP/IP/UDP • SSH

application security

Snyk • Semgrep • Socket • Burp Suite • OWASP Top 10 • CIS Controls • ST SP 800-53 • Vanta • GitHub Advanced Security (CodeQL) • JupiterOne

IAM + cryptography

Okta • Auth0 • AD • AWS IAM • OAuth2.0 • OIDC • SAML • AES • RSA • ECC • SHA-256 • MD5 • OpenSSL

reverse engineering

IDA Pro • Ghidra • Immunity Debugger • Decompilation • GDB • WinDBG • x64dbg • gdbExtract