tl;dr
all things security: OffSec, InfraSec, AppSec/ProdSec, CloudSec, etc. i’m also into reverse engineering, malware analysis/development, AI-boosted pentesting, and pretty much all kinds of tech mischief i can integrate into my professional career.
experience
nov 2024 - present
staff security engineer @ Turo
head engineer for infrastructure security, detection + response, application security.
jul 2024 - nov 2024
senior security engineer @ Numerator
focal point between SecOps, DevOps, IT, Platform, and Data teams.
scouring and securing engineering architecture and infrastructure: cross-stack vulnerability management (discovery, triage, reporting, remediation, tracking), identity + access management, API security, Terraform guardrails, container + cluster security, incident response.
dec 2021 - dec 2023
security researcher @ Trustwave SpiderLabs
investigated attacks and vulnerabilities for key clients in telecommunications, energy, and national security.
lots of deep research and red teaming (offensive security), specifically around database security, to build up threat intelligence.
built sensors based on collected intelligence (attacker + malware behaviour, OSINT, dark net markets, shadow channels, c) to keep clients up-to-date and protected.
jun 2018 - dec 2021
lead database developer @ Veryon
entry-level software + database development.
data warehousing, ETL, automations, etc.
education
bachelor of engineering @ Western U
majored in electrical and computer engineering, with a specialization in information theory and wireless transmission. aduated in 2018.
languages
english: native
hindi: native
urdu: native
french: intermediate
arabic: intermediate
mandarin: rudimentary
interests
homelab
philosophy
reading
photography
dancing
basketball
tech + skills
frontend
React • Angular • Vue.js • JavaScript • TypeScript
backend
Java • Python • C/C++/C# • Node.js • Ruby • Go • Ruby on Rails • .NET • Express.js • Flask • Django • Spring ot • RESTful + GraphQL APIs • Docker • Kubernetes • gRPC
databases
PostgreSQL • MySQL • MS SQL Server Oracle • MongoDB • Cassandra • Redis • Elasticsearch • Snowflake
devops + infra
AWS • Azure • Jenkins • GitLab CI • GitHub Actions • Docker • Kubernetes • OpenShift • Ansible • Terraform • Puppet • Chef
AI/ML + data
TensorFlow • PyTorch • Pandas • NumPy • Matplotlib • Tableau • Deep Learning (RNN/CNN) • ETL
insights
Prometheus • Grafana • Datadog • ELK • Splunk • Git • Jira • Confluence
penetration testing
Metasploit • Burp Suite • nmap • Nessus • ZAP
network security
ASA/Palo Alto • Snort/Suricata• VPN • NAC • SSL/TLS • TCP/IP/UDP • SSH
application security
Snyk • Semgrep • Socket • Burp Suite • OWASP Top 10 • CIS Controls • ST SP 800-53 • Vanta • GitHub Advanced Security (CodeQL) • JupiterOne
IAM + cryptography
Okta • Auth0 • AD • AWS IAM • OAuth2.0 • OIDC • SAML • AES • RSA • ECC • SHA-256 • MD5 • OpenSSL
reverse engineering
IDA Pro • Ghidra • Immunity Debugger • Decompilation • GDB • WinDBG • x64dbg • gdbExtract