Security Consultant

Information Security Specialist San Francisco, California, United States

Profile
Contacts

Summary

I was the first new hire at NCC Group after their COVID-19 hiring freeze, and am told I caused significant eye-rolling when in my application I submitted a vulnerability report totalling 60 pages of custom LaTeX in response to an intentionally vulnerable application. In 2022, I discovered and presented a unique variant of the ImageTragik vulnerability that allowed for data exfiltration via using SVG file-based RCE to write text to blank images.

In my role as a Security Analyst, I sought constantly to expand my knowledge via self-study, industry trainings, and intensives. I taught myself the use of JADX and Frida in order to increase my utility in mobile testing, and participated in an intensive blue team malware detection training. I continue to practice my skills with HackTheBox, HTB Academy, and Portswigger Labs, and look forward to bringing that drive and enthusiasm to new positions

In addition to my technical work, I also used my position to improve NCC's trans competency and conditions. I wrote the guide for trans employees seeking insurance coverage of gender-affirming care, organized a trans competency training following repeated misgendering of a new hire, and led a presentation walking through the OSINT involved in the August 2022 Keffals doxxing/SWATting, and subsequent Kiwifarms takedown.

Expectations

Looking for an exciting and fast-paced job where I also have the opportunity to grow and improve my skills in information security, hardware hacking and network penetration, as well as a welcoming atmosphere where I can be myself.