I currently work as a Team Lead - Security Operations at Bugcrowd. Besides leading the team, I perform triage for numerous Bug Bounty Program, implement automation to streamline workflows, and work on other internal projects.
Previously, I worked at Postman (they recently crossed 20M users π) as a Senior Security Engineer, where I led several security engineering initiatives and handled their Bug Bounty Program. I also led two of the teams responsible for the overall security of the Postman application and its web components.
Before that, I was one of the founding members and a lead Security Engineer at CloudSEK, where I helped establish the security program from scratch and built automation pipelines to detect security misconfigurations and web application vulnerabilities.
I occasionally participate in Bug Bounty Programmes and have reported valid security issues to Google, GitHub, Slack, Swisscom, and several other companies. I also won the HackerOne’s CTF in 2017 and participated in the H1-702 live hacking event.
I try to give back to the community whenever I can. Until a few years back, I used to be very active on Stack Overflow (and other Stack Exchange communities). I have managed to provide answers reaching over 5.3 million people. Here’s my Stack Overflow flair:
In my free time, I enjoy traveling, hiking, swimming, reading, hitting the gym, and playing chess.
Feel free to check out my profile on Stack Overflow, GitHub, and LinkedIn. If you’re feeling social, say hi on Twitter.
Projects
- swagroutes β A command-line tool that extracts and lists API routes from Swagger files in YAML or JSON format
- onaws β A tool to the details of assets hosted on AWS
- linux-default-file-locations β Default locations for files on various Linux distros
Open Source Contributions
Here are some of my open-source contributions:
- mattduck/gh2md - Reported and fixed a bug that prevented the normal usage of the tool.
- maurosoria/dirsearch - Helped incorporate coding standards into the project.
- GerbenJavado/LinkFinder - Reported an issue in the tool that resulted in an abrupt termination of the script during its execution.
- OWASP/CheatSheetSeries - Improved the OWASP documentation.
- codingo/Interlace - Reported an issue with multithreading.
- kbjr/Git.php - Added validation to prevent any potential remote code execution vulnerabilities.
- vinkla/hashids - Discovered and fixed an issue with the usage of a library function.
- OWASP/Amass - Reported a bug in Amass.
- christophetd/CloudFlair - Optimized the code.
- hexchat/hexchat - Fixed text events for operations.
- Improved the documentation for projects such as atheme/atheme, hexchat/documentation, turbo/openftp4.