I currently work as an Application Security Engineer at Bugcrowd, where I triage for numerous Bug Bounty Programmes and develop automation to improve workflows.
Previously, I worked at Postman (they recently crossed 20M users 🚀) as a Security Engineer, where I led several security engineering initiatives and handled their Bug Bounty Program. I also led two of the squads responsible for the overall security of the Postman application and its web components.
Before that, I was one of the founding members of CloudSEK, where I helped establish the security program from scratch and built automation pipelines to detect security misconfigurations and web application vulnerabilities.
I occasionally participate in Bug Bounty Programmes and have reported valid security issues to Google, GitHub, Slack, Swisscom, and several other companies. I also won the HackerOne’s CTF in 2017 and participated in the H1-702 live hacking event.
I try to give back to the community whenever I can. Until a few years back, I used to be very active on Stack Overflow (and other Stack Exchange communities). I have managed to provide answers reaching over 5.3 million people. Here’s my Stack Overflow flair:
In my free time, I enjoy traveling, hiking, reading, hitting the gym, and playing chess.
- onaws — A tool to the details of assets hosted on AWS
- linux-default-file-locations - Default locations for files on various Linux distros
Open Source Contributions
Here are some of my open-source contributions:
- mattduck/gh2md - Reported and fixed a bug that prevented the normal usage of the tool.
- maurosoria/dirsearch - Helped incorporate coding standards into the project.
- GerbenJavado/LinkFinder - Reported an issue in the tool that resulted in an abrupt termination of the script during its execution.
- OWASP/CheatSheetSeries - Improved the OWASP documentation.
- codingo/Interlace - Reported an issue with multithreading.
- kbjr/Git.php - Added validation to prevent any potential remote code execution vulnerabilities.
- vinkla/hashids - Discovered and fixed an issue with the usage of a library function.
- OWASP/Amass - Reported a bug in Amass.
- christophetd/CloudFlair - Optimized the code.
- hexchat/hexchat - Fixed text events for operations.
- Improved the documentation for projects such as atheme/atheme, hexchat/documentation, turbo/openftp4.