I'm a security engineer with a passion for discovering vulnerabilities, building secure systems, and sharing knowledge about cybersecurity practices. My work focuses on static analysis, vulnerability research, and helping teams build more secure software.
With expertise in various programming languages and security tools, I enjoy diving deep into code to understand how systems work and where they might be vulnerable. I believe that security is everyone's responsibility and strive to make security knowledge accessible to all developers.
When I'm not analyzing code or writing about security, you can find me contributing to open source projects, attending security conferences, or exploring new technologies that can make the internet a safer place.
Experience
Staff Application Security Engineer
Temporal
• RemoteJuly 2025 - Present
Working on security initiatives for the durable execution platform that powers mission-critical applications.
Senior Product Security Engineer
HashiCorp
• RemoteAug 2019 - Jun 2025 • 6 yrs
Partnered with engineering teams to deliver secure products using a risk-based approach.
Key achievements: Led code reviews that identified CVEs for XSS, MITM, DoS, and SSRF vulnerabilities. Integrated security scanning into CI/CD pipelines and drove adoption of tools like Snyk, CodeQL, Semgrep, and Wiz. Mentored engineers and delivered solutions for authentication, monitoring, and supply chain security.
Software Engineer (Contractor)
Mahindra Automotive
• Auburn Hills, MIDec 2016 - Aug 2019 • 2 yrs 9 mos
Developed applications using OpenFOAM to orchestrate computational fluid dynamics (CFD) simulations for efficiency and cost savings.
Security Analyst
Web & Moore
• RemoteAug 2015 - Aug 2016 • 1 yr
Handled incident response activities for cloud infrastructure. Automated remediations, log analysis, and backups. Authored comprehensive security reports.
Education
Eastern Michigan University
Bachelor of Science in Information Assurance & Cyber Defense · Ypsilanti, MI
August 2013 - 2019
Competed in attack and defense collegiate cyber defense competitions like ISTS and CCDC
Activities: Information Assurance Student Association, Women in Information Assurance Ally
Center of Academic Excellence in Information Assurance, sponsored by the National Security Agency
Notable Projects
A curated selection of open-source tools and libraries spanning security research, cryptography, and developer productivity
CLI for OpenAI
Command-line interface for OpenAI's GPT models with Ollama support. Includes conversation history, custom prompts, and multi-model support.
View on GitHubGo Taint Analysis
Static analysis library for Go using SSA representation to track data flow. Detects SQL injection, XSS, and log injection vulnerabilities through control flow analysis.
View on GitHubShodanz
Ruby client for Shodan's API. Provides async streaming, exploit database access, honeypot detection, and real-time banner collection with error handling and rate limiting.
View on GitHubDoH
DNS over HTTPS client supporting Google, Cloudflare, and Quad9. Features concurrent query processing, JSON output, and Unix pipeline integration for DNS analysis.
View on GitHubJOSE
Go implementation of JSON Object Signing and Encryption standards. Supports HMAC, RSA, ECDSA, and EdDSA algorithms with RFC compliance for token generation and verification.
View on GitHubCube
Chrome extension using the webRequest API for URL filtering. Blocks ads and trackers through pattern matching with network interception.
View on GitHubExplore More Projects
These projects represent a selection from hundreds of repositories. Includes security research tools, vulnerability scanners, network utilities, browser extensions, cryptographic libraries, and experimental prototypes.
CVEs & Security Research
Disclosed vulnerabilities and security research contributions with CVSS severity ratings
A Note on CVSS Scores
CVSS scores provide baseline severity ratings but have limited value in isolation. Effective vulnerability management requires contextualizing these scores within your specific environment, threat model, and risk tolerance to make informed security decisions.
Conference Talks & Presentations
Speaking engagements covering security research, development practices, and emerging technologies
Violent Ruby: A Talk for Hackers, Forensic Analysts, Penetration Testers and Security
Converge 2017
Deep dive into Ruby's potential for offensive security research. Explores attack methodologies, forensic capabilities, and penetration testing techniques using Ruby's powerful ecosystem for security professionals and researchers.
Watch on YouTubeBuilding with Generative AI
Local Security Meetup
Comprehensive exploration of generative AI integration in modern development workflows. Covers practical implementation strategies, security considerations, and real-world applications for leveraging AI tools in enterprise environments.
Watch on YouTubeLinters: Not just for belly buttons!
Local Security Meetup
Entertaining yet technical deep-dive into static analysis tools and code quality automation. Demonstrates the critical role of linting in security-focused development, with practical examples of catching vulnerabilities before they reach production.
Watch on YouTubeDIY Network-based IDS
Local Security Meetup
Hands-on workshop for building custom network intrusion detection systems from scratch. Covers packet analysis, signature development, and deployment architectures with practical examples using open-source tools and custom implementations.
Watch on YouTubeInSpec Compliance as Code
GrrCon 2018
Comprehensive framework for automating security compliance through Infrastructure as Code. Demonstrates InSpec's capabilities for continuous compliance monitoring, policy enforcement, and security automation across cloud and on-premises environments.
Watch on YouTubeHack like a Gopher
BSides Detroit 2018
Comprehensive introduction to Go programming for offensive security applications. Demonstrates Go's strengths in building high-performance security tools, network scanners, and exploit development with practical code examples and real-world use cases.
Watch on YouTubePlotting Hackers, Visualizing Attack Patterns
BSides Detroit 2017
Advanced techniques for transforming complex security data into actionable intelligence through visualization. Explores geographic mapping, timeline analysis, and pattern recognition methodologies to enhance threat detection and incident response capabilities.
Watch on YouTubeFuzzing Nomad with Nomad
HashiDays 2019
Innovative approach to testing HashiCorp Nomad's resilience using the platform itself to orchestrate fuzz testing workloads. Demonstrates how to leverage Nomad's orchestration capabilities for automated security testing and vulnerability discovery in distributed systems.
Watch on YouTubeGopher's Guide to the Universe
OWASP Oakland County 2020
Comprehensive exploration of Go programming language from a security perspective. Covers advanced Go concepts, security best practices, and practical applications for building robust security tools and applications in the Go ecosystem.
Watch on YouTubeRoku Roll: Rickrolling all the Rokus
Converge 2019
Creative security research demonstrating vulnerabilities in Roku streaming devices through an entertaining approach. Explores network-based attacks, device manipulation techniques, and the intersection of security research with popular culture and humor.
Watch on YouTube