Offensive
Penetration testing, red teaming, vulnerability research, exploit development, reverse engineering.
- Burp Suite
- Metasploit
- Nmap
- Nessus
- Ghidra
- John
- Hashcat
I build tools and break systems for a living - threat intelligence, vulnerability research, and automation that turns noise into signal. A recent Cyber Operations graduate from the University of Arizona, now a cybersecurity engineer focused on SOC, penetration testing, and OSINT.
A short list of things that made it past my usual delete-it filter - shipped, tested, and still running somewhere.
Automated scanner for SQLi, XSS, and SSL/TLS misconfigurations across web targets.
Recon pipeline chaining DNS, Shodan, and subdomain discovery into one report.
Agentic recon framework using ReAct and MRKL reasoning to drive OSINT tooling.
LLM tool that generates DuckyScript payloads for Flipper Zero red-team drops.
Automates decoy deployment and maps captured attacker TTPs to MITRE ATT&CK.
Entropy-based password scorer cross-checked against known breach datasets.
I'm a recent Cyber Operations graduate from the University of Arizona (BAS, CS minor). I spend most of my time inside other people's systems - legally - and the rest writing Python to make that work less tedious.
Past lives include a Junior SOC Analyst role at CyberEyeAW and a Cyber Intelligence internship at CogMac in New Delhi. I'm currently a Cybersecurity Fellow with Handshake AI, evaluating LLM outputs on offensive-security prompts, and most recently I designed an AI-driven security evaluation framework that critiques LLM-generated code against the OWASP Top 10.
This September I start an MSE in Information and Cyber Security at OST (Ostschweizer Fachhochschule) in Rapperswil, Switzerland.
Handshake AI · San Francisco, CA
Auditing prompt-response pairs and evaluating LLM outputs on cybersecurity-focused projects. Designing domain-specific prompts to improve correctness and alignment.
University of Arizona · Tucson, AZ
Designed a critique-based evaluation framework for LLM-generated code against OWASP Top 10. Built a Python pipeline that combined static analysis, rule-based scanning (Semgrep/Bandit), and LLM reasoning.
CyberEyeAW · Sierra Vista, AZ
Triaged 100+ weekly security incidents with a 99% resolution rate. Ran vulnerability assessments that reduced exposure by 70%. Collaborated with SOC teams on ThreatLocker tuning - cutting response time 30%.
CogMac · New Delhi, India
Investigated 50+ risks in hardware and financial systems, helping cut response time by 30%. Documented 25+ adversary TTPs via OSINT - playbooks adopted by 7 teams. Automated data pipelines that saved ~40 hrs/month.
OST - Ostschweizer Fachhochschule · Rapperswil, Switzerland
Starting September 2026. An 18-month, 3-semester master's focused on information and cyber security.
University of Arizona · Tucson, AZ
Completed May 2026. GPA 3.5/4.0, Dean's List. Coursework across active cyber defense, threat intelligence, forensics, and cyber warfare.
Penetration testing, red teaming, vulnerability research, exploit development, reverse engineering.
SOC operations, incident response, threat hunting, SIEM tuning, forensic triage.
Python-first. Comfortable low-level when required, plus the web languages for building tools around findings.
Mapping work to standards the rest of the org actually cares about.
Lab and prod environments across hypervisors and cloud providers.
Turning raw telemetry and malware into actionable intel.