Cyber Security / Development
Hi, my name is Robert, and I'm a third year standing student in a Bachelor of Computer Science at Carleton University. Currently, my focus is in cyber security, which I've been involved in for a few years. I like to think of myself as striking a balance between security and development, where I build tooling and practice secure development in the web apps I build to the best of my ability. In other words, I like being either on the purple team or just doing security development work.
I started my cybersecurity journey in 2019 with, of all things, a business pitch. The idea? Hack hackers back. Automatically. An idea riddled with flaws, but I was able to convince the judges of the idea enough that they accepted me into the Hatch 2019 Cohort. It was there that I actually began to study the field in more depth, and realized that in no way was this idea getting off the ground. But that led me to attending a cybersecurity workshop, which got me into Capture the Flag games, and that encouraged me to practice further.
Between June 2021 and June 2022, I tried my hand at competitive Capture the Flag events, with CyberSci Team Canada. I got the opportunity to travel to both Prague, Czechia and Athens, Greece to compete in international CTFs. They were excellent opportunities, which I'm really thankful to CyberSci for, and I was able to see some of Europe for the first time and meet awesome people.
Outside of work, I enjoy doing Muay Thai, playing tabletop RPGs such as Lancer, and spending time with my girlfriend (often on the Minecraft server I host).
Co-op Penetration Tester - SoftwareSecured
2022-05-02 - 2022-08-31
- Contributed ﬁndings to client-facing vulnerability reports using CVSS and DREAD scoring, knowledge of the CIA triad, and realistic attack scenarios to improve client security posture
- Wrote a BASH script to run Nmap scans on all subdomains of a given domain and produce a summary report, using knowledge of BASH scripting and various security reconnaissance programs to reduce the amount of downtime spent in the recon phase of a test
- Discovered a catastrophic denial-of-service condition in a medical application using knowledge of regular expressions and Burp Suite, preventing a potential indeﬁnite shutdown of the system
- Wrote a script to parse library manifests and scan for vulnerabilities on Snyk using Python, concurrent programming, and web scraping techniques, improving static analysis speeds for vulnerable components by 200%
Part Time Software Developer - SoftwareSecured
2022-01-03 - 2022-04-29
- Investigated potential vulnerabilities in a WordPress site using wpscan and OWASP ZAP, resulting in 2 findings of outdated components with known security vulnerabilities
- Reviewed source code for a client facing application, using vulnerability databases, search engines, and my own knowledge of NodeJS code to discover a library that had not been maintained for 8 years, allowing the team to use more up-to-date and secure code.
- Troubleshot a critical issue with Django Forms causing data to disappear, using rigorous testing and source code review to identify the root cause, preventing data corruption and severe delays in report delivery
Co-op Software Developer - Reshift Security
2021-05-03 - 2021-12-24
- Implemented a full backup and restore ﬂow for an internal tool using Django management scripts and the SendSafely API to allow full disaster recovery and DevOps version control
- Built a secure authentication system for client-facing application using Single Sign-On and JWT authentication in TypeScript to allow authentication without storing client credentials
- Maintained and executed multiple deployments of a Docker-based application, using self-taught skills with the technology to modify the environment as required in accordance with an Agile development ﬂow
- Wrote a script in Python using the GitHub API to speed up the process of curating GitHub repositories for a collaborative event with CENGN by 350%
A browser-based web exploitation library written in Python. Uses a builder pattern flow to streamline browser exploitation, along with stealth functions and proxy compatibility.
A music scheduling application that leverages the Spotify API to play playlists according to a user's schedule. Written in NodeJS, Svelte, and SQL with secure practices in mind, such as Argon2 password hashing and deny by default authorization.
A behaviour-focused malware analysis tool and database written for GeekPeek 2021. Developed the front end using Quasar/Vue.js.
My personal website! Written in SvelteKit, and using a data API written in Django. Deployed using Nginx and docker-compose! Also contains some fun security measures :)
An oﬀensive security omnitool written in Rust, designed to verify updates and functioning tools, as well as managing commands