// ABOUT ME //
Hey, I'm Robert! Thanks for stopping by. In the modern world, having not only security be an integral part of the development process but also part of culture is increasingly important in the face of rampant cyberattacks.
That's my mission. Since 2019 I've been involved with cybersecurity, and while I like breaking websites wide open, I love locking them down from attacks. Even this portfolio website has a few nifty security tricks up its sleeve despite the small attack surface. (Try bypassing Cloudflare, and if you laugh I'd love to grab a coffee.)
I've done everything from pitch a cybersecurity business while having just started in the field and still getting into an accelerator, to flying to Europe and collaborating with and competing against some of the best university-level hackers on the planet. Am I the best penetration tester or security developer on Earth? Not by a long shot. But I love educating folks looking to get into the field through presentations at my university, and advocating for better security in both conversation and research.
You can find my contact information at the bottom of this page, below my resume, projects, and articles. Let's chat!
// RESUME //
2023-05-01 - 2023-08-18
2023-01-09 - 2023-04-28
- Developed a feature using C# and ASP.NET in a Windows environment to export system log data in CSV format, allowing IT personnel to easily process logs in an automatable manner
- Identified a discrepancy in a development environment using SQL that had blocked progress on a high-priority ticket, allowing development to continue smoothly
2022-05-02 - 2022-08-31
- Contributed ﬁndings to client-facing vulnerability reports using CVSS and DREAD scoring, knowledge of the CIA triad, and realistic attack scenarios to improve client security posture
- Wrote a BASH script to run Nmap scans on all subdomains of a given domain and produce a summary report, using knowledge of BASH scripting and various security reconnaissance programs to reduce the amount of downtime spent in the recon phase of a test
- Discovered a catastrophic denial-of-service condition in a medical application using knowledge of regular expressions and Burp Suite, preventing a potential indeﬁnite shutdown of the system
- Wrote a script to parse library manifests and scan for vulnerabilities on Snyk using Python, concurrent programming, and web scraping techniques, improving static analysis speeds for vulnerable components by 200%
2022-01-03 - 2022-04-29
- Investigated potential vulnerabilities in a WordPress site using wpscan and OWASP ZAP, resulting in 2 findings of outdated components with known security vulnerabilities
- Reviewed source code for a client facing application, using vulnerability databases, search engines, and my own knowledge of NodeJS code to discover a library that had not been maintained for 8 years, allowing the team to use more up-to-date and secure code.
- Troubleshot a critical issue with Django Forms causing data to disappear, using rigorous testing and source code review to identify the root cause, preventing data corruption and severe delays in report delivery
2021-05-03 - 2021-12-24
- Implemented a full backup and restore ﬂow for an internal tool using Django management scripts and the SendSafely API to allow full disaster recovery and DevOps version control
- Built a secure authentication system for client-facing application using Single Sign-On and JWT authentication in TypeScript to allow authentication without storing client credentials
- Maintained and executed multiple deployments of a Docker-based application, using self-taught skills with the technology to modify the environment as required in accordance with an Agile development ﬂow
- Wrote a script in Python using the GitHub API to speed up the process of curating GitHub repositories for a collaborative event with CENGN by 350%
// PROJECTS //
A browser-based web exploitation library written in Python. Uses a builder pattern flow to streamline browser exploitation, along with stealth functions and proxy compatibility.
A music scheduling application that leverages the Spotify API to play playlists according to a user's schedule. Written in NodeJS, Svelte, and SQL with secure practices in mind, such as Argon2 password hashing and deny by default authorization.
A behaviour-focused malware analysis tool and database written for GeekPeek 2021. Developed the front end using Quasar/Vue.js.
My personal website! Written in SvelteKit, and using a data API written in Django. Deployed using Nginx and docker-compose! Also contains some fun security measures :)
An oﬀensive security omnitool written in Rust, designed to verify updates and functioning tools, as well as managing commands