Welcome! I live in Sunnyvale, CA and work as a fullstack software engineer at OpsRamp. I graduated from UC Berkeley with a Computer Science degree in December 2018 (decided to graduate a little early, in 2.5 years).
Reach me at email@example.com.
Incidents - initial iteration of True Positive. Written with Rails with server-rendered HTML and JQuery, then later rewrote True Positive using a Rails API and React, revamping the UI and adding many more features
LR Tracker - a simple web app I built at Mandiant to help me track my forensic analyses of different compromised computers
Inbox Scanner - program that scans your Gmail inbox for public Google Drive and Dropbox URLs, so you can understand what files an attacker will gain access to after compromising your inbox.
ConsoleMe - made a (tiny) contribution by reading through the whole codebase and outlining the file structure in the CONTRIBUTING.md file – to onboard new contributors faster
How to Secure Anything (6k stars) - ~55 total (printed) pages of book/paper recommendations to learn about security engineering, my notes on these resources, and a generalized set of steps for designing secure systems
- Created this repo as I wanted to learn if there were any useful principles of designing secure systems I could learn from other security-related fields (like casino security, military fortification design, prison design) that could be applied to computer security.
- The most starred repository on the topic of security engineering on GitHub (as of June 2021).
Awesome Risk Quantification (390+ stars) - The most popular collection on GitHub of projects, blog posts, books, and talks about cybersecurity risk quantification. Created it as I was reading about the topic, after seeing Netflix’s riskquant project
CISO/Founder Connect - project I’m working on with Caleb Sima (CISO at Robinhood). Matches CISOs and founders with each other for angel investing, product feedback, advising, board seats. Fortunate to have some top notch security leaders in the program from great companies including JupiterOne, Redis Labs, Twilio, Google DeepMind, Informatica, and many more.
Security Founders Slack - I run a channel in this group that pairs ~80 CISOs and founders for random virtual coffees every two weeks. (Did not create this group, but am a member as I’m fairly interested in working on a security company at some point.)
Cambridge2Cambridge cyber competition - While in college, had the opportunity to participate in a US-UK CTF competition held at the University of Cambridge in the UK. Managed to place 2nd individually (110 competitors total, from 24 colleges)
BERKE1337 - served as the leader of Cal’s cybersecurity club for one year. Participated in CTF competitions. Helped organize and/or teach sessions on topics like lockpicking and web app hacking. Organized mock exams for students in our undergrad security class. Helped set up recruiting info-sessions with great companies like Samsung and Kaspersky Labs on campus. Was on our WRCCDC collegiate competition team. Ran the DeCal class below.
Titans of Cybersecurity DeCal - created and taught a one semester, student run class on cybersecurity. Speakers included Jeff Atwood (founder of Stack Overflow), Geoff Smalling (VP of Engineering at Flexport), Raj Date (1st director of the CFPB), Sourabh Satish (founder of Phantom Cyber, acq by Splunk)
Orchestrator - an (unsuccessful) security automation startup I founded in college. Goal was to build an interactive console that secops staff could use to carry out mundane tasks like blocking domains in OpenDNS and looking up hashes in VirusTotal for them upon request.
- Elections Tracker - I like following elections around the world, in particular in the US, Canada, Europe, India, Israel, and Australia. Wrote up this ~6 page doc listing all the elections I’m tracking currently, and tracked previously.
Some of my notes on random cybersecurity related talks/books/papers are here. Around 40 articles, 70 printed pages so far
- Notes on the "Web Application Hacker's Handbook" (24 pages)
- Notes on "Experimental security analysis of a modern automobile" paper (5 pages)
- Notes on the ATT&CK framework (7 pages)
- Guide to malware analysis (8 pages)
- Software design principles (5 pages)
- Notes on "Computer Forensics and Incident Response" (5 pages)
- "Exploiting medical devices" (BlackHat 2018 talk) (2 pages)
- Notes on a couple security vendors' SEC filings (7 pages)