Veeral Patel

Welcome! I live in Sunnyvale, CA and graduated from UC Berkeley with a CS degree in 2018.

Reach me at Find me on LinkedIn or GitHub.


I graduated from UC Berkeley with a BA in Computer Science in December 2018 (in 2.5 years!). I was a Regents' Scholar.
  • I was on our CCDC team. My 1st year, our team qualified for WRCCDC, but not for nationals. My 2nd year, we didn't qualify for WRCCDC :(
  • I taught a couple workshops, helped organize info-sessions with companies on campus, and participated in many CTFs during the weekends.
  • I traveled to the University of Cambridge, UK for a network attack/defense competition, where I placed 2nd individually.
"Titans of Cybersecurity" DeCal (Spring 2018)
  • Cal only has 1 undergrad security class, so I founded a 1 semester, student-run speaker series to teach students about security in real world orgs.
  • I cold emailed ~100 CEOs, startup founders, and heads of government agencies to invite them to speak.
  • Speakers included Jeff Atwood (Stack Overflow co-founder), Sourabh Satish (Phantom Cyber co-founder), Raj Date (former head of CFPB), and Geoff Smalling (VP of Product Mgmt, Flexport).
Trusted Computing Lab | Undergrad Research Assistant
  • Almost no key-value stores can encrypt data in memory, meaning an attacker can scrape data from a store's server's memory.
  • Built a key-value store in C that stores a symmetric key in a secure enclave and uses it to encrypt/decrypt data on writes/reads
  • Used an C library for Intel SGX written by Rohit Sinha, a PhD student under Prof. Sanjit Seshia


Application Security Intern, Yelp (May-Aug 2018)

  • Added SAML-based SSO to an admin app that 4000+ salespeople use daily to collect payment info from every business that registers for Yelp advertising
  • This app was likely Yelp's largest threat vector, as it stored highly sensitive data but used single-factor, password-based auth
  • Downtime would stop Yelp from receiving any new revenue at all, so I rolled code out gradually with feature flags
  • Used Python, python-saml, Pyramid web framework
  • Incident Response Consultant, Mandiant (Jan-June 2019)
    • Taught myself enough DFIR in 4 weeks to somehow get hired at Mandiant!
    • Did digital forensics for investigations of data breaches, business email compromises, ransomware attacks, webshell uploads, and more for our clients
    • Built timelines of infected Windows and Linux systems by analyzing logs and forensic artifacts
    • Conducted frequency analysis, IOC hit review, and intel searches to proactively hunt for threats during compromise assessments


    • A security automation startup I launched in college. We interviewed at Y Combinator twice (but never got in!)
    • Built a ticketing tool for handling security alerts, which let you run common tasks like "look up IP in VirusTotal" or "create forensic VM in AWS" in 1 click
    • Integrated chat, dark mode, 15+ integrations, REST API, admin site, keyboard shortcuts, JSON export
    • Built with Django, Django REST Framework, React, BlueprintJS, Styled Components, TypeScript
    • At Mandiant, we tracked incidents using an spreadsheet and a chat channel. To stay up to date on an incident, you had to monitor a 30-40 person chat room continuously.
    • Incidents is a web app for organizing large security incident investigations. It models an incident as a tree of tickets
    • Can assign a ticket to a user; add indicators/files/comments to a ticket; set a ticket's status and priority; restrict who can access an incident; mark a ticket as a lead.
    • Can rearrange an incident's tree using HTML5 drag and drop
    • Built with Rails, Bulma, Devise, JQuery

    Knowledge Base

    I read a lot of papers and books on security and upload my notes to this site.

    Here are some of my notes: