I'm a passionate Cybersecurity Engineer with over 15 years of experience in IT and more than 8 years of dedication to computer security. With an offensive security mindset, I have worked with clients from around the globe to improve their defenses and reduce cybersecurity risk at multiple companies.
I'm always looking to upgrade my certifications, attend conferences, learn state-of-the-art technologies, and take training courses to stay on top of my field. I also run a blog dedicated to Cybersecurity and have reported vulnerabilities such as CVE-2014-5025, CVE-2018-15635, and CVE-2020-25106.
- DIY — Evaluating AWS Native Approaches for Detecting Suspicious API Calls
- DIY — Using Semgrep with LLMs to Improve Code Reviews
- Breached? Not Game Over: Learn How to Turn the Tables on AWS Attackers!
- DIY — Building a Cost-Effective Questionnaire Automation with Bedrock
- GetFederationToken: A Simple AWS Persistence Technique Used in the Wild
- How Attackers Can Abuse IAM Roles Anywhere for Persistent AWS Access
- Gaining AWS Persistence by Updating a SAML Identity Provider
- Discover New CloudTrail Logs on TrailDiscover, Powered by Grimoire!
- Automating Incident Response in AWS: Blocking a Compromised Identity Center User
- Deterring Attackers with HoneyTrail: Deploying Deception in AWS
- What’s New in TrailDiscover: Integrating Permissions Information, Alerting, and Simulations
- Introducing TrailDiscover: Simplifying Access to Security Insights about CloudTrail Events
- Cybersecurity — It’s All About Trust
- Enhancing AWS GuardDuty Alerts with GuardDutyInsightfulAlerts
- Rigging the Rules: Manipulating AWS ALB to Mine Sensitive Data
- Distorting the Sync: How AWS AppSync Can Be Turned into an Attacker’s Backdoor
- How Attackers Can Misuse AWS CloudFront Access to Make It ‘Rain’ Cookies
- Ensuring Alert Readiness: Lessons from Schrödinger’s Cat