About

Links:

👋 I’m a Senior Security Researcher at @Microsoft. Former Security Engineer @datadoghq and Senior Security Researcher @Mandiant.

I became a Security Analyst straight out of highschool, I spent the next 4 years maintaining a global Cisco FirePOWER IDS fleet and training a team of analysts to respond to the threats they detected. After that, I became an analyst on Mandiant’s Managed Defense SOC team, responding to breaches perpetrated by the stealthiest APTs and noisiest script-kiddies. I quickly pivoted to the world of research, becoming a Security Researcher for Mandiant’s Advanced Practices team. Over 3 years I learned from experts on threat detection and intelligence, hunting for new and novel threats, writing custom research/analysis tools, and investigating some of the most impactful breaches of the time. I spent almost 2 years as a Security Engineer @datadoghq focused on Security Intelligence and Incident Response, leading a small, but effective, Security Intelligence team in building a custom Synapse instance to provide curated intelligence for @datadoghq’s Security Operations and Engineering teams. Today I spend my days hunting for threats at Microsoft.

In my spare time I like writing open-source software, reading maps, and wandering around in the mountains. Sometimes these hobbies even colide! When I get the chance, I like to write about my experiences. Checkout my blog for more!

To get an idea of the software projects I maintain, take a look at my projects page.

Some public examples of my work:

• Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

• Sunburst Countermeasures

• FireEye Red Team Tool Countermeasures

• CVE-2023-38704 (lead Datadog’s response)

• It’s Your Money and They Want It Now — The Cycle of Adversary Pursuit

Contact

Please use LinkedIn or Twitter/X if you’d like to contact me.

If your comment/question is related to a project of mine, open an issue in the project’s Github repo instead.