Cross-Cloud Role Sanity Checker
Security-focused utility designed to validate AWS IAM roles and GCP service accounts before initiating cross-cloud data transfers.
PythonAWSGCPIAM+1
Hi, I'm David 👋
Security Analyst & Engineer focusing on Incident Response and Cloud Security.
About
I am a Security Engineer who doesn't trust assumptions. I build and break systems, then automate the guardrails: detections, incident response, and secure cloud architectures. My work spans AWS/GCP IAM sanity checks, log pipelines (Splunk + Elastic), PCAP threat hunting with Zeek/Suricata, and rule engineering (YARA/Sigma).
My Projects
Featured Projects
Open source and Proprietary projects and contributions. Here are a few highlights.
Medium
Homelab Part 1: Foundation — Hardware, Networking, and Proxmox
Building the foundation of a security-focused homelab with enterprise hardware, network segmentation, and Proxmox virtualization.
ProxmoxNetworkingVLANsVirtualization+1
Medium
Homelab Part 2: Core Infrastructure — Active Directory, Clients, and SIEM
Setting up Active Directory domain services, Windows clients, and integrating a SIEM for centralized logging and monitoring.
Active DirectoryWindows ServerSIEMGroup Policy+1
Case Writeup: AWS IAM Role Backdoor via Stratus Red Team
Investigation of a AWS IAM Role Backdoor via Stratus Red Team.
AWSIAMBackdoorCloud Lab
Security Research
Bug Bounty & Disclosures
Selected findings, write-ups, and vendor advisories.
CVE-2025-XXXXXhighPending Disclosure
Authentication Bypass in Web Application
Vendor: Redacted2025Reward: Pending
Discovered an authentication bypass vulnerability allowing unauthorized access to protected resources.
Full writeup pending vendor approval.
CVE-2025-XXXXXmediumPending Disclosure
Stored XSS in Admin Dashboard
Vendor: Redacted2025Reward: Hall of Fame
Identified a stored cross-site scripting vulnerability in the administrative interface.
Full writeup pending vendor approval.
CVE-2025-XXXXXmediumPending Disclosure
Information Disclosure via API Endpoint
Vendor: Redacted2025Reward: None
Found an API endpoint exposing sensitive user information without proper authorization checks.
Full writeup pending vendor approval.
Experience
Where I've Worked
Previous roles, timelines, and highlights from recent engagements.
Amazon Web Services
May 2024 — Present
Cloud Engineer
TFS Inc.
Aug 2022 — Dec 2024
Security Consultant
ParagraphAI
Dec 2023 — March 2024
Information Technology Manager
ParagraphAI
Aug 2022 — Dec 2023
Information Technology Engineer
Education
What I Studied
Degrees and programs that shaped my technical foundation.
New York University
Aug 2024 — Dec 2025
MSc. Cybersecurity
Western Governor's University
May 2023 — Jan 2024
BSc. Cybersecurity
University of Toronto
Aug 2017 — May 2022
HBSc. Computer Science
Certifications
Professional Certifications
Industry-recognized credentials validating expertise.
Solutions Architect Associate
AWS
2024
Certified Defensive Security Analyst (CDSA)
HackTheBox
2024
Systems Security Certified Practitioner (SSCP)
ISC2
2023
Certified Cyber Defender
CyberDefenders
2025
Papers
Academic Papers
Academic writings and thoughts on security, Cloud Infrastructure, and engineering craft.
Academic PaperNew York University
Implementation of Machine Learning in Cloud Security Threat Hunting
This paper explores the practical benefits of implementing machine learning algorithms within AWS threat hunting workflows. It examines how ML models can enhance detection capabilities, reduce false positives, and automate the identification of sophisticated threats in cloud environments.
Machine LearningCloud SecurityAWSThreat HuntingSIEM
Academic PaperNew York University
Phased Migration Strategy towards Post Quantum Cryptography
An examination of practical implementation strategies and benefits of phased migration towards post-quantum cryptography. This paper addresses the challenges organizations face in transitioning from classical cryptographic systems to quantum-resistant alternatives.
Post-Quantum CryptographyCryptographyMigration StrategySecurity Architecture