Summary
Overview
Work History
Education
Skills
Projects Publications
Timeline
Generic

Patrick Smith

Security Engineer
Arlington,VA

Summary

Experienced security specialist adept in penetration testing, vulnerability management, and application security. Driven by pride and love for security/technology, I consistently raise the bar and aim for excellence.

Overview

9
9
years of professional experience

Work History

Security Engineer

Amazon Web Services
02.2022 - Current
  • Established premier vulnerability management program, pioneering a proprietary, agnostic scanning solution that processes over 20 million hosts monthly at Amazon. Directed full launch cycle, achieving unparalleled integration and performance.
  • Leveraged my expertise in web application security and offensive security to revolutionize scanning strategies and configurations at Amazon, significantly improving vulnerability identification and automating web application scans.
  • Implemented metric-driven strategies to cut errors and false positives, driving significant enhancements in security protocols. Promoted cross-functional teamwork to streamline the vulnerability management program, improving accuracy and communication.

Penetration Tester

nGuard Inc.
02.2021 - 02.2022
  • Adopted role as of internal red team leader
  • Developed inhouse red team tools such as 2FA bypasses and shellcode loaders (or tried at the second bit)
  • Performed internal, external, webapp, and mobile penetration tests and red team engagements
  • Conducted incident response tabletop exercises
  • Established myself as a webapp pentesting SME and trained coworkers.

Security Engineer

Anvil Secure
11.2019 - 02.2021
  • Joined Anvil as the 6th engineer in the company as an associate
  • Built an internal onboarding program to expedite the process of training new engineers
  • Contracted with the top cloud providers to solve complex cloud security problems
  • Specialized in offensive security-focused code review (whitebox webapp penetration testing)
  • Developed tools used internally such as Burpsuite plugins
  • Published offensive code review research and participated in internal research programs.

Co-Founder

Proxee.net
10.2014 - 12.2018
  • Small project ended up earning 200k net revenue
  • Essentially created a niche hosting service to thwart DDoS on P2P applications
  • Aligned organizational objectives with company mission, increasing revenue, profit and business growth by collaboratively developing integrated strategies
  • Developed key operational initiatives to drive and maintain substantial business growth.

Education

Bachelors of Science - Computer Science

University of West Florida
Pensacola, Florida

Skills

Web application penetration testing

undefined

Projects Publications

  • AWS Account Enumeration Tool, AWS Enum is an AWS account configuration auditing tool designed to scour all AWS services for security flaws, privilege escalation opportunities, and violations of best practices. AWS Enum is powered by AWS's Python3 SDK, Boto3. Currently, AWS Enum can audit 15 AWS services and runs over 40 test cases. To use AWS Enum you must have Boto3 installed and IAM programmatic permissions to generate credentials for the AWS CLI., https://github.com/gekk05/aws-enum
  • Disc-Ban, Fun Discord self-bot that uses structural similarity and orb detection algorithms to detect, delete, and ban specified images from Discord chats by utilizing Discord APIs (lots of small projects like this).
  • OCI Request Signer, Burpsuite plugin that utilizes Oracle's SDK to sign requests on the fly with Sigv1, allowing for dynamic testing of Oracle APIs.
  • Finding and Exploiting Bugs in PHP Source Code, Research paper I had wrote and published under Anvil Ventures. Details a guide on how discover vulnerabilities in source code and chain together seemingly benign bugs, such as PHP type confusion/juggling, to make some pretty cool exploits. Ask to see it.

Timeline

Security Engineer

Amazon Web Services
02.2022 - Current

Penetration Tester

nGuard Inc.
02.2021 - 02.2022

Security Engineer

Anvil Secure
11.2019 - 02.2021

Co-Founder

Proxee.net
10.2014 - 12.2018

Bachelors of Science - Computer Science

University of West Florida

Similar Profiles

  • Francisco Javier Chavero, Jr.

    Francisco Javier Chavero, Jr.Francisco Javier Chavero, Jr.

    Environmental Program Manager (EPM) at Amazon Web Services (AWS), Amazon Data Services, Inc.Environmental Program Manager (EPM) at Amazon Web Services (AWS), Amazon Data Services, Inc.

  • Manish Kulshreshtha

    Manish KulshreshthaManish Kulshreshtha

    Head - Enterprise Support (Mid and Large Enterprise Business) at Amazon Web Services (Amazon Internet Services Pvt. Ltd.)Head - Enterprise Support (Mid and Large Enterprise Business) at Amazon Web Services (Amazon Internet Services Pvt. Ltd.)

  • DEEPA KARUNAKARAN

    DEEPA KARUNAKARANDEEPA KARUNAKARAN

    Customer Solutions Manager (Customer facing Program Manager) at Amazon Inc. (Strategic Accounts, Amazon Web Services)Customer Solutions Manager (Customer facing Program Manager) at Amazon Inc. (Strategic Accounts, Amazon Web Services)

  • Robert Goodwin

    Robert GoodwinRobert Goodwin

    Global Lead, Specialist Solutions Architect WWPS Secure Hybrid Cloud at AMAZON WEB SERVICES AMAZON INCGlobal Lead, Specialist Solutions Architect WWPS Secure Hybrid Cloud at AMAZON WEB SERVICES AMAZON INC

  • Daniel S. Pooler

    Daniel S. PoolerDaniel S. Pooler

    Server at Various RestaurantsServer at Various Restaurants

CREATE PROFILE
Patrick SmithSecurity Engineer