Patrick Smith
Security Engineer
Arlington,VA
Summary
Experienced security specialist adept in penetration testing, vulnerability management, and application security. Driven by pride and love for security/technology, I consistently raise the bar and aim for excellence.
Overview
9
9
years of professional experience
Work History
Security Engineer
Amazon Web Services
02.2022 - Current
- Established premier vulnerability management program, pioneering a proprietary, agnostic scanning solution that processes over 20 million hosts monthly at Amazon. Directed full launch cycle, achieving unparalleled integration and performance.
- Leveraged my expertise in web application security and offensive security to revolutionize scanning strategies and configurations at Amazon, significantly improving vulnerability identification and automating web application scans.
- Implemented metric-driven strategies to cut errors and false positives, driving significant enhancements in security protocols. Promoted cross-functional teamwork to streamline the vulnerability management program, improving accuracy and communication.
Penetration Tester
nGuard Inc.
02.2021 - 02.2022
- Adopted role as of internal red team leader
- Developed inhouse red team tools such as 2FA bypasses and shellcode loaders (or tried at the second bit)
- Performed internal, external, webapp, and mobile penetration tests and red team engagements
- Conducted incident response tabletop exercises
- Established myself as a webapp pentesting SME and trained coworkers.
Security Engineer
Anvil Secure
11.2019 - 02.2021
- Joined Anvil as the 6th engineer in the company as an associate
- Built an internal onboarding program to expedite the process of training new engineers
- Contracted with the top cloud providers to solve complex cloud security problems
- Specialized in offensive security-focused code review (whitebox webapp penetration testing)
- Developed tools used internally such as Burpsuite plugins
- Published offensive code review research and participated in internal research programs.
Co-Founder
Proxee.net
10.2014 - 12.2018
- Small project ended up earning 200k net revenue
- Essentially created a niche hosting service to thwart DDoS on P2P applications
- Aligned organizational objectives with company mission, increasing revenue, profit and business growth by collaboratively developing integrated strategies
- Developed key operational initiatives to drive and maintain substantial business growth.
Education
Bachelors of Science - Computer Science
University of West Florida
Pensacola, FloridaSkills
Web application penetration testing
Code review
Software engineering (love tool development)
Cloud security
Vulnerability Management
Projects Publications
- AWS Account Enumeration Tool, AWS Enum is an AWS account configuration auditing tool designed to scour all AWS services for security flaws, privilege escalation opportunities, and violations of best practices. AWS Enum is powered by AWS's Python3 SDK, Boto3. Currently, AWS Enum can audit 15 AWS services and runs over 40 test cases. To use AWS Enum you must have Boto3 installed and IAM programmatic permissions to generate credentials for the AWS CLI., https://github.com/gekk05/aws-enum
- Disc-Ban, Fun Discord self-bot that uses structural similarity and orb detection algorithms to detect, delete, and ban specified images from Discord chats by utilizing Discord APIs (lots of small projects like this).
- OCI Request Signer, Burpsuite plugin that utilizes Oracle's SDK to sign requests on the fly with Sigv1, allowing for dynamic testing of Oracle APIs.
- Finding and Exploiting Bugs in PHP Source Code, Research paper I had wrote and published under Anvil Ventures. Details a guide on how discover vulnerabilities in source code and chain together seemingly benign bugs, such as PHP type confusion/juggling, to make some pretty cool exploits. Ask to see it.
Timeline
Security Engineer
Amazon Web Services
02.2022 - Current
Penetration Tester
nGuard Inc.
02.2021 - 02.2022
Security Engineer
Anvil Secure
11.2019 - 02.2021
Co-Founder
Proxee.net
10.2014 - 12.2018
Bachelors of Science - Computer Science
University of West Florida