Yihua Zhang
Sunnyvale,CA
Summary
Over 8 years of experience in information and cyber security, specializing in threat detection, attacker techniques, threat intelligence analysis, and incident response. At Lacework, developed detections using cloud and Kubernetes data sources, conducted threat hunts and investigations, and authored research based on real threat intelligence. At Google, led efforts to assess and harden network security in the production environment, gaining an in-depth understanding of Google's infrastructure. Highly skilled in software development and team management.
Overview
8
8
years of professional experience
Work History
Senior Cloud Security Researcher
Lacework
Mountain View, CA
05.2022 - Current
- Created detections leveraging static and anomaly signals from AWS, GCP, K8s, and syscall data sources.
- Developed composite alerts to identify compromised AWS keys, GCP identities, K8s credentials, and hosts by correlating strong and weak signals.
- Developed sophisticated detections to identify lateral movement attempts spanning K8s, cloud control planes, and host systems.
- Conducted threat hunts and security investigations for ongoing breaches experienced by Lacework customers.
- Collaborated with the Agent team to deploy default detection rules utilizing syscall data.
- Authored threat research blogs based on real threat intelligence data harvested from customer environments.
Senior Software Engineer
Google
Sunnyvale, CA
10.2016 - 05.2022
- Led the Secure Protocols project, ensuring all network protocols on Google's internal production network were security reviewed, making network communication secure by default.
- Led the gRPC Security team to drive security efforts by developing authentication and authorization stacks that meet Google’s high security standards.
- Onboarded and managed tasking for five engineers on the team.
- Conducted security reviews for over 150 Google services using gRPC, providing essential security consultation.
- Detected and remediated two major privacy incidents at Google.
Education
Ph.D. in Computer Science -
University of Notre Dame
08.2015
M.S. in Computer Science -
Miami University of Ohio
08.2010
Skills
- Threat Detection (Cloud, K8s, and Hosts)
- Threat Intelligence Analysis
- Incident Response and Investigation
- Programming (Java, Python)
- OS fundamentals
- Secure and privacy-centric architectures
- Maintaining large projects and frameworks
- Customer and developer communication
- Cross-organizational planning
Timeline
Senior Cloud Security Researcher
Lacework
05.2022 - Current
Senior Software Engineer
Google
10.2016 - 05.2022
Ph.D. in Computer Science -
University of Notre Dame
M.S. in Computer Science -
Miami University of Ohio
Similar Profiles
Ashley DeJesusAshley DeJesus
Sr. Manager, Customer Success Enterprise at LaceworkSr. Manager, Customer Success Enterprise at Lacework
Matthew BrownMatthew Brown
Director of Sales - Northeast (Ent & Comm.) at LaceworkDirector of Sales - Northeast (Ent & Comm.) at Lacework
Marylin AvilaMarylin Avila
Scheduling and Staffing Administrator at Lowe's IncScheduling and Staffing Administrator at Lowe's Inc