where I’ve been & what I know
work
Norstella, 2023–present • Principal Product Security Engineer
I built and lead Norstella's Product Security program. My efforts span security scanning (SCA, SAST, DAST, secrets), developer security training, CI/CD hardening, architecture review, threat modeling, vulnerability management, and incident response. I'm currently heavily focused on AI security and automation.
Smartcar, 2021–2022 • Software Engineer
As a member of the platform team, I was responsible for the API product itself as well as company infrastructure and internal developer tooling. Primarily working in JavaScript & TypeScript with PostgreSQL, I led development of 5 new OEM platforms (for 10+ brands), utilizing AWS Lambda functions and redis pubsub for authentication flows that required advanced logic handling. I also fleshed out two internal Slack bots which helped improve on-call monitoring and response times.
Baton Systems, 2019–2020 • Software Engineer
Using Java alongside ActiveMQ and MySQL, I was responsible for designing and implementing Springboot REST APIs for financial asset management web applications. I also led a project that used Netflix's Conductor workflow orchestration engine to run functions relevant to specific business use cases, including MFA authentication and transaction settlement. Additionally, I spearheaded integration of Istio into Kubernetes clusters to gather service health metrics and enable painless distributed tracing across applications.
awards
United Airlines bug bounty program, 2025
Awarded Severity 3 bug bounty for undisclosed bug
CloudFlare bug bounty program, 2022
Awarded $750 for undisclosed DNS resolution bug
skills
Languages
JavaScript, Java, TypeScript, Python, Spanish (somewhat)
Frameworks, Platforms & Tools
SQL, git, AWS, Docker, Kubernetes, Terraform
education
University of California, Santa Cruz
Bachelor of Science, Computer Science