Greater Chicago Area
Security practicioner interested in all things computing and math related. Chronic capture the flag player. Always looking for new things to learn. E-mail: rsyed.business404 [at] gmail [dot] com
• Conducted 20+ engagements, ranging from web applications, desktop applications, internal, and external assessments, identifying and documenting material risk on multiple Fortune 1000 clients • Developed and applied structured, PASTA-inspired threat models to guide testing strategy and prioritize high-impact risk areas early in engagement • Contributed 20+ pages to internal company documentation on tactics, techniques, and procedures related to cryptography and application security • Notable findings include insecure Java deserialization on a medical server, chaining misconfigured client-side controls to perform CSRF on GraphQL, and discovery of a six year-old backup allowing privilege escalation to domain admin • Maintained proactive communication with clients via daily status updates and produced high-quality reports, achieving an average NPS score of 9 • Provided formal and informal mentorship to junior engineers related to business processes and testing methodologies • Leveraged AI tooling and workflows to perform source code review and tool development
• Developed vulnerable Docker container to leverage web application firewall (WAF) for detecting web application attacks • Developed WAF log parsing for the Autonomous Intelligent Cyberdefense Agent (AICA) to expand the agent’s knowledge graph
• Implemented a quantum key distribution algorithm in the SeQUeNCe simulator • Contributed to a position paper on a taxonomy/framework for quantum information security • Regularly interacted and communicated with a team to discuss the development of the SeQUeNCe project and its roadmap
• Conducted a literature review on methods of querying knowledge graphs with free text or loosely structured queries • Developed Docker containers to create a virtualized test environment for the AICA agent • Built on the functionality of AICA to parse antivirus logs to extend the agent's knowledge in Python Source code: https://github.com/aica-iwg/aica-agent
Worked on Feature-based Role Discovery in Networks under Dr. Piotr Szczurek. Involved extensive Python programming using math/data science packages like Networkx, Pandas, and SciPy. Research was presented at the 2021 SURE Symposium at Lewis University. Code currently not public.