Work


How I came to do what I love

Work


How I came to do what I love
Here is a brief explanation of how cyber security became my passion starting with joining the military, then my security foundation and introduction to hacking, and finishing with my recent cyber security experiences. You can also visit the teach tab to see more about my teaching experience or view my cv.

Initial Military Service

I originally enlisted in the Army in the summer of 2001 when I thought the world was calm and peaceful. Obviously, I was wrong, but I am proud that I helped defend this country and, almost two decades later, that I continue to serve.

I was commissioned into the Signal branch upon graduation from the United States Military Academy in 2008, and my previous assignments include the all the important positions (like Commander, Executive Officer, and Platoon Leader) that junior officers should hold. I deployed twice to Afghanistan as well as once to Haiti in support of operation Unified Response. My military education includes the required officer training, Airborne School, and Explosive Ordnance Disposal School. After my third deployment, I received an Advanced Civil Schooling scholarship to get a Master’s Degree.

Graduate School Foundation

I have always been interested in computers (as evident here1 and here2), but my interest in security really started at Princeton University. Although I started my Master’s Program with the expectation of working on software-defined networking, my amazing advisor Jen Rexford gave me the freedom to work on whatever projects I found interesting, and I quickly gravitated towards security. I took classes in information security, privacy, and even surveillance countermeasures along with traditional networking courses. With the guidance of Joe Bonneau, I combined these two areas for my research on HTTP Strict Transport Security and Public Key Pinning issues that eventually became my thesis.

Introduction to Hacking

After graduating, I became a Computer Science Instructor at the United States Military Academy (the teach tab explains my academic duties), and I started attending the Cadet Competitive Cyber Team (C3T) practices. While I had an academic understanding of security from Princeton, these practices were my visit exposure to actual hacking. I remember distinctly sitting in a practice a month or so into the semester (after C3T tryouts) where the team was doing the initial training for the new team members. The student leader of the team was explaining the solution to one of the tryout problems by walking through the assembly of this binary in IDA. I remember watching this student in awe and thinking to myself: I am so lost and have no clue what he is doing right now; I cannot believe he is teaching this stuff to underclassmen, and how do I learn to do what this student is doing? In 2015, I voluntarily transferred into the Cyber Branch, and it was one of the best decisions of my life.3 The rest, as they say, is history.

Cyber Branch

Since that first semester, I have spent essentially all my free time trying to be a better hacker. I started with picoCTF, OverTheWire, Cyberstakes, and CodeWarz.4 I then took on extra duties and gave up so much free time to attended conferences (DEFCON 24, Shmoocon 17 & 18, and CyCon ), training (SANS’s SEC560, SEC660, PWK, and Blackhat), and even interned with Facebook’s e-crime team.5 I also taught West Point’s offensive courses and helped coach their cyber teams. Although still learning, I recently earned my OSCP and GPXN certifications, took first place in a CodeWarz Live Competition, and won (as a team) the Symantec’s higher education cybersecurity challenge. I am now away from West Point attending big army schooling, but I plan to continue to develop my skills by taking additional online training, working with the local OWASP chapter, and maybe even starting a local hacking club.

Curriculum Vitae

For a more traditional explanation of my work experience, you can view my online cv.


  1. As a teenager in the 90s, I was beta-tester and resident map-maker for the online text-based MUD (Multi-user Dungeon) MajorMUD [essentially a text-only WOW]. I played under the handle Doubtful IllEverBeGood. You can clearly tell I was super popular in High School. [return]
  2. I created this site while on my first deployment as a way of keeping family members and loved-ones informed of what we were doing while deployed. I had to stay up in the middle of the night to get access to the one internet connection and ftp the files back to my dad’s server because our connection speed was so slow. This type of site would get me in a lot of trouble now because, well, it completely violates OPSEC, but this deployment was before social media was a thing as well as all the Army policies governing its use. [return]
  3. This decision was actually the third best decision in my life behind (1) snagging my wife before she found someone better and (2) joining the army because I had zero possibilities for a productive future otherwise. [return]
  4. Codewarz rebranded as Runcode. So lame. [return]
  5. My research was referenced by name during a presentation I was sitting in during Blackhat. One of the prouder moments of my life. [return]

(Last modified on Sat, Mar 9, 2019)