What Can You Hire Me to Do?
I am commercially available for the following things:
- Application Security
- Software Engineering
- Machine Learning/Data Science
- Magic: the Gathering
- Writing
I am interested in short term projects and in long term employment (depending on the parameters). I am a US citizen currently living in the NetherlandsUnfortunately I am not interested in moving away from the Netherlands. I quite like it here.; I am authorized to work both in the US and the Netherlands (though work for US clients typically passes through my C corp). My resume is also available on request. If you’re interested in any of these or something else please email me.
Application Security
I have been a practicing application security consultant for over a decade. This encompasses identifying security flaws in web applications and mobile applications, as well as work on thick clients and other custom protocols. I have also spent a fair amount of time assessing the security of AWS services and am familiar with their operation and common security bugs. If you have an application connected to the internet, and want to know what vulnerabilities it has, I can help you. I can design, scope, and run these assessments without assistanceIn general I don’t enjoy performing assessments that are profoundly out of my skill set so in the unlikely event we identify one, I will refer you to someone in my network who is more experienced in that area..
I have also done a lot of practice development for larger consultancies, including identifying and training new talent, and developing hard and soft skills. If you want someone to drop in and build a new application security line of business we can do that. Samples of my technical writing are also available on this very website.
Software Engineering
I work as a security consultant, but I have been writing code since I was eight years old. These days my projects are mostly in Typescript and Python. I have carried out source review in many other languages, so I am comfortable contributing to projects in C#, Java, PHP, etc and most common frameworks. I have also spent an unusual time debugging and tweaking HTTP services which makes me well-suited to web development.
This work has mostly been done solo or with 1-2 other developers. On one hand, this means that I have practical knowledge of client and server-side stacks and toolsThis is helped by my time in application security- frequently we need to become able to understand what a large codebase is doing and how its endpoints work on the first day of an assessment. from having to learn and use them myself. It also means that given an unfamiliar software tool I am likely to become rapidly proficient: patiently reading the documentation and experimenting is a core skill for the feral programmer.
On the other hand, this means that leading large teams for Webscale™ deployments is outside of my expertise. I am deeply familiar with optimization and strategies for high-traffic deployment are conceptually clear to me, but I would describe my skills in this area as ‘senior’ rather than ‘lead’ simply due to a lack of practical experience. Still, if you are looking for someone who can competently implement new features and rapidly identify and fix bugs, it sounds interesting to me.
Machine Learning/Data Science
I do a lot of machine learning for fun; you might have read about it on this site. My work is focused on the use of statistical inference in neural networks for cryptography purposes: my previous project was cryptanalysis of non-CSPRNGs and my current project is side channel analysis of the BREACH attack via reinforcement learningA project which is going much more successfully than the one on XORSHIFT. My machine learning research started in Tensorflow in 2019 but has shifted over to Pytorch and its associated ecosystem. I also have some data engineering experience from previous work, including Pyspark ETL and some work in Elasticsearch as well.
This means that I am probably more skilled in developing novel data analysis and inference pipelines than the average data scientist or machine learning engineer. My experience developing, testing, and deploying models is all as a one-person team, which has resulted in a lot of esoteric debugging experience. I was interested in this area before LLMs burst on the scene and thus also have experience with older systems, as well as mathematics as a whole (My degree is in Mathematics). I am thus more interested in general ML than LLMs specifically.
This unusual experience cuts both ways. If you have a bunch of data and need to know what it is telling you, I can solve this problem without much hand-holding. I would be less comfortable leading large teams due to a lack of practical experience in debugging large scale pipelines. However, my time in the ETL mines means this experience is not exactly zero, and being in charge of data quality analysis at a previous data startup means I have some ideas of how to tell if things are going wrong. Thus, I think I would be more useful in this area than my resume suggests.
Magic The Gathering (Commander)
I have been playing Magic for about 30 years and Commander for about half of that. It would be somewhat surprising if you wanted me to work on a project related to Magic; still, I play the game and write about it as a hobby. If you have read the articles on this site and internalized them, you probably understand why my advice on is useful. If not, have a look at some of my work and decide yourself.
I am generally available for these projects and would obviously be a natural fit for something which involves Magic and software. I also sell deck checks for 75$. This entails me looking at your Commander deck and giving you advice on what would improve it or how to make it do the thing it’s trying to do. I don’t have much experience in CEDH but can otherwise incorporate meta choices, etc.
Writing
I have more marketable skills, but I do write, as well: the nonfiction on this website, as well as poetry, fiction, and verse. This ability seems to be unusual in people who are interested in the above topics; thus, if you want to have competently written and researched posts about any of the above on your site, I can do that. Outside of this site, that has included:
- Mobile App Testing With Automation Trickery in Frida
- Taking on the Haters: Pentesting User Session Vulnerabilities
You are on a website full of my writing so I don’t have much more to say here.
Contact Me
Generally email is best. I will respond same-day to all reasonable questions and frequently faster. Generally if you find me at airza or airzae on social media, I will also respond, but these sites don’t have notification privileges on my rectangle and it might take longer.