Ty Bross's Linkedin Analytics

My goal is to use my knowledge and capabilities to bring value to the workplace, striving to improve myself and learn from those around me. Current Concentrations: Incident Response/Detection Engineering - + Create and maintain Panther detection rules written in Python + Incident investigation and response coordination + Create, lead and participate in IR tabletop exercises + Own incident postmortems and present findings/lessons learned to stakeholders Application Security Engineering - + Approach vulnerability detection and prevention from a shift-left perspective to remediate vulnerabilities before code is written + Reviewing PRs to detect security issues + Cross-functional collaboration to drive security issues from detection to remediation and verification + Secure code reviews + Own SAST/DAST engineering projects + Platform and tool management (initial setup, updates, configuration, user management, etc.) + Establish and adhere to internal SLAs + Deliver exceptional internal application-security related presentations (WAF bypass techniques and other exploits, secure coding guidelines) + Provide mentorship to junior engineers Web Application Penetration Testing - + Participation in public bug bounty programs hosted on HackerOne and BugCrowd + Participation in private bug bounty programs (Hack The Army, Hack The Airforce, Synack, etc.) + Concentrating on authN, authZ, CSRF, XSS and business logic vulnerabilities + Responsible disclosure Programming and Scripting Experience - Python, Java, Bash Software experience - Burp, Metasploit, Defect Dojo, Rational Appscan, Appscan Source, Checkmarx, SonarQube, Wireshark, Nessus, Nikto, nmap, Project Discovery suite, Panther, Git