I'm a nurse. I'm a pentester. I'm a developer.
All three, at the same time, on purpose.
In the hospital, you learn to read a room fast. The alarms, the silences, the thing that's almost wrong before it becomes critically wrong. That doesn't leave you, it just finds new places to focus. Now those systems run on Active Directory, HTTP, and trust relationships nobody ever audited.
Some certs, a CVE, and continual improvement. I build tools when what I need doesn't exist. Being a nurse isn't just something I used to do. It's the reason I care who gets hurt when security fails.
learned and earned.
who knows what's next.
obstetrics & NICU
safety is the bottom line.
static typing is my love language.
i'll use what gets the job done.
original research.
always disclosed responsibly.
remote-first.
available worldwide.
real cats. actual hacking.
occasional conflict.
ZoneMinder's event export concatenates monitor names directly into shell commands. One unsanitized source, two exec() sinks, and a payload that someone else can trigger for you.
A path traversal in Camaleon CMS that only triggers under a weird combination of Rails 8, the Solid trio, and an S3 backend. Found by accident. Reproduced through stubbornness.
twenty years of high-stakes clinical work on top of offensive security credentials is a rare combination. if that matters to your team, i'd like to hear from you.
twenty years of high-stakes clinical work on top of offensive security credentials is a rare combination. if that matters to your team, i'd like to hear from you.