Press

Chrome changes how its cache system works to improve privacy: ZDNet

Chrome 86 introduced new privacy-focused "cache partitioning" mechanism. Catalin reached out to John to discuss the detrimental security effects of unified partitioning.

Talkspace threatened to sue a security researcher over a bug report: TechCrunch

John noted a Business Logic Flaw in May of 2020 that allowed premium Talkspace Therapy Subscriptions to be acquired, for free. Upon reporting and evaluation of the situation, he was served a Cease and Desist letter.

Twitter warns of possible API keys leak: ZDNet

It was discovered that incorrect server settings on the Twitter Developer portal led to browsers caching API keys, account access token and secret. John's perspective on the caching vulnerability was featured in the article.

Guest Speaking

OWASP Georgetown, 2020

An invitation was extended to John to speak in-front of the Georgetown, TX chapter of OWASP. He discussed some of the issues that occur in Bug Bounty Program Management and talked about the book that he is releasing with Wiley.

Honors & Achievements

Hacking is NOT a Crime: Advocate

John was invited to be an Advocate for HINAC after publicly addressing concerns with a major media outlet allowing a journalist to use the word "hacker" to describe cyber-crime. Hacking is NOT a Crime is a non-profit organization seeking to raise awareness about the pejorative use of the terms "hacker" and "hacking" throughout the media and popular culture. Specifically, the negative connotation in which the terms are so often associated. Hackers are often vilified and portrayed as evil, menacing, and even threatening individuals.

Third Place: Cyber Hacktics/CyberUp Hacktober CTF Hacking Competition, 2020

3rd place out of 1062 teams. Challenges addressed a wide range of topics including: Cryptography, Steganography, Traffic Analysis, Exploitation, OSINT, Programming, SQL

Top Ten: CyberUp NCSAM CTF Hacking Competition, 2019

8th place out of 59 teams Challenges addressed a wide range of topics including: Exploitation, Reverse Engineering, Cryptography, Stenography, Forensics, Memory Analysis, Registry Analysis, Password Cracking

United States Marine

In October of 2012, John successfully graduated Marine Corps Recruit Training at MCRD Parris Island, with his platoon: 2nd Battalion, Hotel Company, Platoon 2085. He earned the title of "United States Marine" after three long months of rigorous training.

Security Research

Threat Actor Takedown

During standard Bug Bounty Hunting, John discovered that a malicious hacker was abusing 13 separate companies. He managed to gather evidence and report the threat actor, foiling the Cyber Criminal's attempt to continuously abuse these companies.

Publications

Bug Bounty Program Book

Currently in process of writing a book for Wiley. Stay tuned!