I’m an application security engineer & pen tester specializing in web and mobile application security, with over 12 years of software engineering experience across .NET and full-stack development.

My journey into security started from the other side of the table. As a developer, I experienced firsthand how disconnected security testing can feel when there’s no real guidance or clarity. That frustration became curiosity, which eventually turned into a career shift focused entirely on breaking and securing applications.

These days I help developer teams secure their SDLC as an application security engineer, working to build security into applications from the ground up. I also spend time performing application pentests, hunting bugs, and tackling CTF challenges. What drew me to AppSec is simple: no two applications are ever the same. It’s not checkbox security. It requires understanding how systems are built, how they break, and how both attackers and developers think.

This blog is where I document CTF writeups, exam reviews, and occasionally reflect on techniques or tools I find useful. It’s part reference material for myself, part contribution to the community that helped me learn.

If you’re here for writeups or prepping for your own security certifications, I hope you find something helpful.

Always open to connecting with people interested in application security or building secure software.