Hi! I'm Xavier Cho, I love to overlap security and software. My skills range from security operations to application security. But I do find joy in every aspect of the security landscape. I'd love to get coffee / food sometime,
so don’t hesitate to get in touch!
( ´ ▽ ` )ノ
Interests: Puns, Gaming, Photography, Food, Fitness & Code.
View Resume
| Languages | Infosec Toolkit | Frameworks |
|---|---|---|
| Python | HackerOne | MITRE ATT&CK |
| C++ | Mimecast / Area1 | MITRE D3FEND |
| Javascript | Crowdstrike / Carbon Black | OWASP |
| BurpSuite | SSDLC | |
| Thinkst Canary | ||
| Tines / Workato / SOAR | ||
| LogRhythm / SIEM | ||
| Detectify | ||
| JFrog / SCA | ||
| OpsLevel | ||
| MEND Renovate | ||
| TheHive Project | ||
| Darktrace | ||
| Tenable | ||
| Recorded Future | ||
| KnowBe4 | ||
| Secure Code Warrior | ||
| Git & Github |
Here is a list to some of my related projects
down below on this site.
Want to see more?
Here is my Github
Technologies: Tines, Jira, Slack, Python
Applying the SOAR platform Tines and its integrations to automate alerting across GitHub and various other platforms. This strategic automation significantly bolstered our security posture while maintaining operational velocity.
Technologies: Semgrep, Github Actions
Using Semgrep for Static Application Security Testing (SAST) to enhance Software Composition Analysis (SCA) and vulnerability scanning efforts. This tool has been instrumental in offering valuable insights into best practices, as well as dependencies.
Technologies: Github Actions, Trufflehog, Tines, Slack, Jira
Leveraged Trufflehog as a specialized tool for secret scanning for the Continuous Integration (CI) pipeline. Enhancing the ability to proactively identify and mitigate potential security vulnerabilities arising from sensitive information exposure.
Technologies: TheHive, Google Admin, Area1, Darktrace, Recorded Future, SIEM, Wazuh
Utilized TheHive for incident response, leveraging the collaborative features to manage cases efficiently alongside a range of complementary tools that enhance threat detection, analysis, and containment. This combined approach ensures swift and effective response to security incidents.
Technologies: Social Skills, Discord
I volunteer at Defcon for the Appsec Village! I hope to see you there!
Join The Community
