jejaquez Goto Github PK

An open-source developer and qualified cybersecurity professional specializing in Vulnerability Management, Ethical Hacking, Source Code Reviews, Threat Modeling, Penetration Testing, Vulnerability Scanning, and Vulnerability Assessments.

I am always exploring empirical research, governance, compliance, leading frameworks, models, and standards to reduce threats and vulnerabilities. I have hands-on experience, exploring advanced topics, and I am always learning the latest concepts, and preparing for anticipated risks in the field of cybersecurity. I am super eager to help others, for that reason, I concentrate my work on the past, present, and future of cybersecurity. Some topics that I love are cyberspace, cyberethics, cyberlaw, and cyberpeace.

• Qualified in penetration testing, secure code analysis, and vulnerability management. I hold a DoD (Department of Defense) 8570.01-M approved cybersecurity certification compliant with ISO 17024
• +15 years of professional experience in cybersecurity and S-SDLC
• Expert in building resilient applications, services, platforms, and infrastructure by implementing threat modeling to identify the threats, attacks, vulnerabilities, and mitigations
• Adept in application security and manual penetration testing for standalone, thick client, web, API, lambda, and mobile applications
• Proficient in using Network Vulnerability Scanners, SAST, DAST, IAST, SCA, OWASP, SANS 25, CVE, CVSS, CAPEC, ATT&CK, and CWE 25
• Skilled in developing security tools to automate the assessments of targets and source code
• Capable of writing proof-of-concept exploits/code to demonstrate the severity of a potential security issue
• Expert in identifying and researching new vulnerabilities with code analysis, symbolic and concolic execution, dynamic testing, and fuzzing
• Working experience with global security teams performing application security and low-level architecture and design reviews of hardware, firmware, applications, services, network protocols, and devices
• Excellent prioritization skills and capability to communicate at all levels
• Experience with NIST CSF domains and PCI DSS requirements
• Competent in Satellite Communications (SATCOM) Cybersecurity
• Experience in risk management and security assessments
• Working knowledge of AWS, Azure, and GCP services
• Experience in large-scale environments and leading teams
• Proficient in the development of open-source security tooling. I’m the developer of a vulnerability scanning and attack surface management platform that helps to detect vulnerabilities before hackers exploit them
• Skilled in writing professional quality reports, and presenting findings to executive and technical audiences
• Experience performing penetration tests for ITAR (International Traffic in Arms Regulations) and EAR (Export Administration Regulations) programs approved by the DoD (Department of Defense)

I work earnestly to make cybersecurity awesome. That's why I am developing Mageni, an open source vulnerability and attack surface management platform. Some of the technologies used to built Mageni are listed in the toolbox below.

According to the DMCA, "a copyright holder must consider the existence of fair use before sending a takedown notification under § 512(c)." [1], and when using the source code of a GPL-covered program, the GPL grants you "fair use" rights [2] [3]. Therefore, regarding the GPL-covered source code that I'm using in this repository for research, educational, and non-commercial purposes, I concluded that since the GPL grants "fair use" rights [1], I'm lawfully and rightfully exercising my fair use rights as authorized by 17 U.S.C. § 107 and the GPL. At the same time, I uphold and cherish the copyright holders' rights.

Additionally, "If a copyright holder ignores or neglects our unequivocal holding that it must consider fair use before sending a takedown notification, it is liable for damages under § 512(f)." [3] Submitting false, fraudulent, and/or bad faith information could result in civil liability — that is, you could get sued and you could be fined or imprisoned for not more than five years, or both. [4]

[1] Lenz v. Universal Music Corp., 815 F.3d 1145 | Casetext Search + Citator. (n.d.). Casetext.com. https://casetext.com/case/lenz-v-universal-music-corp-17
[2] Frequently Asked Questions about the GNU Licenses - GNU Project - Free Software Foundation. (n.d.). Www.gnu.org. Retrieved December 29, 2023, from https://www.gnu.org/licenses/gpl-faq.en.html#GPLFairUse
[3] 17 U.S. Code § 107 - Limitations on exclusive rights: Fair use. (2019). LII / Legal Information Institute. https://www.law.cornell.edu/uscode/text/17/107
[4] Cornell Law School. (n.d.). 18 U.S. Code § 1621 - Perjury generally. LII / Legal Information Institute. https://www.law.cornell.edu/uscode/text/18/1621