From drilling for oil to drilling for vulnerabilities - my journey took me from Petroleum Engineering → Geophysics → Computer Science → Cybersecurity. I build AI-powered security systems that make vulnerability analysis less painful and more intelligent.

class SecurityEngineer:
    def __init__(self):
        self.name = "Jason Zhang"
        self.current_focus = ["AI Security", "Vulnerability Research", "Multi-Agent Systems"]
        self.languages = ["English", "Chinese", "Spanish(leaning)" ]
        self.philosophy = "Automate the boring stuff, focus on the interesting threats"
        
    def current_status(self):
        return {
            "learning": ["MCP Implementations", "CVE Research", "Supply Chain Security"],
            "building": ["Badge Verification System", "AI Triage Agents", "Security Content"],
            "contributing": ["GitLaby", "Open Source Security"]
        }

• Building multi-agent vulnerability triage systems using LangGraph and RAG architecture
• Researching AI security vulnerabilities (prompt injection, SSTI, model extraction)
• Hunting for my first CVE in supply chain and AI/ML systems
• Implementing MCP (Model Context Protocol) servers for security automation

• SecureScope - Interactive OWASP Top 10 training platform with dual secure/vulnerable environments
• AWS Community Day Badge Verification - Credly-style badge system with UUID verification
• Security Content Creation - Educational proof-of-concept scripts and tutorials
• Open Source Contributions - GitLab accessibility improvements, Omi MCP server enhancements

🔹 Product Security @ Bill.com (May - Aug 2025)

• Developed AI-powered vulnerability triage with multi-agent architecture (LangGraph + ChromaDB)
• Reduced manual security analysis time by 60% through intelligent automation
• Built OWASP Top 10 benchmarking framework for AI agent validation
• Integrated Qualys, Veracode, and Burp Suite with custom Python automation

🔹 AppSec/Enterprise Security @ SiriusXM (Jun - Aug 2024)

• Created comprehensive security documentation for 1000+ engineers
• Reduced false positives by 70% through SentinelOne-Splunk integration
• Built GitHub Repository Replicator with 95% test coverage and zero production bugs

🎓 M.Sc Cybersecurity - Western Governors University (2025)
🎓 M.Sc Computer Science - Northeastern University | GPA: 3.97/4.00 (2024)

📜 Certifications: CompTIA CySA+, Security+, CCSKv4, HTB CPTS (In Progress)

AI/ML Security:
  - Multi-Agent Systems: LangGraph, LangChain, Google Gemini
  - RAG Architecture: ChromaDB, Vector Databases
  - ML Frameworks: TensorFlow, PyTorch, RLHF, DPO, QLoRA

Application Security:
  - SAST/DAST: Qualys, Veracode, Burp Suite, Snyk, Semgrep
  - SIEM: Splunk, Azure Sentinel, SentinelOne
  - Pentesting: Metasploit, Nmap, Wireshark, Burp Suite
  
Development:
  - Languages: Python, Rust, C/C++, JavaScript, PowerShell
  - Cloud: AWS, Azure, Docker, Kubernetes, Terraform
  - CI/CD: GitHub Actions, GitLab CI/CD, Jenkins
  
Frameworks & Standards:
  - Compliance: FedRAMP, NIST 800-53, HIPAA
  - Security: OWASP Top 10, MITRE ATT&CK, CWE

Python | Flask | Docker | JWT | OWASP Top 10

• Interactive platform demonstrating OWASP vulnerabilities through dual environments
• JWT authentication with bcrypt and RBAC for access control
• Containerized for isolated testing and consistent security controls

PowerShell | Azure Sentinel | Terraform

• Captured 1.2k+ attacks in 24 hours using IaC deployment
• Automated log analysis and VM management reducing overhead by 70%
• Real-time visualization of global attack patterns

Python | Security Research | POC Development

• Proof-of-concept demonstrations for common vulnerabilities
• Educational content for security awareness
• Freelance security consulting and training materials

Azure | Active Directory | LDAP | DHCP | DNS | VPN

• Full enterprise environment simulation on Azure
• Multiple protocol implementations and firewall configurations
• Security monitoring and event log analysis

• AWS Community Day (2023 - now) - Volunteer & Website Maintainer - AWS Community Day Bay Area
• CodePath - Student and Volunteer Teaching Assistant
• BlackHat 2023 - Scholarship Recipient
• SVCSI Conference - Volunteer Coordinator
• CTF Competitions - Active on TryHackMe, Hack the Box, PicoCTF

🔍 Security Research: Supply chain vulnerabilities, AI/ML security, CVE discovery
🤖 AI Agents: Multi-agent architectures, autonomous security systems, MCP protocols
🛠️ Open Source: Contributing to GitLab, Omi, and security-focused projects
📚 Learning: Advanced exploitation techniques, detection engineering, threat intelligence

• Email: [email protected]
• LinkedIn: Haozhe Zhang
• Resume: View PDF