I'm a Security researcher with 5+ years of hands-on web application testing and 100+ validated vulnerabilities across Fortune 500 companies, U.S. government systems, and major consumer platforms.
My core discipline is web and API offensive security: IDOR exploitation, authentication bypass, stored XSS with session exfiltration, CORS misconfiguration, SSRF escalation, JavaScript source analysis, and chained-impact reporting. I don't stop at the first PoC — I push until the real impact is on the page.
Alongside full-time work, I operate GK Data LLC, a cybersecurity consultancy delivering penetration tests and vulnerability assessments. I ship open-source tooling for the bug bounty community, write methodology breakdowns, and maintain active engagements on private Bugcrowd programs targeting critical infrastructure and consumer-scale platforms.
Currently open to security research, application security, and offensive security engineering roles — remote or on-site — in environments where security is taken seriously and research is encouraged.
