resume

Basics

Name Andrew Chang
Label Security Professional
Email chang.andrew.23@gmail.com
Phone +1 (919) 780-3457
Url https://www.andrew-chang.me
Summary Experienced cybersecurity professional with a strong track record in cloud security architecture, identity and access management (IAM), and penetration testing. Passionate about actively contributing to the cybersecurity community through the development of cutting-edge security tools and methodologies to assess cloud and IAM configurations.

Education

  • 2019 - 2020

    Atlanta, GA

    Master of Science
    Georgia Institute of Technology, Atlanta, GA
    Computer Science
    • Graduated with Highest Honors
    • Specialization in Computing Systems
  • 2016 - 2019

    Atlanta, GA

    Bachelor of Science
    Georgia Institute of Technology, Atlanta, GA
    Computer Science
    • Graduated with Highest Honors
    • Specialization in Systems and Architecture and Information Internetworks
    • Concentration in International Affairs
    • RoboJackets Robot Sumo Team Software Lead

Work

  • 2023.01 - Present
    Lead Cloud Security Engineer
    Praetorian Security, Inc.
    • Leading penetration tests and configuration reviews against cloud environments and applications for external clients; 3,500+ billable hours and >10 critical/high findings
    • Delivering strategic recommendations to key stakeholders regarding the security posture of their digital infrastructure and assets; >9.5 Net Promoter Score.
    • Developing new methodology and tools to assess cloud and IAM configurations.
    • Supporting sales discovery calls as a subject matter expert.
    • Providing guidance for junior engineers to solidify their offensive security foundations.
  • 2022.12 - 2019.05
    Security Consulting Engineer
    Cisco Systems, Inc.
    • Performed offensive security engagements for external clients; 4,500+ billable hours.
    • Developed and maintained Python framework to automate triage of vulnerability scanner alerts in backbone network fabric for Fortune 15 information technology company. ~30k LoC.
  • 2020.01 - 2021.05
    Head Teaching Assistant
    Georgia Institute of Technology - Institute of Security and Privacy
    • Developed labs and exams for brand new CS 6264 – System and Network Defenses online graduate course for the top ranked cybersecurity program in the country.
    • Labs included: binary exploitation, end-point security with kernel hooks, and Android WebView phishing attacks.
  • 2019.08 - 2020.05
    Graduate Research Assistant
    Georgia Institute of Technology – Institute for Information Privacy and Security
    Research assistant for Dr. Wenke Lee's GTISC lab (now the Georgia Tech School of Cybersecurity and Privacy)
    • Developed a browser-based auditing approach for watering hole-based cyber-attacks by overcoming limitations relating to recording necessary semantic information instead of just viewing system calls
  • 2018.05 - 2019.05
    Security Operations Center Analyst
    Georgia Institute of Technology - Office of Information Technology
    Analyzed and triaged security alerts raised by campus endpoint monitoring systems by crafting searches in Splunk, FireEye HX, and other in-house solutions.

Projects

  • 2025.01 - Present
    AzureHound
    Extension to existing AzureHound project to enumerate Azure subscription RBAC roles, RBAC role assignments, and service principal assignments. Written in Go, ~4k LoC.
  • 2025.01 - Present
    ScentTrail
    Command-line utility to extend an existing Bloodhound Neo4j graph database to identify vertical privilege escalation based on Azure RBAC permissions. Written in Python and Neo4j, ~1k LoC.

Certificates

Publications

Volunteer

  • 2022.08 - 2022.09

    Chicago, IL

    Crypto Village Volunteer
    Hak4Kidz
    Held a cryptography workshop for a children's ethical hacking conference.
    • Led workshop during the conference
    • Developed worksheets to teach basic cryptography concepts to children ages K-12
  • 2022.05 - Present

    Chicago, IL

    Engagements Subcommittee Liaison
    DSA National Tech Committee
    Steering Committee member responsible for communications to the NTC membership.
    • Creating monthly newsletters
    • Leading onboarding meetings to generate interest in the NTC
    • Developing pilot for open-source membership management solution
    • Contributed to dues payments website development

Skills

Cybersecurity
Cloud Penetration Testing
Secure Cloud Architecture
Application Penetration Testing
Network Penetration Testing
Secure Code Review
Purple Team Assessment
Binary Reversing and Exploitation
Static & Dynamic Malware Analysis
Security Incident Response
Wireless Network Exploitation
Cloud
Microsoft Azure
Microsoft Entra ID
Amazon Web Services
Google Cloud Platform
Docker
Kubernetes
Programming Languages
Bash/CMD
Powershell
Python
C/C++
Terraform
HTML/CSS
JavaScript/TS
PHP
Go
Java
SQL
Neo4j
TeX
Markdown

Languages

English
Native
Mandarin Chinese (spoken)
Native
Simplified Chinese (written)
Native
Traditional Chinese (written)
Fluent

Interests

Archery
Biking
Travel
Maps
Public Transportation
Flags