Following the acquisition of Endgame by Elastic, I spearheaded a critical effort across multiple teams to integrate the Event Query Language (EQL) into the Elastic Stack. This included projects spanning from Elasticsearch to the Elastic Agent, enabling new capabilities such as stateful detections and real-time preventions.
Roles
Principal Security Research Engineer
May 2021 - Sep 2021
- Rules auto-updating feature: Led the design and implementation of an automatic rules updating feature for Elastic Security. This enabled the detection team to independently publish updates to the detection engine without requiring stack updates, and involved coordination across several teams and stakeholders.
- Endpoint rules prevention: Completed the design of a custom EQL-based interpreter and rules engine for Elastic Endpoint, released as Malicious Behavior Protection in Elastic 7.15.
Senior Security Research Engineer
Oct 2019 - May 2021
- EQL in Elasticsearch: Contributed to a year-long project to bring EQL to the Elastic Stack, collaborating with Elasticsearch engineers to implement stateful and temporal detections in Elastic 7.11. This work introduced new detection capabilities across environments, enabling the security team to write detections across an entire environment with new classes of detections.
- Endpoint rules prevention: Led the implementation of a custom bytecode interpreter for Elastic Endpoint agents, enabling faster processing for Linux, macOS, and Windows. This improved response times, simplified the stack, and enhanced telemetry granularity.
- Mentorship: Mentored detection engineers to develop stronger software engineering skills and guided software engineers in learning compiler design principles.
Skills
- Technical leadership
- Compilers
- Python
- C++
- Go
- Rust
- Java
- TypeScript