Red Team Operator • Berkeley, CA

Hi, I'm Derek.

I'm a red team operator, offensive security engineer, and occasional writer. I break into things for a living at a Tier 1 global investment bank, build custom offensive tooling in Python, Go, and PowerShell, and blog here about security, automation, and the craft of ethical hacking.

Read the blog →More about me
Latest writing

Recent posts

Notes on offensive security, red teaming, tooling, automation, and the occasional tangent.

🔒
red teamactive directoryevasion

Abusing MSBuild for Defense Evasion: A Detection Engineering Playbook

MSBuild is a trusted Microsoft binary that ships with every Windows installation — and it's a favorite tool for adversaries looking to execute arbitrary code…

Feb 12, 2026Read more →
🔒
toolinggoevasion

Building a Custom C2 Channel Over DNS: Lessons from the Lab

Off-the-shelf C2 frameworks are powerful, but they come with known signatures. When you need to blend into normal network traffic, building your own channel is…

Jan 28, 2026Read more →
🔒
automationLLMpython

Using LLMs to Accelerate Recon: What Works, What Doesn't

I integrated GPT-4 into our red team reconnaissance and vulnerability triage workflow and cut manual effort by roughly 30%. Here's exactly how I did it, what…

Jan 10, 2026Read more →
🔒
purple teamprocessdetection

Running 15 Purple Team Tests a Month: My Framework

Purple teaming at scale requires structure. When you're running roughly 15 tests per month across a large enterprise, you can't afford to wing it — but you also…

Dec 19, 2025Read more →
🔒
careerpersonal

From PwC Auditor to Red Team Operator: A Non-Linear Career Path

People ask me all the time how I went from auditing pension funds at PwC to breaking into enterprise networks for a living. The honest answer is: slowly, and…

Nov 30, 2025Read more →
🔒
web3soliditysecurity

Smart Contract Auditing for Red Teamers: Where to Start

The overlap between offensive security and smart contract auditing is bigger than you think. If you can find vulnerabilities in web applications and APIs, you…

Nov 8, 2025Read more →
About me

A bit about Derek

I'm a red team analyst at BNP Paribas CIB, where I simulate advanced persistent threats against the infrastructure of a global investment bank. My days involve breaking Active Directory environments, writing custom offensive tools, running phishing campaigns, and collaborating with the blue team to make sure they can actually catch what I throw at them.

Before offensive security, I spent 8+ years in software engineering — leading an engineering team at Metric Theory, building API integrations for 10+ ad platforms, and managing $157MM+ in client spend. That engineering background isn't just backstory; it's what lets me build my own C2 infrastructure and think like a developer when I'm looking for ways in.

I started my career as an auditor at PwC and hold a CPA alongside my OSCP+, CISSP, and CPTS. Read more →

OSCP+CISSPCPTSISC2CPA
3+
Years in offensive security
8+
Years in software engineering
~15
Purple team tests / month
30%
Recon reduced via LLM automation