I like to learn. Several years ago, I was learning how to attach myself to a Via Ferrata cable hiking through the Dolomites. Clipped onto the face, I realized how lucky I’ve been to have unique experiences throughout my life.

When I returned home from my trip I created this website. I hope I can help you pursue your passions like I pursue mine.

Most of you are not here to learn how to clip into a Via Ferrata. You likely are more interested in my day job, computer hacking. But why should you trust a hacker you only know through the electric signals of the internet? Sounds sketchy. Let me start by telling you what I do, what I’ve done, and where I come from. Then you can decide if you want to trust what I’ve learned.

Currently I work for Praetorian as a Senior Security Engineer.

We conduct offensive security assessments for private companies. In layman’s terms: Companies hire us to hack into them, and if (when) we’re successful, we show them how we did it. I currently execute Red Team engagements and am loving it.

A pivotal moment in my cybersecurity journey came when I started researching a new class of CI/CD attacks along with Adnan Khan. In the fall of 2023, we teamed up to scour the internet for open-source repositories that were vulnerable to these attacks. The results shocked us, as we continuously identified critical supply chain vulnerabilities in the world’s most advanced technological organizations, including PyTorch, GitHub, Google, blockchains, and more.

Our research ignited the security world, leading to extensive coverage by news outlets, and we hope to dive into even more detail at security conferences during the summer of 2024.

Before joining Praetorian, I graduated from Cornell University in 2022 with a bachelor’s degree in Computer Science Engineering and a minor in Business. Throughout school, I taught myself hacking and received my OSCP certification the summer after graduation. 

During my last semester in college I designed and developed two security-focused research projects. Really I just wanted to work on projects that would help me learn more about security, as I was just beginning to learn about the field.

The first project was a Domain Name System (DNS) analyzer that detected malicious DNS activity. We implemented them in Cascade, Cornell’s advanced cloud application framework. These analyzers are fast. Like, extremely fast. They can perform their analysis in real-time and block DNS requests before they reach the internet.

During my second project, we built a WiFi Hacking Guide that can teach your Grandmother how to hack WiFi. Is it trivial for anyone who knows basic WiFi security? Yes. Was it fun to write? Also yes. It turns out a lot of people want to learn basic WiFi attacks, as the guide had a mini Reddit blow-up, receiving over 90,000 views in the first day on r/hacking.

Prior to my research I interned at Praetorian where I worked as a software developer and security engineer. During that time I helped design and develop GoKart. GoKart is a GoLang tool that finds vulnerabilities effectively, efficiently, and with a much lower false positive rate than every other code scanning tool I’ve seen. GoKart’s prowess earned it over two thousand stars on GitHub.

During my internship I also built SeAzure (read: seizure). SeAzure is a Malicious Azure App that finds, steals, and trojanizes every personal and corporate file in a victim’s environment. It is designed for Red Team engagements and even has a stealth mode.

Prior to the cyber world I worked at Fit2Excel, a strength and conditioning company back home in Essex, Vermont. As a personal trainer I specialized in helping serious athletes reach their full potential. I also ran the firm’s marketing and taught workout classes. Fitness is still a big passion of mine.

Ok you made it. Congratulations. Enough about John the professional. Let’s hear about John the person.

Growing up in northern Vermont shaped my interests. Without cities (the biggest city in the state is less than 50,000 people) and without phones (my parents banned phones until high school), we actually had to go outside to play. My two siblings and I would entertain ourselves by mountain biking, cliff jumping, hiking, snowboarding, and sports. These are the same things I love to do today. 

I prefer playing sports over watching. I will accept a pickup game invitation in anything, no matter how bad I may be. Growing up, I played soccer, football, wrestling, and lacrosse and wrestled Division I in college. Now that my athletic career is over I plan on making random men’s leagues a big part of my life.

As soon as I started making money I began to travel. Inspired by lifelong friend David Rosales, I wanted to take advantage of working remotely (David has been nomadic for years and writes frequently about his travels). My journey first led me to San Diego in 2021 for a summer surfing while I worked a virtual internship. The following summer found me hiking in Austria and Italy while taking a break from studying for the OSCP. Currently I am nomadic, picking one place and living there for several months before moving somewhere else. My long-term (>3 months) stays so far have included Burlington, Austin, San Diego, and Salt Lake City.

So. Hopefully I am now less sketchy. If you want to reach out to me, send me an email, connect on LinkedIn or message me on Instagram. I look forward to sharing what I have learned. Until then, enjoy.

Want to hear more? Subscribe to the official John IV newsletter to receive live, monthly updates of my interests and passions.