AUSTIN HEATH

+1 601-596-2842 | austin@heath.codes

https://austin.heath.codes

Willing to relocate

Clearance: Top Secret (TS/SCI) with CI Polygraph

EDUCATION

Georgia Institute of Technology Atlanta, GA

Master of Science, Computer Science (Specialization: Computing Systems), 4.0 GPA December 2022

Mississippi State University Starkville, MS

Bachelor of Science, Computer Engineering, 3.61 GPA December 2017

EXPERIENCE

Senior Software Engineer June 2021 – Present

U.S. Army Cyber Command - Cyber Solutions Development Fort Gordon, GA

- Managed a team of 12 security researchers using tools like IDAPro, Ghidra, LLVM, and QEMU, to research,

discover, and exploit vulnerabilities in embedded devices and Windows applications, enabling the organization

to avoid costs procuring similar vendor solutions, resulting in a signiﬁcant savings.

- Developed a shellcode library using C, Python, and CMake, enabling 20 developers to cross-compile ubiquitous

shellcodes for Intel, ARM, MIPS, and PowerPC processor architectures, eliminating duplicate shellcodes across

9 exploit development projects.

- Triaged 5 public vulnerability disclosures, releasing 7 bespoke exploit tools, providing initial access to computer

networks of interest for 6 operations teams across 3 organizations and 4 uniformed services.

- Instructed 5 operations teams on the effective use of exploit tools, increasing stakeholder interaction and

inﬂuencing organizational policy to emphasize consistent stakeholder engagement.

- Hosted 12 monthly training events covering reverse-engineering and exploit development techniques,

increasing the organization’s number of trained security researchers by 25%.

- Overhauled the organization’s technical documentation process using Markdown, LaTeX, Pandoc, CMake, and

Python, enabling developers to better detect documentation errors prior to release.

Software Engineer February 2018 – May 2021

U.S. Army Cyber Command - Cyber Solutions Development Fort Gordon, GA

- Redesigned the organization’s binary obfuscation methods using LLVM, rendering obfuscated artifacts

unrecognizable compared to the original, inhibiting reverse-engineering efforts and preventing developers from

spending 40 hours manually obfuscating existing projects.

- Implemented 11 modules for a Python exploit framework, automating common operator tasks and reducing

50% of human interaction, increasing mission efﬁciency for 5 operations teams.

- Automated the organization’s compilation, testing, release, and deployment process by integrating existing

projects into GitLab CI, expediting tool development and release for 3 developer teams.

- Obfuscated web-based malware written in PHP using open source software and designed command, control,

and conﬁguration mechanisms using Python, enabling 3 operations teams across 2 uniformed services to

maintain persistent access to web targets of interest.

CERTIFICATIONS

Offensive Security Certiﬁed Professional (OSCP)

Certiﬁed Information Systems Security Professional (CISSP)

GIAC Reverse Engineering Malware (GREM)

CompTIA Security+ (Sec+)

Certiﬁed Ethical Hacker (CEH)

Cisco Certiﬁed Network Associate (CCNA)

TECHNICAL SKILLS

Languages: Python, C/C++, x86, amd64, MIPS, ARM, PowerPC, TileGX, Java

Libraries: gRPC, OpenMP/MPI, libvirt, libcurl, POX, Mininet, OpenFlow, LLVM, Z3, NumPy, SciPy, pandas, pwntools

Developer Tools: Git, GitLab CI, Atlassian Bamboo, Jupyter, Docker, QEMU, GDB, WinDbg, angr, AFL, KLEE

Applications: VMware, VirtualBox, Vagrant, Ghidra, IDAPro, BinaryNinja, BinDiff

Frameworks: Metasploit, WordPress

PROJECTS

Splinter Shell | https://github.com/one2blame/splintershell | Python, Scapy, Scikit-learn, amd64 April 2021 - Present

Employed unsupervised learning techniques to train a machine learning model on a corpus of packet captures,

classifying normal and malicious network trafﬁc and encoding shellcodes to bypass intrusion prevention

systems.

The Dark Arts | https://one2bla.me/the-dark-arts/ | C, Python, Ghidra, pwntools, angr July 2020 - Present

Composed a blog to catalogue my adventures in reverse-engineering and binary exploitation, serving as a

training resource for junior security researchers.

Constraint-based Variable Analyzer | https://github.com/one2blame/cs6340 | C++, LLVM, Z3 October 2021

Transformed programs into LLVM intermediate representation (IR), derived Datalog facts from the instructions,

and designed a reaching deﬁnition and live variables analysis using Z3.

Data Dependency Tracker | https://github.com/one2blame/cs6747 | Python, Ghidra July 2021

Wrote Python scripts to parse Ghidra disassembly, generating control ﬂow graphs and data dependency

tracking for functions in malware specimens.

Stock Trading Robot | https://github.com/one2blame/cs7646 | Python, NumPy, pandas April 2022

Employed reinforcement learning to train a model on historical stock metrics, assessing the trading robot’s

performance on out-of-sample data, outperforming a manual trading strategy by 30%.

Multi-class Random Forest | https://github.com/one2blame/cs6601 | Python, NumPy July 2022

Improved upon existing multi-class classiﬁcation tree and random forest implementations, achieving a

classiﬁcation accuracy of 84% on out-of-sample data.

Extensible MapReduce Framework | https://github.com/one2blame/cs6210 | C++, gRPC, Protobuf April 2020

Designed an extensible, distributed system to MapReduce a large corpus of data, applying data sharding and

load balancing to enhance performance.

Distributed File System | https://github.com/one2blame/cs6200 | C++, gRPC, Protobuf November 2019

Engineered a concurrent server capable of handling clients initiating asynchronous gRPC requests to upload

and download ﬁles.

SDN Firewall | https://github.com/one2blame/cs6250 | Python, Mininet, OpenFlow, POX March 2021

Constructed an emulated network to test software-deﬁned network ﬁrewall rules, programming real-time trafﬁc

inspection to enforce access controls.

VOLUNTEERING AND COMMUNITY SERVICE

Mentor February 2022 – May 2022

Grovetown High-school Robotics Club Grovetown, GA

Mentored high-school students on robotics mechanical engineering, setup of electrical components, and

development of Arduino code for controller logic. Lead the Grovetown High-school Robotics Club to take 1st

place in the Central Savannah River Area (CSRA) Fully Wired high-school robotics competition.

Volunteer May 2021 – July 2021

Air Force Association CyberPatriot Augusta, GA

Moderated a Virtual CyberPatriot Summer Camp via Zoom and provided instruction to high-school students on

techniques to harden the security posture of various Linux distributions.

Volunteer August 2019 – March 2020

Girls Who Code Augusta, GA

Facilitated club meetings and taught 6th - 12th grade girls Python game development.

ACHIEVEMENTS AND AWARDS

CISA President’s Cup Cybersecurity Competition - 3rd Place 3 x Army Achievement Medals