Fidel Romero
HR Manager
Interac
200 Bay Street, Suite 2400 Toronto, Ontario M5J 2J1 Canada
March 3, 2025
David Chen
416-869-7536
Dear Mr. Romero,
Iād like to join Interacās Vulernability and Threat management department as a purple-team threat researcher.
I come from a maths heavy computer-science background and have a specialty in low-level systems programming and software security. I understand that the security of Interacās services serves a very crutial role in the supply-chain of Canadian businesses, and I also understand how vulnerable over-the-air communications can be. I also know that the RFC technology Interac offers is prone to cryptographic and hardware fuzzing attacks. I have had experience with red-teaming through my experience playing wargames and CTFs. Specifically, I understand common encryption techniques like RSA and AES work and how to reverse their encryption schemes, aswell as how to to reverse-enginner and crack Windows and Linux software to deobfuscate and find private data.
From a development side, I have worked with Python and Javascript as my main scripting languages, though I tend to use Golang and C++ a lot more for personal projects. I have a breadth of experience when working with web technologies, and am capable of building full-stack web applications aswell as self-hosting server infrastructure. AWS and Google Cloud are hosting platforms that I use almost everytime I want to build something. At Uofthacks 2025, I deployed our phish finding application with AWS Sagemaker, Amplify and EC2. Ive also used Google Cloudās location and LLM services at Hack-the-valley 2024 to build real-time weather simulations. I understand how security policies for AWS with IAM works aswell as how to manage costs for both Google Cloud and AWS. I also feel that my experience with blockchain technology may be relevant. I understand that financial technology like banking and payment processing often involves use of blockchain technology to provide immutable and reliable ledgers. I have worked with Solana and Midnight to deploy decentralized apps and understand many of the fundamental concepts and principles that go into blockchain development. If need be, I have experience in blockchain security testing, and understand how to find RSA vulnerabilities within proof of work systems.
As for certifications, I have been studying towards my CCNA since Feburary and I expect to obtain it sometime in May 2025. Security+ and Cysa+ are somewhere down the line. I have attached my resume and personal portfolio you want to see more of my work.
Thank you for your consideration.
Cheers, David.