root@lance-m:~#

 ██╗      █████╗ ███╗   ██╗ ██████╗███████╗    ███╗   ███╗     
 ██║     ██╔══██╗████╗  ██║██╔════╝██╔════╝    ████╗ ████║     
 ██║     ███████║██╔██╗ ██║██║     █████╗      ██╔████╔██║     
 ██║     ██╔══██║██║╚██╗██║██║     ██╔══╝      ██║╚██╔╝██║     
 ███████╗██║  ██║██║ ╚████║╚██████╗███████╗    ██║ ╚═╝ ██║ ██╗ 
 ╚══════╝╚═╝  ╚═╝╚═╝  ╚═══╝ ╚═════╝╚══════╝    ╚═╝     ╚═╝ ╚═╝

Cybersecurity · AI Security · AI Safety

career@lance.contact|linkedin.com/in/lance-mars/|github.com/lance-mars

§ 01 · about

~/about/whoami.out

Hi, I'm Lance.

I'm a cybersecurity student focused on AI security. I do contract work reviewing AI-generated code for vulnerabilities like injection vectors, cryptographic misuse, and authentication bypasses. I also red-team models to find failures in their reasoning and guardrails, and I look at why those failures happen.

Currently working toward a B.S. in Cybersecurity at Western Governors University, with graduation expected in 2028.

Looking for internships in AI safety, LLM security, AI red teaming, or adversarial evaluation.

§ 02 · skills / core competencies

~/skills — core_competencies.sh

AIAI Security llm attack surface · model safety

The practice of identifying and mitigating vulnerabilities specific to large language models, including data leakage, model manipulation, and unsafe output generation. It covers defensive measures across the model lifecycle, from training data protection to runtime safeguards.

A class of attacks where malicious instructions are embedded in user input or external content (documents, web pages, tool outputs) to hijack an LLM's behavior. Defenders must understand both direct and indirect injection techniques to build resilient AI systems.

Techniques used to bypass an LLM's safety guardrails and elicit restricted behavior, often through roleplay, encoding tricks, or multi-turn manipulation. Understanding jailbreak patterns is essential for hardening models and designing robust refusal behaviors.

The systematic testing of AI systems against crafted inputs designed to expose weaknesses, biases, or failure modes. It blends security testing with ML evaluation to quantify model robustness under worst-case conditions.

Simulating adversarial attacks against AI systems to discover vulnerabilities before malicious actors do, covering model behavior, supporting infrastructure, and agentic workflows. Red teamers combine traditional security skills with creativity in prompt crafting and abuse case generation.

ACApplication & Code Security secure software · owasp

The practice of manually and automatically analyzing source code to identify security vulnerabilities before they reach production. It requires fluency in common weakness patterns, language-specific pitfalls, and the ability to reason about data flow and trust boundaries.

A widely referenced list maintained by the Open Web Application Security Project that ranks the most critical web application security risks, such as broken access control and injection flaws. It serves as a baseline framework for training, threat modeling, and prioritizing remediation.

The various channels through which untrusted input can alter program execution, including SQL, command, LDAP, XML, and template injection. Understanding these vectors is foundational to building input validation, output encoding, and parameterization defenses.

The disciplines of verifying user identity (authentication) and enforcing what actions they can perform (authorization), covering mechanisms like OAuth, SAML, JWTs, and RBAC. Flaws here, such as broken access control or session fixation, are among the most impactful in modern applications.

Protecting REST, GraphQL, and RPC interfaces against threats like broken object-level authorization, excessive data exposure, and rate-limit abuse. It combines authentication hygiene, schema validation, and runtime monitoring tailored to machine-to-machine traffic.

CRCryptography primitives · protocols · misuse

Cryptography where the same key is used to encrypt and decrypt data, using algorithms like AES and ChaCha20. It offers high performance for bulk data protection but requires secure key distribution, which is where symmetric systems most often fail.

Public-key cryptography that uses mathematically related key pairs so one key encrypts or signs while the other decrypts or verifies, enabling secure communication without shared secrets. Algorithms like RSA and elliptic curve schemes underpin TLS, code signing, and modern identity systems.

Public Key Infrastructure is the ecosystem of certificate authorities, registration authorities, and trust chains that binds public keys to identities. It enables scalable asymmetric cryptography across the internet but depends heavily on correct issuance, revocation, and trust store management.

The common failure modes that arise when developers implement cryptography incorrectly, such as reusing nonces, using ECB mode, hardcoding keys, or rolling custom algorithms. Even strong primitives become insecure when applied without understanding their operational requirements.

The study of how cryptographic and network protocols behave under adversarial conditions, identifying weaknesses in handshakes, state machines, and message formats. It combines formal reasoning with practical testing to catch flaws like downgrade attacks or replay vulnerabilities.

NWNetwork Security traffic · perimeter · analysis

A foundational understanding of how packets traverse networks through addressing, encapsulation, and routing protocols like BGP and OSPF. This knowledge is essential for diagnosing traffic flows, designing segmentation, and recognizing network-layer attacks.

The use of policy enforcement points and network zoning to restrict lateral movement and limit blast radius during a breach. Effective segmentation combines stateful filtering, microsegmentation, and zero-trust principles tailored to business workflows.

Security considerations specific to Wi-Fi, Bluetooth, and cellular networks, including encryption standards like WPA3, rogue access point detection, and RF-level attacks. Wireless environments demand attention to both protocol weaknesses and physical-layer exposure.

Intrusion Detection and Prevention Systems monitor network or host traffic for signs of malicious activity and can block threats inline. Effective deployment requires tuning signatures and behavioral rules to balance detection fidelity with operational noise.

The practice of inspecting captured network traffic with tools like Wireshark or Zeek to investigate incidents, troubleshoot issues, or reverse-engineer protocols. It demands deep familiarity with protocol structures and the ability to spot anomalies in large data volumes.

SSSystems & Scripting os internals · automation

Proficiency with Linux operating systems, including the filesystem, permissions model, process management, systemd, and common services. Security professionals rely on Linux fluency for hardening servers, analyzing compromises, and operating most modern security tooling.

A working knowledge of Windows architecture, including the registry, Active Directory, PowerShell, tokens, and the Windows API. Attackers and defenders alike need this depth to understand privilege escalation, persistence mechanisms, and endpoint telemetry.

A versatile scripting language widely used in security for building tools, parsing data, automating workflows, and interacting with APIs. Its readability and extensive ecosystem make it the default choice for detection engineering, research, and custom tooling.

The dominant shell and scripting language on Unix-like systems, used for automation, pipeline orchestration, and ad hoc investigation. Strong Bash skills enable rapid log triage, system administration, and integration with command-line security utilities.

The practice of codifying repetitive security tasks into reliable, repeatable workflows using scripts, SOAR platforms, or infrastructure-as-code. Good automation reduces toil, shortens response times, and lets analysts focus on work that genuinely requires judgment.

SOSecurity Operations & Forensics detect · respond · investigate

Security Information and Event Management platforms aggregate logs from across an environment to power detection, investigation, and compliance reporting. Getting value from a SIEM depends on thoughtful data onboarding, normalization, and correlation rule design.

The discipline of writing, tuning, and maintaining rules and analytics that surface malicious activity from telemetry. Modern detection engineering treats rules like code, with testing, version control, and measurable coverage against frameworks like MITRE ATT&CK.

The structured process of preparing for, identifying, containing, eradicating, and recovering from security incidents. Effective response blends technical investigation skills with communication, documentation, and decision-making under pressure.

The methodical collection and analysis of digital artifacts from disks, memory, networks, and cloud environments to reconstruct events. It emphasizes defensibility and reproducibility so findings can support both internal decisions and legal proceedings.

The procedures that preserve the integrity and admissibility of digital evidence, including chain of custody, hashing, write-blocking, and documentation. Even the best forensic analysis can be undermined if evidence is collected or stored improperly.

§ 03 · projects

§ 04 · experience

~/experience/dataannotation.tech

AI Training Contractor — Security & Cryptography Domain

DataAnnotation.tech · Jan 2026 → Present · Remote

Red team work on AI coding models. I probe models for security flaws and review the code they generate for vulnerabilities.

▸ Key areas of contribution

Reviewing AI-generated code for security vulnerabilities, cryptographic misuse, and authentication flaws
Identifying issues such as injection vectors, broken crypto implementations, and authorization bypass patterns
Crafting engineering prompts intended to probe the boundaries of model reasoning
Authoring production-quality reference solutions that serve as training signal for subsequent model generations

§ 05 · certifications

[EARNED]

[IN PROGRESS]

§ 06 · education

~/education/wgu.edu

B.S. Cybersecurity and Information Assurance

Western Governors University · Jan 2026 → May 2028 · Remote

In-depth, competency-based program covering core information technology and cybersecurity disciplines, including networking, operating systems, scripting, cloud and network security, digital forensics, risk management, cryptography, and security operations.

PROGRAM TIMELINE — complete

Jan 2026May 2028

CORE COMPETENCY AREAS

01NetworkingTCP/IP · routing · wireless

02Operating SystemsLinux · Windows internals

03ScriptingPython · bash · automation

04Cloud Securityarchitecture · identity

05Network Securityfirewalls · segmentation

06Digital Forensicsevidence · IR

07Risk ManagementGRC · frameworks

08CryptographyPKI · protocols

09Security OperationsSIEM · detection