Jiva — Founder, Jiva Security

Jiva — Founder & Principal Security Consultant

Offensive Security Researcher & Consultant

Jiva is an offensive security researcher and consultant with deep expertise across web application security, hardware and embedded systems, and vulnerability research. Jiva Security was built on the principle that the best security assessments come from people who think like attackers — and who have the technical depth to find what automated tools miss.

Every engagement at Jiva Security is performed personally. There are no subcontractors, no junior analysts delivering your report. When you engage Jiva Security, you are working directly with a senior practitioner who has hands-on experience across the full offensive security stack.

With nearly two decades of experience in offensive security, Jiva's background spans the full depth of the field — from vulnerability research at Tripwire's Vulnerability and Exposure Research Team (VERT) and four years as a Senior Penetration Tester at Mailchimp, to lead product security consulting at Praetorian and, most recently, Senior Offensive Security Engineer at SiriusXM, where the focus spans red team operations, AI/LLM and agent security, hardware hacking, and embedded systems security. Jiva holds a Master of Computer Science from the University of Georgia (GPA: 4.0), with thesis research focused on addressing the shortcomings of black-box web vulnerability scanners.

Those offensive instincts were forged in part through nearly two decades of Capture the Flag competition — one of the most demanding proving grounds in the field. As a member of team disekt, Jiva earned top finishes at Defcon Quals, Codegate Finals (competing on-site in Seoul), Ghost in the Shellcode, and dozens of other international events, and organized and hosted the OpenCTF competition at DEFCON 30, building a custom scoreboard platform and original challenges from scratch.

Jiva's research has focused on vulnerability discovery across embedded devices, hardware security, and web and API security. This research-driven background informs every consulting engagement — assessments are grounded in real-world attacker techniques, not checklists.

Areas of Expertise

Penetration Testing Red Team Operations Vulnerability Research Hardware Security Firmware Analysis Embedded Systems IoT Security Web Application Security API Security Cloud Security AI / LLM Security LLM Application Testing Prompt Injection AI Agent Security Exploit Development Reverse Engineering Protocol Analysis Source Code Review
Work With Jiva View Research

Nearly two decades in the field

Anthropic SiriusXM Atomic Financial Praetorian Intuit Mailchimp Tripwire Coalfire Dell SecureWorks University of Georgia

How Jiva Security Works

01 — Depth

Depth Over Scale

Jiva Security takes on a limited number of engagements to ensure every assessment receives the full attention it deserves. You get senior expertise, not a commoditized service.

02 — Direct

No Middlemen

Every engagement is scoped, executed, and delivered directly by Jiva. You always know exactly who is doing the work.

03 — Research-Driven

Attacker Mindset

Assessments are grounded in active vulnerability research and real-world exploitation techniques — not templated outputs from automated scanners. Engagements are supported by custom tooling, including AI-assisted analysis, built to extend that manual work rather than replace it.