Mark LaCore
I'm a security engineer and full-stack developer with a long history of hardening Microsoft environments - and a knack for integrating everything else (Linux, cloud, custom services) cleanly into the Microsoft ecosystem. My credentials trace the arc of the work itself: Microsoft systems certifications (MCSE, MCSA, MCITP, RHCSA) going back more than 25 years, now anchored by a CISSP, across a career in enterprise IT and cloud security. I'd rather automate the toil than watch the team carry it. At Apple I build the security tooling, code-signing services, and automation that keep internal platforms locked down and self-running. Off the clock I do offensive cloud security - cloud-native CTF championships, container escapes, Kubernetes privilege escalation - and I build complete hardware-and-software systems end to end.
That's what I bring to a small team: someone who can own security as a function, build the platform and tooling around it, and move fast. I'm already fluent in AI-assisted development (Claude Code, Roo Code, Playwright MCP) and used to shipping solo.
Offensive & Cloud Security
I fully cleared the Wiz Cloud Security Championship, solving all 12 challenges. That effort anchors a broader body of offensive cloud-security work.
The AWS challenges covered cross-account S3 access via chained path traversal, SNS, and account-ID brute force; data-perimeter, SSRF, and pre-signed-URL abuse; and a CodeBuild webhook regex bypass that enabled poisoned-pipeline execution.
Beyond AWS, the work spanned several areas. Container escapes used PostgreSQL COPY FROM PROGRAM plus a sudo mount, and Kubernetes privilege escalation exploited CVE-2020-8562. Infrastructure-as-code and supply-chain attacks ranged from Terraform state-file poisoning to a trojanized pytest package with encrypted exfiltration. The reverse-engineering and cryptography challenges included garble-obfuscated Go malware with an AES-128-CBC C2 channel, CBC bit-flipping, AES-GCM nonce reuse, and ret2win binary exploitation.
Full writeups are at nerdymark.com/category/ctf. I finished 25th. Fittingly, some competitors, perhaps with help from those writeups, have since earned more points and passed me, putting me at 33rd at the time of writing.
Wiz Cloud Security Championship - all 12 challenges, May 2026 (click to enlarge)
Professional Experience
Senior Software Engineer - Apple Cupertino · 2017-PresentBuild and operate the security automation for my team and those who need consulting services - tooling, microservices, Active Directory, and SCCM environments - that handles onboarding and lifecycle management for both managed and general-population Windows fleets across internal security platforms, replacing manual provisioning with self-service pipelines. This spans a PKI-backed code-signing service for PE binaries and MSI files (Authenticode, HSM-backed keys), PowerShell telemetry enforcing minimum security baselines fleet-wide, and Python/ServiceNow automations that take manual ticket and work-order handling off the team's plate. I apply red-team methodology to find and close vulnerabilities before they ship, and use AI-assisted development to accelerate security audits and harden legacy code.
Senior Systems Administrator - Theranos Palo Alto · 2012-2016Managed Configuration Manager for patch management and compliance enforcement org-wide, built zero-touch provisioning task sequences, and automated onboarding/termination workflows with System Center Orchestrator.
Theranos was a health-technology company that claimed to revolutionize blood testing. It became one of Silicon Valley's most notorious fraud cases, inspiring the book Bad Blood, the HBO documentary The Inventor, and the Hulu series The Dropout.
Systems Engineer - ZAG Technical Services San Jose · 2007-2012Supported Windows client/server environments - SCCM, Exchange, Linux, Active Directory, Citrix - and built and maintained custom internal tooling.
A genuinely enjoyable experience with a talented team. ZAG has since been acquired by Harbor IT.
Senior Systems Administrator - Edge Group Las Vegas · 2005-2007Designed the entire network infrastructure (Active Directory, Exchange, BlackBerry) and provided comprehensive IT support for all users.
Edge Group was a real-estate and property development company building the W Las Vegas Hotel/Casino on the Harmon corridor of Las Vegas.
Windows & Helpdesk Administrator - Brocade San Jose · 2002-2005Provided IT support across the organization and ran McAfee ePolicy Orchestrator for endpoint security management, plus server rack-and-stack for IT infrastructure and user systems.
Brocade Communications Systems was a pioneer in Fibre Channel SAN switching, revolutionizing enterprise storage networking in the early 2000s. Later acquired by Broadcom in 2017.
Desktop Support Technician - Yahoo! Sunnyvale · 2000-2001Provided second-tier desktop support to local users and assisted in the org-wide deployment of Windows 2000.
At the turn of the millennium, Yahoo! was the gateway to the internet for hundreds of millions of people - the most-visited website in the world, a cultural force that defined how a generation discovered email, news, chat, and the web itself.
Technical Skills
- Security: CISSP; offensive security & red teaming; cloud security (AWS / Azure / Kubernetes); penetration testing (Metasploit, Nmap, Wireshark, Burp Suite); code signing, HSM, Authenticode
- Cloud & Infrastructure: AWS (DynamoDB, EC2, S3, Elastic Beanstalk), Azure, GCP, Docker, Kubernetes, VMware, Hyper-V, KVM, SCCM
- Programming & Automation: Python (Flask, OpenCV, hardware control), PowerShell, JavaScript/ES6, C++, Micro/CircuitPython, ServiceNow
- AI-Assisted Development: Claude Code, Roo Code, Playwright MCP; LLM integration; computer vision (OpenCV)
- Builder (hardware + software): end-to-end robotics, LED-matrix and embedded systems, 3D design/printing, FPV drones - complete systems shipped solo
Certifications
- CISSP - ISC2 Certified Information Systems Security Professional
- CC - ISC2 Certified in Cybersecurity
- MCSE - Microsoft Certified Systems Engineer
- MCSA - Microsoft Certified Solutions Associate
- MCITP - Microsoft Certified IT Professional
- RHCSA - RedHat Certified Systems Administrator
- RHCT - RedHat Certified Systems Technician
Looking for security-led engineering at a small, well-funded team - somewhere I can own the function and still ship. Downtown San Jose.