HUY VO
Information Security Engineer | MSc, CISSP
MY CV
Achievements and Experience
Independent Security Researcher
Jan 2025 - Present
I research and analyze security vulnerabilities in open-source and proprietary software, identifying weaknesses through static and dynamic analysis techniques. To date, I have discovered five zero-day vulnerabilities, with three publicly assigned CVEs (CVE-2025-25747, CVE-2025-25748, and CVE-2025-25749), while two additional CVEs remain undisclosed as vendors work on fixes. I review vulnerability disclosures to understand exploitation methods, document Indicators of Compromise (IoCs) to detect potential attacks, and report security vulnerabilities to vendors and responsible disclosure programs to facilitate timely remediation. Additionally, I develop proof-of-concept (PoC) exploits to validate security risks, collaborate with vendors to enhance patch effectiveness, and test security patches to ensure vulnerabilities are properly mitigated. As part of my independent research, I also participate in bug bounty programs, identifying critical security flaws in web applications, APIs, and cloud environments.
Graduate Teaching Assistant
Jan 2025 - Present
For the Spring 2025 semester, I serve as a teaching assistant at Boston University for four graduate courses: CS 625 (Data Communication & Networking), CS 690 (Network Security), CS 693 (Digital Forensics), and CS 695 (Cybersecurity). I lead and coordinate weekly office hours to help students deepen their understanding of networking and security concepts, assist with questions related to quizzes, lab assignments, and homework, and provide detailed grading and feedback on coursework to support student learning.
Sr. Security Engineer
Jul 2023 - Jan 2025
As a Senior Security Engineer and Technical Lead at UniFirst Corporation (Jul 2023 – Jan 2025), I led the corporation’s vulnerability management program, driving improvements in security posture and incident response. I managed and optimized CrowdStrike Falcon (EDR) to detect, investigate, and mitigate endpoint threats, enhancing overall threat response efficiency. Additionally, I configured and analyzed Nessus scans, prioritizing critical security findings and coordinating remediation efforts to strengthen enterprise security. Leveraging Splunk ES, I fine-tuned threat detection, correlation, and alerting mechanisms, improving visibility into security incidents across the organization. I contributed to the implementation of security controls, provided consultation on IT infrastructure security configurations, and developed SOAR-based automation scripts to streamline incident handling. Furthermore, I maintained and improved the security incident response plan, ensuring effective threat mitigation and response consistency across the enterprise.
Infomation Security Engineer II
Dec 2019 - July 2023
As an Information Security Engineer II at Mass General Brigham (Dec 2019 – Jul 2023), I played a key role in cloud security, vulnerability management, and incident response. I led the design and development of an AWS log management architecture, enabling the generation of actionable security alerts in Splunk. I conducted vulnerability assessments and monitored enterprise endpoints using Tenable/Nessus, ensuring proactive risk mitigation. Supporting application security, I facilitated scanning and remediation of critical web application vulnerabilities through Veracode. I spearheaded a Proof of Concept (PoC) for Tenable.cs, leveraging automated agentless scanning to enhance cloud security posture and risk prioritization. Additionally, I optimized security alert rules by managing Microsoft Defender, AWS Security Hub, and GCP Security Command Center. I led a PoC for Palo Alto Prisma Cloud, evaluating its effectiveness in threat detection and remediation. Strengthening organizational security policies, I developed cloud incident response playbooks for Azure and AWS, acted as the primary security lead for O365, and maintained enterprise IAM guidelines. I also conducted cybersecurity risk assessments, aligning with CIS18, NIST, and PCI frameworks, and played a critical role in defining AWS Control Tower SOW, Service Control Policies (SCPs), and AWS Config rules, improving centralized security logging with Splunk.
Graduate Research Assistant
Aug 2019 - Dec 2019
As a Graduate Research Assistant at Boston University (Aug 2019 – Dec 2019), I worked under Professor Scott Arena (former Lead Scientist at Verizon Laboratory) on cloud computing projects. I developed new lab assignments and lectures focusing on Amazon Web Services—including S3, VPC, EC2, IAM, CloudWatch, CloudTrail, and Route 53—to enhance student learning and support cutting-edge research in cloud technologies.