Jimmy Shah
About
Detail
Los Angeles, California, United States
Contact Jimmy regarding:
work
Full-time jobs
Flexible work
Résumé
Jobs
verified_user
0% verified
- SMentorSecurity B-Sides Las VegasMay 2025 - Aug 2025 (4 months)Mentored first time speaker: Matthew Brown Talk: "Detect and Respond? Cool Story — or Just Don’t Let the Bad Stuff Start."
- SMentorSecurity B-Sides Las VegasMay 2024 - Aug 2024 (4 months)Mentored first time speaker, Mario Leitao-Teixeira Talk: "CVSS v4 – A Better Version of an Imperfect Solution."
- cCybersecuirty ConsultantcybertechneMar 2024 - Current (2 years 3 months)Deliver threat assessments and security guidance to small businesses lacking dedicated security teams. Advise clients on realistic threats and cost-effective mitigations, translating technical risk into business context. Mentor junior analysts in malware analysis, reverse engineering, detection engineering, and cyber threat intelligence, with an emphasis on clear communication to non-technical audiences. Provide hands-on cybersecurity instruction grounded in real-world scenarios—from software analysis to product-aware defense strategies.
Malware Analyst, OCI Threat Intelligence CenterOracle CorporationApr 2022 - Nov 2023 (1 year 8 months)Malware Analysis & Detection Reverse Engineering Threat Intel R&D Acquired samples and gathered intelligence on new threats. Developed automation and tools for malware analysis. Used IDA Pro, Yara, Jeb Pro, JADx and custom tools.- DPrincipal Security Engineer, Engineering & TechnologyDarkMatter, Digital14Oct 2019 - Mar 2022 (2 years 6 months)Progressed from Lead Security Researcher in the Telecomm Lab (mobile/telecom threat research and penetration testing) to the Software Lab(reverse engineering, malware analysis, and penetration testing), then advanced to Principal Security Engineer in Engineering & Technology(network testing, penetration testing, and project planning/management). Directed reverse engineering and security testing of KATIM secure mobile phones and rack-mounted communication gateways across mobile, embedded, and network hardware. Coordinated a six-person unit during gateway testing, applying disciplined planning (Gantt charts, FTE allocation) to deliver results under tight constraints. Mentored junior analysts, codified reverse engineering tradecraft, and e
- SVolunteerSecurity B-Sides Las VegasAug 2018 - Sep 2018 (2 months)On Red Team for Pros vs. Joes CT
- CConsultant – Information Security – Mobile/Embedded SecurityCollabera, Inc.Jun 2018 - Sep 2018 (4 months)Penetration testing of iOS devices( e.g. iPhone, iPad) under Mobile Device Management/Mobile Threat Defense(MDM/MTD) systems for a Banking client. Testing with out-of date, jailbroken and currently updated devices. Traveled onsite to client office. Used IDA Pro and custom tools.
- VP-Infosec Specialist/Mobile Malware AnalystBank of AmericaNov 2015 - May 2018 (2 years 7 months)Initially on GIS-CERT team handling incidents specializing in malware analysis. On GIS products team assessing current posture on mobile threats, including state of controls and potential vulnerable areas. Subject Matter Expert(SME) on mobile threats, providing analysis and future looking advice on potential mobile threats. Worked hybrid remote(2-3 days a week). Used IDA Pro, Yara, and custom tools.
- Sr. Director of ResearchZimperiumApr 2015 - Oct 2015 (7 months)Specialized in analysis of mobile/embedded threats on existing platforms and potential mobile malware and spyware. Used IDA Pro and custom tools.
- AConsultant – Mobile SecurityAVG TechnologiesApr 2014 - Aug 2014 (5 months)Specialized in analysis of mobile/embedded threats on existing platforms and potential mobile malware and spyware. Developing proof of concepts(PoCs) for future research. Used IDA Pro and custom tools.
- SMentorSecurity B-Sides Las VegasJul 2012 - Aug 2012 (2 months)Mentored first time speaker: Michael Fornal Talk: "How I managed to break into the InfoSec World with only a tweet and an email."
- MAntivirus Researcher/Senior Mobile Security ResearcherMcAfee Mobile, McAfeeJun 2005 - Feb 2014 (8 years 9 months)Conducted multi-platform research of mobile malware (J2ME, Symbian, Windows Mobile, Blackberry, Android, iOS) to develop robust detection capabilities. Partnered with sales and product teams as a technical subject matter expert, joining customer briefings and executive presentations to demonstrate McAfee’s embeddable mobile detection engine and malware research. Delivered persuasive, technically grounded presentations that translated complex threat research into clear business value for prospective customers. Regularly presented at national and international conferences as well as online. Balanced dual responsibilities: deep technical research and customer-facing evangelism, ensuring alignment between product capabilities and customer n
- MConsultantMadison HealthcareJan 2003 - Jan 2005 (2 years 1 month)Managed outsourcing of web development project. Developed Macromedia Director-based multiple choice test engine. Adapted and integrated 3rd party ASP-based learning management system Adapted and integrated PHP based quiz/learning management system. Ran SEO program for company website. Established and maintained disaster recovery program. Used IDA Pro and custom tools.
- Antivirus ResearcherSymantecJan 2000 - Jan 2002 (2 years 1 month)Reverse engineered and analyzed malware on multiple platforms(DOS, Windows). Worked as an antivirus researcher for SARC(Symantec AntiVirus Research Center), creating detections and repairs for incoming threats. Analyzed malware(e.g. trojan horse programs, file infecting viruses, worms, boot sector viruses). Utilized system level(SoftICE) and user level debuggers. Produced online content regarding analysis of malware. Used IDA Pro and custom tools.
Education
verified_user
0% verified
- HComputer Science for Artificial IntelligenceHarvardX – Harvard UniversityAug 2024 - Feb 2025 (7 months)
- Computer Science for CybersecurityHarvard UniversityAug 2024 - Jan 2025 (6 months)
- Leadership and CommunicationHarvard UniversityAug 2024 - Jan 2025 (6 months)
- Secure Software Development FundamentalsThe Linux FoundationAug 2024 - Dec 2024 (5 months)
- BAI and Data Analytics for Business LeadersBabsonX – Babson College Artificial Intelligence(AI)Jul 2024 - Dec 2024 (6 months)
- Leading in a Remote EnvironmentHarvard UniversityJun 2024 - Dec 2024 (7 months)
Projects (professional or personal)
verified_user
0% verified
- MMcAfee MobileLocoJun 2013 - Aug 2013 (3 months)
- DDmpAxmlJun 2012 - Current (14 years)Utilities for analyzing Android malware, including * Infodex - Android DEX File Dumper * DmpAxml - AndroidManifest.xml File Dumper- binary XML to text * dexcksum - Android DEX File Checksum Verifier
- DDumpSIS - Symbian SIS File dumping utilityJul 2003 - Current (22 years 11 months)• Played key role in the analysis of the first Smartphone worm, Symbian/Cabir • Useful for analysis of potential malware without actual installation of files. • Provides information on: ◦ Header ( UIDs,Version, Number of Languages, Number of Files) ◦ File list ( Destination name by default, Source filename and file type) ◦ Extracts one file or range of files from SIS package.
Publications
verified_user
0% verified
- BBrick all the internet of things!: We want to make things more secure,Jan 2018
- TThere's No S(ecurity) in IoT:Jan 2017
- MMobile Malware Heuristics: The path from 'eh' to 'prettyJan 2013
- DDiscovering Dark Matter: Towards better Android Malware HeuristicsJan 2013
- IIsn't it all just SMS-sending trojans?: Real Advances in Android MalwareJan 2012
- MMobile Privacy Risks Fuel Future ThreatsNov 2011
- MMobile App Moolah: Profit Taking with Mobile MalwareJan 2011