Image of Alexander Yeara

Hi! I'm Alexander Yeara, a software and application security engineer based in Oakville, Canada

About Me

I am a software developer and application security engineer at Microsoft who enjoys learning and tackling diverse challenges. This interest led me to explore software development as a means to provide robust, scalable, and accessible solutions across different domains. Additionally, I've become increasingly interested in security and have served as a security champion on multiple occasions. Currently, I'm a member of Microsoft's Whiteboard security team. In this role, I improve the application's security posture through threat modeling, security reviews, and risk mitigation. As a hobby, I dedicate my time to learning more about penetration testing and security engineering, while also acquiring technical certifications.

I earned an Honours Bachelor of Science degree with a focus on chemistry, computer science, and mathematics from the University of Toronto. As a student, I engaged in various activities such as cancer research as a medicinal chemist, managed the campus chess club as president, and assisted in teaching three different computer science courses.

I'm an avid online bullet chess player (2000 - 2200 rating) on Lichess, Chess.com, and Chess24 websites. I also enjoy reading, playing video games, board games, ping-pong, writing poetry, and playing basketball.

ChessVideo GamesPing Pong

Experience

  • Software Engineer

    Microsoft, August 2021 to PresentProduct: Microsoft Whiteboard
    • Engaged with stakeholders to implement core features for Surface Hub and Teams Rooms devices; utilized React, TypeScript, and C#
    • Improved security posture by developing STRIDE threat models, performing security reviews, and mitigating vulnerabilities; Conducted a presentation to approximately 40 colleagues, receiving excellent reviews
    • Implemented bug fixes, hotfixes, and unit tests for user interfaces and API service functionalities
    • As an on-call engineer, engaged with clients and other teams to investigate and mitigate high-priority incidents
    • Improved incident response by creating troubleshooting guides for critical failures and implementing telemetry dashboards for monitoring

  • Front-End Software Engineer

    AudienceView, Nov 2019 to August 2021Product: AudienceView Unlimited
    • Developed event management UI using JavaScript and Bootstrap to aid ticket sales across 1000+ venues per year
    • Co-led feature developments for WCAG web accessibility guidelines, increasing user accessibility by 40%
    • Created factory patterns for tables and modal windows that provide responsive, accessible and cross-browser capabilities; increased productivity by approximately 20%
    • Led application security improvements by developing scalable solutions against OWASP Top 10 vulnerabilities, optimizing ZAP scans, and improving secure coding standards; mitigated roughly 60% of known security risks

  • Undergraduate Teaching Assistant

    University of Toronto, January 2019 to January 2020
    • Taught Introduction to Programming (CSC108), Introduction to Computer Science (CSC148), and Theory of Computation (CSC236) to approximately 40 students in tutorial sessions
    • Produced questions used in tutorial sessions, assignments, and examinations
    • Helped students succeed in their courses by teaching learning techniques and problem-solving strategies

  • Full-Stack Software Developer

    StrataPrime, May 2018 to August 2018Product: Availability Tracker
    • Solely developed a web application using Google Apps Script that allows managers to keep track and be in control of employee availability within the G Suite environment
    • Designed Cloud SQL database, user interfaces, and general operations

  • Undergraduate Research Chemist

    University of Toronto, May 2016 to October 2016

    • As a Research Opportunity Program student, I worked with a supervisor to design and synthesize a library of derivative molecules with desirable biological efficacy against ROS1-fusion related disease

Projects

React Speed

  • Solely developing an online multiplayer card game with authentication, matchmaking and real-time gameplay
  • Features: game settings, quickplay, player lobby, user profile, leaderboard, registration, and password change/reset
  • Utilized: React, MongoDB, Node.js, Express, and Socket.IO
First slide, speed card game card movement
Second slide, speed card game
Third slide, speed card game player search
Fourth slide, speed card game registration form
PreviousNext

CS50 Clack

  • Designed and developed a lightweight single-page messaging website. This was done as a practice assignment for Harvard’s CS50 course
  • Incorporated client-based non-persistent storage for usernames and server-side non-persistent storage for channels and messages
  • Utilized: Python, JavaScript, HTML, CSS, AJAX, Socket.io, Flask, History API, LocalStorage API
CS50 Clack

Graphics Editor

  • Designed and developed a graphics editor desktop program as a scrum master and developer with a team of students
  • Incorporated the Observer, Factory, Command, and Strategy design patterns for the creation and manipulation of different shapes
  • Utilized: Java, Swing, Model-View-Controller (MVC), Agile/Waterfall methodologies, Version-Control Software (i.e. Git), design patterns and object-oriented programming
Graphics Editor

Shooter Game

  • Contributed to the development of a multiplayer browser game by designing architecture, implementing gameplay physics and general user interface
  • Used object-oriented programming and a state design pattern for the transition of game flows
  • Utilized: JavaScript, HTML, CSS, Golang, SQL
Shooter Game

Warehouse Game

  • Developed a singleplayer game with Python as one of my first school assignments. The purpose is to kill all the monsters in the game by surrounding them with boxes
  • Used object-oriented programming for players, monsters and boxes
  • Utilized: Python
Warehouse Game

Jug Puzzle Game

  • Developed a singleplayer jug puzzle game using object-oriented programming and Model-View-Controller (MVC) as a second-year student
  • Utilized: Java, Swing
Jug Puzzle

This Site!

  • Developed a small portfolio website to showcase projects and interests.
  • Utilized: React
Personal Site

Certifications

Certified Bug Bounty Hunter (Hack The Box)

Digital credential
  • "HTB CBBH holders possess technical competency in the bug bounty hunting and web penetration testing domains at an intermediate level. They will be able to spot security issues and identify avenues of exploitation that may not be immediately apparent from searching for CVEs or known exploit PoCs. They can also think outside the box, chain multiple vulnerabilities to showcase maximum impact, and actionably help developers remediate vulnerabilities through commercial-grade bug reports."
Certified bug bounty hunter certification

Burp Suite Certified Practitioner (PortSwigger)

Digital credential

"This certification, created by PortSwigger's Web Security Academy, demonstrates that I have the ability to:

  • Detect and prove the full business impact of a wide range of common web vulnerabilities.
  • Adapt attack methods to bypass broken defences, using knowledge of fundamental web technologies.
  • Quickly identify weak points within an attack surface, and perform out-of-band attacks to attack them."
Burp Suite Certified Practitioner certification

Skills

Java
Comfortable
Python
Comfortable
JavaScript (ES6)
Comfortable
SQL
Comfortable
HTML
Comfortable
CSS
Comfortable
ASP Classic
Comfortable
Sass
Comfortable
MongoDB
Comfortable
React
Comfortable
Jest
Comfortable
C#
Comfortable
Bootstrap
Comfortable
jQuery
Comfortable
Git
Comfortable
Node.js
Comfortable
Bash
Comfortable
C
Some exposure

Contact

alexanderyeara2@gmail.com

Feel free to also send a connection request on LinkedIn!

Back to top