Since I feel like Mastodon is the best place to toot my own horn (HA) and my professional life is one of the few parts of 2019 I actually liked, I'm gonna post my research from the last year that's been made public in some way:
Here's a blog post about a Linux kernel race condition that I wrote because unnamed infosec blogs had our customers freaking out about a non-issue:
Here's my analysis of a Windows DHCP Server vuln, though I don't personally agree with the "analysis of it's exploitability" title. It'd be tough as nails to exploit (probably) but we don't spend extensive time on that sort of thing:
Here's an abridged version of one of our vulnerability reports for quite possibly one of the silliest vulns I worked on this year, the IOS XE REST API auth bypass:
Finally, I found my first 2 CVEs this year, an HTTP/2 DoS in Tomcat: https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20
And an unauthenticated potential RCE in Windows Deployment Services: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0603
A Mastodon instance for info/cyber security-minded people.