CV

Objective

Andrew Quijano is a current PhD candidate at NYU Tandon majoring in Computer Science. His dissertation research focuses on planting triggerable, verified vulnerabilities into existing program source code, This would be applicable to benchmarking software security tools ability to detect vulnerabilities and automatically creating cybersecurity challenges for education

Education

• Ph.D in Computer Science, New York University, 2026 (expected)
• M.S. in Computer Science, Columbia University, 2022
• M.S. in Cybersecurity, New York University, 2022
• B.S. in Computer Science, Columbia University, 2019
• B.A. in Mathematics, CUNY Queens College, 2019
• A.A.S in Computer Operations: Networking and Security, CUNY LaGuardia Community College, 2015

Work experience

Application Security Engineer
Amazon
New York, NY
Aug 2022 - May 2025

• Remediated 2 critical risks and 80 high risks of vulnerabilities detected during security reviews, such as outdated TLS, Log4Shell, Credential/PII Logging, and unauthorized use of HuggingFace AI models, impacting over 3,000 internal applications.
• Identified and remediating duplicate CloudTrail management event logging on applications requiring extended logging retention periods which would save Amazon $10,000 monthly
• Was a core contributor to the BRASR tool, an internal tool used for AWS security misconfiguration scanning, which is used to run multiple cloud scanners and provide a processed report that reports on likely false positives and crowdsourced threat mitigation information which is used within the AppSec organization.
• Identified and remediated five bugs in Nightwolf, Amazon’s cloud security misconfiguration scanner, including issues such as missing data encryption in-transit enforcement checks on SQS and false positives on outdated ELB TLS security policies.
• Revised internal security documentation on S3 and Lambda functions to confirm proper data handling.
• Graduate over 50 security certifiers after providing feedback on how to complete a thorough security review
• Lead an effort with the VM and Code Builder team to create an automated process to deprecate end of life packages
• Provide design and review consultations to application owners of the security impact of new features and integrations

Adjunct Professor
New York University
New York, NY
Jan 2023 - May 2024

• Delivered engaging webinars to a diverse cohort of 80+ students, fostering a deep understanding of application security principles and secure coding practices.
• Authored comprehensive, structured documentation and transition guides to ensure seamless onboarding and continuity for future instructors, enhancing the long-term sustainability of the course.
• Created Gradescope autograders for four Application Security assignments related to secure coding practices in C, Android, and Django applications, reducing grading work required by 80%.

Security Testing Analyst
JRI-America, subsidiary of Sumitomo Mitsui Financial Group (SMFG)
July 2019 - August 2022

• Automated escalation process for IT Security company policy violations using PowerShell (e.g., incomplete entitlement reviews, unused AD Groups, etc.), reducing policy violations by 80%.
• Systematized security processes using PowerShell (e.g., admin account management, CyberArk safe management, service account audits), saving the security engineering team 40 man-hours per quarter.
• Implemented automated vulnerability management metric generation to track and remediate vulnerabilities past SLA dates, providing senior management with visibility on company risk posture.
• Developed a password file remediation process in Python that incorporates automated escalation and remediation tracking, resulting in the removal of over 100 offending files in shared drives.
• Led the effort to remove TLS 1.0/1.1 from SMBC and group company applications.
• Managed a project to implement InsightAppSec, an application layer vulnerability scanner on externally facing websites, which led to the detection and remediation of two XSS vulnerabilities.

Research experience

• Summer 2024: Graduate Research Assistant, MIT Lincoln Laboratory, Lexington, MA.
  • Collaborated with MIT LL staff on threat modeling and cyber risk assessment for securing systems
  • Created, tested, and documented SysML plugin for MagicDraw to aid with cyber risk assessment methodologies
  • Work and findings over the summer led to a conference paper for INCOSE 2025 (submitted)
  • Supervisor: Kyle Denney
• Summer 2021: Graduate Research Assistant, MIT Lincoln Laboratory, Lexington, MA.
  • Upgraded zero-knowledge performance testbed by implementing horizontal scaling, bastion proxying, and integration tests
  • Written a qualitative analysis report on performers converting real-life problems into a novel zero-knowledge representation
  • Supervisor: David Wilson
• Summer 2018: Undergraduate Research Assistant, Columbia University, New York, NY.
  • Created an Android app that can passively collect AP, RSSI, and environmental data
  • Tested an indoor room-level localization system using machine learning techniques on collected data
  • Supervisor: Henning Schulzrinne
• Fall 2017: REU Research Assistant, CUNY Lehman College, Bronx, NY.
  • Worked collaboratively with a team to analyze phylogenetic tree structures
  • Performed studies on open questions in computational geometry with applications to biological statistics
  • Supervisor: Professor Katherine St. John and Professor Megan Owen
• Summer 2017: REU Research Assistant, Florida International University, Miami, FL
  • Coded in Java the homomorphic encryption algorithms: Paillier, DGK, and El-Gamal
  • Built a MySQL server that used homomorphic encryption and Wi-Fi signatures for indoor
  • Supervisor: Kemal Akkaya

Awards

• 2023 GEM Fellowship - PhD
• 2021 Columbia University Course Assistant Fellowship
• 2020 NYU Cyber Fellows Scholarship
• 2017 Robert M. Lilley Memorial Scholarship
• 2017 Louis Stokes Alliance for Minority Participation Scholarship

Certifications

• Dec 2019 - Dec 2023 GIAC Security Essentials Certification (GSEC)
• May 2021 - May 2025 GIAC Web Application Penetration Test (GWAPT)
• Feb 2022 - Feb 2026 GIAC Incident Handling (GCIH)
• Jul 2022 - Jun 2026 GIAC Penetration Tester (GPEN)

Skills

• Programming Languages
  • C/C++
  • Java
  • Bash
  • SQL
  • Python
  • CDK
  • Terraform
  • PowerShell
• Development Applications
  • Gradle
  • REST API Development
  • Docker
  • Git
  • GitHub Actions
  • Kubernetes
• Security Applications
  • Nexpose
  • InsightAppSec
  • QRadar
  • CyberArk
  • Varonis
  • IDA Pro
  • Burp Suite
• Soft Skills
  • Project Management
  • Technical Writing
  • Scientific Research
  • Process Automation

Publications

Reap the Rewards: Bridging Risk Assessment and Secure Application Development Practices

Quijano et al. "REAP the Rewards: Bridging Risk Assessment and Secure Application Development Practices" ACM Computer and Communication Security (2025)

Enhanced Outsourced and Secure Inference for Tall Sparse Decision Trees

Quijano, Andrew, et al. "Enhanced Outsourced and Secure Inference for Tall Sparse Decision Trees." 2024 IEEE International Performance, Computing, and Communications Conference (IPCCC). IEEE, 2024.

Privacy-Preserving Drone Navigation Through Homomorphic Encryption for Collision Avoidance

Luedeman, Allan, et al. "Privacy-Preserving Drone Navigation Through Homomorphic Encryption for Collision Avoidance." 2024 IEEE 49th Conference on Local Computer Networks (LCN). IEEE, 2024.

Out of Our Depth with Deep Fakes: How the Law Fails Victims of Deep Fake Nonconsensual Pornography

Kobriger, Kate, et al. "Out of our depth with deep fakes: How the law fails victims of deep fake nonconsensual pornography." Rich. JL & Tech. 28 (2021): 204.

Maximum Covering Subtrees for Phylogenetic Networks

Davidov, Nathan, et al. "Maximum covering subtrees for phylogenetic networks." IEEE/ACM Transactions on Computational Biology and Bioinformatics 18.6 (2020): 2823-2827.

Server-side Fingerprint-Based Indoor Localization Using Encrypted Sorting

Quijano, Andrew, and Kemal Akkaya. "Server-side fingerprint-based indoor localization using encrypted sorting." 2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems Workshops (MASSW). IEEE, 2019.

Teaching

Application Security - New York University

Columbia University - all course assistant experience

Talks

Reap the Rewards: Bridging Risk Assessment and Secure Application Development Practices

October 13, 2025

Conference at Taipei International Convention Center (TICC), Taipei, Taiwan

Enhanced Outsourced and Secure Inference for Tall Sparse Decision Trees

November 23, 2024

Conference at Hilton Orlando Buena Vista Palace, Orlando, FL, USA

Career Exploration Series - Cybersecurity

November 12, 2024

Talk at New York University, Virtual Panel, New York, NY, USA

Privacy-Preserving Drone Navigation Through Homomorphic Encryption for Collision Avoidance

October 10, 2024

Conference at Mercure Caen Centre Port de Plaisance Hotel, Caen, France

Columbia University Alumni Panel - Discussion on working in Tech

February 23, 2023

Talk at Columbia University, Faculty House, New York, NY, USA

Server-Side Fingerprint-Based Indoor Localization Using Encrypted Sorting

November 04, 2019

Conference at The Hilton Garden Inn Monterey, Monterey, CA, USA