Profile-Image

John Crynick
jcrynick@icloud.com

Application Security Engineer
Tyler Technologies

Total Site Visitors: 0

Education:

Bachelors, Computer Information Systems - Cybersecurity

Try out my Lambda:

Certifications:

  • CompTIA A+
  • Cisco CCNA
  • HTB BlackSky: Hailstorm (AWS)
  • HTB Certified Bug Bounty Hunter

    • CVEs:

  • CVE-2025-25925
  • CVE-2025-25927
  • CVE-2025-25928
  • CVE-2025-25929
  • CVE-2025-46052
  • CVE-2025-46053

    •  Work Experience:

      Rockwell Automation
      Senior Product Security Engineer - PSIRT | June 2025 - Current

      • Build the vulnerability response process for Rockwell Automation products observing ISO/IEC 29147 and 30111
      • Triage reported vulnerabilities from a variety of sources and coordinate response actions with partners including internal teams, government CERT teams, and external researchers
      • Work with product teams, development teams, product security team members, customer support, legal and external security researchers to ensure resolution of security vulnerabilities or reports.
      • Coordinate incidents, post-exploitation, and other reported security issues
      • Advise and partner with product teams on performing risk analysis, mitigation and remediations related to product security vulnerabilities
      • Contribute to risk reviews and risk analysis to identify systematic issues
      • Interact with customers on security questions related to Rockwell Automation products

      Tyler Technologies
      Application Security Engineer | April 2023 - June 2025

      • Test Tyler products for OWASP Top Ten vulnerabilities using both automated and manual testing
      • Provide knowledge and guidance to the application development teams about security vulnerabilities and applicable remediation paths
      • Execute project plans and maintain the scope, schedule, and each party’s responsibilities
      • Work with teammates to learn and regularly share skills
      • Participate in security team meetings that facilitate secure design and threat modeling

    • Synack Inc.
      Associate Security Analyst | February 2022 - April 2023

      • Triage vulnerabilities discovered by members of Synack Red Team
      • Validate PoC’s of OWASP Top 10 vulnerabilities including access control/privacy violations, IDORs, reflected/persistent/DOM XSS, limited/full Server-Side Request Forgery, CSRF, RCE, and SQLi
      • Validated patch verifications to ensure the client was secure
      • Daily usage of tools including but not limited to BurpSuite, Metasploit, SQLmap, and other tools to validate vulnerabilities and identify false positives
      • Continuously interface with researchers to answer questions and learn web application vulnerabilities

    • Synack Inc.
      Security Analyst Intern | September 2021 – February 2022

      • Validated “missions” (security-tasks) discovered by the Synack Red Team
      • Responsible for ensuring reports were proofread and in-scope
      • Worked with Security Analysts to establish a methodology for vulnerability triage

    • University of Akron
      Networking Technician (Co-Op) | June 2021 – August 2021

      • Improved hardening on LAN Devices
      • Integrated logging system with Active Directory
      • Analyzed network ports, cables, and LANs to solve connectivity issues
      • Helped manage network with over 20,000 students

    • Northern Technical Group
      Lifecycle Technician (On-call) | June 2020 – August 2021

      • Perform in the implementation of new and existing technology
      • Assisted in migration of user machines from one location to another
      • Ensured quality assurance of products before delivering to customers
      • Assisted team lead to manage and deploy lifecycle services

    Process of creating this website:

    1. Created a basic HTML page and uploaded this to an S3 bucket
    2. Created a CloudFront distribution to host the files within my S3 bucket
    3. Bought domain on GoDaddy
      • Used Route53 to create a hosted zone for the domain purchased on GoDaddy. From here went on to retrieve the address of nameservers.
      • Added the above nameservers into GoDaddy. When users go to johncrynick.com, they get forwarded to my AWS infrastructure (CloudFront)
      • After nameservers were updated in Route53, went on to use Amazon Certificate Manager (ACM) to setup https
    4. Created 2 DynamoDB tables for:
      • how many people visited the site
      • who visited the site
    5. Created Lambada functions written in Python that log information to the DB tables.
    6. Created 2 API's for:
      • counting visitors
      • logging visitors who visted the website
      -Rather than communication from my website to the DB, I made the 2 interact via an API.
      -Basically everytime a user would visit my website, the API is invoked - triggering the Lambada function and add adding the information to the respective DB table.
    7. Updated HTML to invoke these API's using JS
    8. Implmeneted CI/CD pipeline using Github to update my S3 bucket.