WorkServices Track RecordParcours ResearchRecherche Blog AdvisoriesAvis ContactContact
/
Currently building FlowTriq En train de construire FlowTriq

I build, break,
and scale critical
systems.

Je construis, teste
et fais grandir les
systèmes critiques.

Cybersecurity and operations leader with 5+ years building, securing, and scaling production platforms. I work at the intersection of security, infrastructure, and execution. Most people only pick one.

Leader en cybersécurité et opérations avec plus de 5 ans d'expérience. Je travaille à l'intersection de la sécurité, l'infrastructure et l'exécution. La plupart des gens n'en choisissent qu'un.

Let's talkDiscutons See the workVoir le parcours
jacob@operator ~
$ whoami --verbose
role: Head of Operations
focus: Security + Infrastructure + Ops
cves: 6 discovered
shipped: 4 products, 1 acquired
certs: eCPPT, PenTest+, CySA+, ITIL
building: flowtriq.com
$
What I do Ce que je fais

Three things, done at a high level.

Trois disciplines, maîtrisées à haut niveau.

🛡

Break & Secure Systems

Tester et sécuriser

Offensive and defensive security. Penetration testing, vulnerability research, and infrastructure hardening. I've found CVEs in production systems and helped Fortune 500 companies patch before attackers found them.

Sécurité offensive et défensive. Tests de pénétration, recherche de vulnérabilités et renforcement d'infrastructure. J'ai découvert des CVE dans des systèmes en production.

Security Research · Pentesting · CVE Discovery

Build & Ship Products

Construire et livrer

From zero-to-one product builds to scaling existing platforms. I write code, design architecture, and lead teams through the messy middle of getting real products to market.

Du concept au produit fini. J'écris du code, conçois l'architecture et dirige les équipes pour mettre de vrais produits sur le marché.

Full-Stack · SaaS · Product Engineering

Operate & Scale Platforms

Opérer et faire grandir

Operations leadership, delivery management, and compliance. I've directed teams of 15+, managed SOC 2 audits, owned platform reliability at millions of requests/day, and made sure things ship.

Leadership opérationnel, gestion de livraison et conformité. J'ai dirigé des équipes de 15+, géré des audits SOC 2 et assuré la fiabilité de plateformes traitant des millions de requêtes par jour.

Head of Ops · SOC 2 · Delivery · Compliance
How I work Mon approche

Security-first. Execution-obsessed.

Sécurité d'abord. Obsession de l'exécution.

01

Understand the risk

Comprendre le risque

I start by mapping what actually matters. Not every system needs the same level of protection. I figure out where the real exposure is and what would actually hurt if it went wrong.

Je commence par identifier ce qui compte vraiment. Chaque système n'a pas besoin du même niveau de protection. Je détermine où se trouve l'exposition réelle.

02

Build the right thing

Construire la bonne chose

Architecture comes before code. I design systems that are secure by default, not bolted on after the fact. Security decisions get made at the design phase, not during the incident.

L'architecture passe avant le code. Je conçois des systèmes sécurisés par défaut. Les décisions de sécurité se prennent à la conception, pas pendant l'incident.

03

Ship with controls

Livrer avec des contrôles

Every delivery has guardrails. PR reviews, audit trails, compliance checks. I've built 5-layer approval flows and SOC 2 controls that don't slow teams down.

Chaque livraison a ses garde-fous. Revues de PR, pistes d'audit, contrôles de conformité. J'ai construit des flux d'approbation et des contrôles SOC 2 qui ne ralentissent pas les équipes.

04

Verify everything

Tout vérifier

Audit what you built. Pentest what you shipped. I run security audits across 60+ assets and don't sign off until the findings report is clean.

Auditer ce que vous avez construit. Tester ce que vous avez livré. Je lance des audits de sécurité sur plus de 60 actifs et ne signe pas avant que le rapport soit propre.

Tools and technologies I use daily

Outils et technologies que j'utilise au quotidien

AWS Azure Cloudflare Google Cloud DigitalOcean Linux Python PHP JavaScript Bash Docker Git / GitHub Burp Suite Nmap Metasploit Wireshark Nessus JIRA / Agile NIST / SOC 2 ITIL
Track Record Parcours

Not theory. Receipts.

Pas de théorie. Des preuves.

I don't talk about what I could do. Here's what I've actually done. The roles, the outcomes, and the things that shipped.

Je ne parle pas de ce que je pourrais faire. Voici ce que j'ai réellement accompli.

6 CVEs Discovered CVE découvertes
1 Product Acquired Produit acquis
11 Industry Certs Certifications
4+ Products Shipped Produits livrés
2025 - Present
Humera, Inc
Current

Head of Operations / Technical Project Manager

Running operations for a security startup building passive human-verification and anti-bot detection systems. Owning delivery, reliability, and compliance across distributed engineering teams.

  • Directed a team of 15 across technical execution of traffic scoring pipelines and abuse classification
  • Secured and managed $200K+ in cloud infrastructure partnerships across Google, AWS, Microsoft, DigitalOcean, and Cloudflare
  • Owned platform components processing millions of requests/day at 99.9% uptime and sub-100ms latency
  • Established SOC 2 Type II compliance across 76 controls with a 5-layer GitHub PR approval flow
  • Executed a company-wide security audit across 60+ assets including domains, servers, and API keys
2022 - Present
TrazTech
Founder

Founder

Built and scaled a bootstrapped consulting and hosting practice focused on cybersecurity, infrastructure, and software development.

  • Scaled cloud server hosting to $13,000 MRR in one quarter
  • Led project-specific teams of up to 10 across 20+ global client engagements
  • Advised clients on security strategy, vulnerability management, and infrastructure hardening
  • Built and launched AttackEngine, an anti-DDoS SaaS with real-time attack detection. Acquired within one year
2021 - 2025
Lorikeet Security

Technical Consultant / Lead AppSec Engineer / Full Stack Developer

Grew from intern to executive technical advisor across four years on a live cybersecurity training platform serving 5,000+ users.

  • Led application security across the full SDLC: vulnerability triage, remediation, and secure architecture
  • Identified and remediated 20+ vulnerabilities through static/dynamic analysis and pentesting
  • Designed and deployed intentionally vulnerable CTF environments including XXE, IDOR, and cryptography labs
  • Supported 3+ live CTF events as the technical safety net, scaling infrastructure for traffic spikes in real time
2021 - 2022
Rift Hosting

Technical Support Specialist

Resolved technical issues across Windows and Linux VPS environments covering networking, configuration, and performance.

2020 - 2021
Freelance

Freelance Software Developer

Delivered end-to-end full-stack development and security testing for clients as an independent contractor. This is where it all started.

  • Built full-stack web applications using Python, PHP, and JavaScript
  • Conducted penetration testing to identify and remediate client vulnerabilities
  • Managed projects end-to-end from scoping through delivery
Case Study
Étude de cas
From Zero to SOC 2 Type II at Humera
De zéro à SOC 2 Type II chez Humera
76 controls, 5-layer PR approval, 60+ asset audit. How I built compliance at a security startup.
76 contrôles, approbation PR en 5 couches, audit de 60+ actifs. Comment j'ai construit la conformité.
Security Research Recherche en sécurité

Vulnerabilities I've found in the wild.

Vulnérabilités que j'ai découvertes.

Real CVEs published under my name. Real systems secured before real attackers got there.

De vraies CVE publiées sous mon nom. De vrais systèmes sécurisés avant que les attaquants n'arrivent.

CVE-2024-45163 Remote unauthenticated DoS in Mirai botnet C&C infrastructure, enabling law enforcement to disable malicious hosts Critical
CVE-2024-44809 Remote code execution vulnerability in Raspberry Pi configuration service High
CVE-2024-44808 Privilege escalation via improper access control in embedded systems High
CVE-2024-48396 Information disclosure through insecure API endpoint configuration Medium
Roblox Vulnerability disclosed and patched through responsible disclosure program Medium
Fortune 500 Confidential vulnerability discovery, disclosed under NDA High
Full advisories → Avis complets →
Currently Building En construction

FlowTriq

My next project. Taking everything I've learned about security, infrastructure, and operations and building something new from the ground up. More details coming soon.

Mon prochain projet. J'applique tout ce que j'ai appris en sécurité, infrastructure et opérations pour construire quelque chose de nouveau. Plus de détails bientôt.

flowtriq.com →
What I'm bringing to it
Ce que j'y apporte
  • 5+ years of production security experience
  • 5+ ans d'expérience en sécurité de production
  • SOC 2 and compliance architecture from day one
  • Architecture SOC 2 et conformité dès le premier jour
  • Infrastructure that scaled to millions of req/day
  • Infrastructure ayant géré des millions de req/jour
  • Lessons from building and selling AttackEngine
  • Leçons de la construction et vente d'AttackEngine
  • Bootstrapped founder mentality
  • Mentalité de fondateur bootstrap
Things I've Built Ce que j'ai construit

Products that shipped. Not side projects.

Des produits livrés. Pas des projets secondaires.

Live

SwiftSolvency

SaaS communication engine for the insolvency and financial services industry. AI-powered personalization, multi-channel outreach, and full analytics.

SaaS AI Personalization Email & SMS Analytics
Acquired

AttackEngine

Anti-DDoS SaaS platform with real-time attack detection, traffic fingerprinting, and multi-channel alerting. Acquired within one year of launch.

Linux Systems Traffic Fingerprinting Real-time Detection Multi-channel Alerts
Completed

Remimic

AI content repurposing platform using deepfake technology. Full backend, database architecture, and infrastructure design.

AI / Deepfake Backend Database Design Infrastructure
Completed

Snapchat AI Chatbot

Automated chatbot management system. Multi-server orchestration with personality AI and remote management capabilities.

Automation Multi-Server Personality AI Remote Mgmt
From People I've Worked With De ceux avec qui j'ai travaillé

Don't take my word for it.

Ne me croyez pas sur parole.

It comes very easily for me to recommend Jacob. He exhibits natural leadership, professionalism, and technical skill. His ability to tackle problems both in and outside of his job title is truly impressive. On multiple occasions when a task or deadline seemed daunting, he provided clear actionable advice that made the issue trivial.

Gavin McIntosh
Lead Data Scientist, Humera Technologies

I've worked closely with Jacob at Humera and he's been great to have on the team. He keeps things moving and handles both the technical and operational sides without overcomplicating things. He's reliable, communicates clearly, and does a solid job.

Matthew Ransley
CTO, Humera Technologies

Jacob is without a doubt one of the most competent individuals I have worked with. His technical skills and management styles are extremely efficient. He is an ideal partner for anyone that has a vision, or simply wants to scale an existing system and keep it stable.

Luka Stankovic
Executive Consultant, Operations Specialist

Jacob still works under me on various projects. He is proficient in PHP, MySQL, CloudOps, and DevOps Pipelines. We have been able to rely on Jacob for emergency code pushes and he has saved us from potential data breaches on multiple occasions with his cybersecurity background.

Ryan Wilke
CEO & Founder, Lorikeet Security
Credentials Certifications

The paperwork that backs it up.

Les certifications qui le prouvent.

🔒
eCPPT
INE / eLearnSecurity
🔒
eWPT
INE / eLearnSecurity
🔒
eJPT
INE / eLearnSecurity
🛡
CompTIA PenTest+
CompTIA
🛡
CompTIA CySA+
CompTIA
🛡
CompTIA Security+
CompTIA
🛡
CompTIA Network+
CompTIA
💻
CompTIA A+
CompTIA
💻
ITIL 4 Foundation
PeopleCert / Axelos
Azure Fundamentals
Microsoft (AZ-900)
🌍
DELF B1 French
Ministère de l'Éducation nationale
🎓
B.S. Cybersecurity & IA
Western Governors University (2026)
🎓
B.S. Cybersecurity & Information Assurance
Western Governors University (2026)
🏆
WGU Excellence Award
Information Systems Security, March 2026
Get in touch Me contacter

Building something that
needs to be secure?

Vous construisez quelque chose
qui doit être sécurisé?

I work with founders, security teams, and early-stage companies on product, security, and operations. If you're building something that matters, let's talk.

Je travaille avec des fondateurs, des équipes de sécurité et des startups sur le produit, la sécurité et les opérations. Si vous construisez quelque chose d'important, parlons-en.

email [email protected] linkedin linkedin.com/in/jacob-masse writing medium.com/@jacobmasse

Current Availability

Disponibilité actuelle

Security Consulting Conseil en sécurité Open
Product Leadership Leadership produit Open
Advisory / Fractional Conseil / Fractionnel Open
Full-time Roles Postes à temps plein Selective

Based in Canada. Working globally.
Bilingual: English (native) · French (professional).

Basé au Canada. Travail à l'international.
Bilingue: anglais (natif) · français (professionnel).