Summary
Zichao Yang is a security engineer with eight years of hands-on experience in penetration testing, secure SDLC, and threat modeling, currently driving security at JD.com from Baltimore. Comfortable across the OWASP Top 10 and diverse information-gathering techniques, he writes Python tooling to automate testing, process raw data, and adapt public exploits into repeatable assessments. His background combines academic rigor—as a Ph.D. candidate at the Institute of Software, Chinese Academy of Sciences and an MS in Security Informatics from Johns Hopkins—with practical incident response and client-facing reporting experience. At JD.com he leads end-to-end security projects, mentorship, and metrics-driven programs that shift developer behavior toward higher security standards. Notably, he pairs early career data-analytics experience with machine-learning feature engineering skills to bring a data-oriented approach to vulnerability measurement and tooling.
8 years of coding experience
1 year of employment as a software developer
Master's degree, Security Informatics, Master's degree, Security Informatics at Johns Hopkins Whiting School of Engineering
Bachelor's degree, Computer Science, Bachelor's degree, Computer Science at University of Colorado Boulder