Hi there! I’m Steven and I founded Shogun Lab to separate my work on penetration testing from my previous work in game development. I’ve been interested in computer and network security for a long time, the idea of earning a living by hacking in a legal way just seemed like it wasn’t possible. Now, with the advent of bug bounty programs and more companies being open to hiring people to formally test the security of their websites, I decided to fully devote my efforts to pursuing a career in this exciting field.

I conduct penetration tests on websites who are under the scope of bug bounty programs (such as HackerOne) and perform vulnerability assessments on applications. I follow the OWASP Testing Guide v4 to conduct these tests and try hard to clearly explain my findings to companies/government agencies I report to. Good communication to me is one of the most important functions I can perform as a penetration tester and I’m hoping to improve my writing by regularly posting blog updates on this site.

As someone who is new to the computer security industry, I have a ton of things to learn. I recently attended a Capture the Flag talk at Shopify and hearing some hackers from the industry explain various techniques/topics was humbling (turns out I don’t know all that much!). At the same time, I am eager to learn as much as I can and talk with other computer security folks to see what I can do better. Through Shogun Lab, I aim to give back to the community by helping others who are interested know more about security topics and sharing any tools I develop that make my life as a pentester easier.

Shopify CTF Presentation

CTF presentation at Shopify with OWASP Montreal, Olivier Bilodeau and Mr.Un1k0d3r

P.S: Maybe you were wondering, what’s with the name “Shogun Lab”? Well, I am quite fond of Japanese culture and recently learned about how samurai would be hired by the wealthy elites in the Edo period of Japan for protection. I thought this is somewhat analogous to how hackers are being hired by businesses to protect their assets (plus, it gave me an excuse to use kanji and katakana in the title).