---
date: 2013-01-01T21:40:56-05:00
draft: false
title: "Who is this guy?"
url: "/about/"
comments: false
type: about
---

I am Parsia, I try to do security most days.

**2024-Present**: Senior Offensive Security Engineer at Microsoft. Ignore my
title, I am an application security engineer :).

**2022-2024**: Sabbatical. Dev contract work for a static analysis tool that
automatically generates an OpenAPI spec from the backend source code. Some
security research, mainly static analysis and Rust. See
[Personal Semgrep Server in Rust][sem-server],
[semgrep-rs: Rust crate to interact with Semgrep][semgrep-rs], and
[some tree-sitter stuff][tree-sitter].

[sem-server]: https://github.com/parsiya/personal-semgrep-server
[semgrep-rs]: https://github.com/parsiya/semgrep-rs
[tree-sitter]: https://parsiya.net/categories/tree-sitter/

**2019-2022**: Senior Security Engineer at [Electronic Arts][ea-security]. I
worked on many internal and external product (mostly videogames) and services.
Check my [Moby Games][moby] page for public game credits and a 
[realistic video of me hacking videogames at work][game-testers-youtube].

[ea-security]: https://www.ea.com/security
[game-testers-youtube]: https://www.youtube.com/watch?v=BRWvfMLl4ho
[moby]: https://www.mobygames.com/person/1119364/parsia-hakimian/credits/

**2013-2019**: Associate Consultant to Senior Security Consultant at
[Synopsys Software Integrity Group][sig-website] via the 2016 Cigital acquisition.

[sig-website]: https://www.synopsys.com/software-integrity.html

### Major Presentations

* [DEF CON 26 (2018) Main Track: Tineola Taking a Bite Out of Enterprise Blockchain][tineola]
    * https://www.youtube.com/watch?v=xKYIde5jh_8
* [DEF CON 28 (2020) Appsec Village: localghost: Escaping Browser Sandbox Without 0-Days][localghost]
    * https://www.youtube.com/watch?v=Cgl51ZcACLg&t=90
* [DEF CON 33 (2025) Creator Stages: The Power(Point) Glove][glove]
* [DEF CON 33 (2025) Bug Bounty Village: The Year of the Bounty Desktop: Bugs from Binaries][bb]

[tineola]: https://github.com/parsiya/Presentations?tab=readme-ov-file#tineola-taking-a-bite-out-of-enterprise-blockchain
[localghost]: https://github.com/parsiya/Presentations?tab=readme-ov-file#localghost-escaping-browser-sandbox-without-0-days
[glove]: https://github.com/parsiya/Presentations?tab=readme-ov-file#the-powerpoint-glove
[bb]: https://github.com/parsiya/Presentations?tab=readme-ov-file#the-year-of-the-bounty-desktop-bugs-from-binaries

### Who is Hackerman?
*Hackerman* is a character from the movie [Kung Fury][kungfury-youtube]. He is
the greatest hacker of all time. He also hacks with a Nintendo Power Glove like
me. [His cheesy hacking tutorial][hackerman-hacking-tutorial].

[kungfury-youtube]: https://www.youtube.com/watch?v=bS5P_LAqiVg
[hackerman-hacking-tutorial]: https://www.youtube.com/watch?v=KEkrWRHCDQU

{{< blockquote author="Anonymous Electronic Arts Vancouver Employee" >}}
"I trust this man, he has a power glove."
{{< /blockquote >}}

I cannot hack people through time like Hackerman, but I use the Power Glove as a
presentation gimmick.

{{< imgcap title="I actually have a working Nintendo Power Glove." src="/images/power.jpg" >}}

### What is This Website?
It is my security research and notes. It doubles as my cheat sheet and knowledge
base along with [parsiya.io](https://parsiya.io). I look up pages or send links
to this website at least a few times every day. It's also part of "my brand" and
it's gotten me jobs. You don't wanna be the other guy from Wham!

### What does "Don't be The Other Guy from Wham!" Mean?
[Wham!][wham-link] was a popular UK music duo. Most people remember one of its
members, George Michael. No one remembers the other guy,
[Andrew Ridgeley][andrew-link]. Write a blog, don't be afraid to promote
yourself (if you have the time). It's worth it.

[wham-link]: https://en.wikipedia.org/wiki/Wham!
[andrew-link]: https://www.google.com/search?q=andrew+ridgeley

### LLM Usage
I don't use LLMs to generate text. What use is reading an LLM generated blog
when you can create one yourself? Might as well just share the prompt.

I do not use LLMs to rewrite my text. I like my writing style and I do not want
to sound like everyone else.

My LLM usage in this context is:

1. Catching spelling and punctuation mistakes.
2. Formatting text (e.g., convert this text into a numbered list).

### Tracking
I have no tracking in this website. It's static HTML by Hugo and only a couple
of lines of JavaScript. It's hosted on GitHub pages ([source][src]) so GitHub
might log traffic, but I have no visibility.

[src]: https://github.com/parsiya/parsiya.net