Open source software security

About Me

30 November -0001

I started my career in information technology at the tail end of the dot com boom after completing my Masters Degree in History. I worked for several years at a small shop in Washington DC doing consulting and subcontracting work mainly for US government agencies and NGO's. Much of that work involved information security and it was at that time that I began contributing to Hack in the Box and pursuing information security as a career. I was also working in application development, specifically web application development, and I started a few open source projects then. Unfortunately the company fell on hard times and myself and a few colleagues went on to form our own web application development company.

After coming to Philadelphia I started work as an application developer with the University of Pennsylvania in the School of Arts and Sciences (SAS). During that time I worked on several incident responses and was heavily involved in the University wide Security and Privacy Impact Assesment. For my participation I was awarded the University's Models of Excellence award. I was tapped to work as the senior information security speciailist when SAS formed an information security group.

I am a member of the Open Web Application Security Project (OWASP) and active in my local chapter. I am a member of the Internet 2 Higher Education Information Security Council. I have presented at a number of local and national information security conferences including delivering a keynote at SecureWorld Philadelphia 2010. I am an EC-Council Certified Ethical Hacker (C|EH) and an Information Assurance Certification Review Board (IACRB) certified Penetration Tester (CPT) and Certified Expert Penetration Tester (CEPT). I am finishing my Master's in Computers and Information Technology degree at the University of Pennsylvania's School of Engineering and Applied Sciences. My coursework has included computer and network security, mathematics covering cryptography and theory of computation, software engineering, and computer architecture including assembly level programming.

I am an active participant in open source security including code review and vulnerability assessment. I was credited with finding vulnerabilities in a few high profile web sites. My work involves security research and expanding security services to better assist users to safely utilize computing and the internet.