Open source software security

About

28 April 2017

I work in information security, currently as a defender (blue team), helping to secure health care organizations. Most of my work involves trying to apply programming and software development principles to security challenges so you'll see a sample of my work on GitHub. I also do a lot of training and presentations, including stuff like developing Capture the Flag (CTF) exercises.

I started my career in information technology at the tail end of the dot com boom after completing my Masters Degree in History. I worked for several years at a small shop in Washington DC doing consulting and subcontracting work mainly for US government agencies and NGO's. Much of that work involved information security and it was at that time that I began contributing to Hack in the Box and pursuing information security as a career. I was also working in application development, specifically web application development, and I started a few open source projects then. Unfortunately the company fell on hard times and myself and a few colleagues went on to form our own web application development company.

After coming to Philadelphia I started work as an application developer with the University of Pennsylvania in the School of Arts and Sciences (SAS). During that time I worked on several incident responses and was heavily involved in the University wide Security and Privacy Impact Assesment. For my participation I was awarded the University's Models of Excellence award. I was tapped to work as the senior information security speciailist when SAS formed an information security group.

I have presented at a number of local and national information security conferences including delivering a keynote at SecureWorld Philadelphia 2010. I am an EC-Council Certified Ethical Hacker (C|EH) and an Information Assurance Certification Review Board (IACRB) certified Penetration Tester (CPT) and Certified Expert Penetration Tester (CEPT). I am finishing my Master's in Computers and Information Technology degree at the University of Pennsylvania's School of Engineering and Applied Sciences. My coursework has included computer and network security, mathematics covering cryptography and theory of computation, software engineering, and computer architecture including assembly level programming.

I am an active participant in open source security including code review and vulnerability assessment. I was credited with finding vulnerabilities in a few high profile web sites. My work involves security research and expanding security services to better assist users to safely utilize computing and the internet.

After my son Tristan died I decided to work in health care as a way to give back to all the wonderful people who helped me through that awful experience.