Software Security Ninja, Software Developer, Auburn Tiger.
I love writing code and helping developers to write better code. I also like to break things.
In 2011 I joined the HP ESP Federal sales team as a Solution Architect focused on the Fortify Portfolio. My primary tasks were gathering customer security goals, providing a solution architecture to meet these goals, and then keeping contact with the customer to make sure they are getting the full value of the solution. I spoke at many conferences and briefed high level executives on software security and the Fortify solution. Being part of the Federal group, I also was the main technical writer for many contract proposals and RFI/RFP responses. We exceeded our quota every year and I was awarded Solution Architect of the Quarter 3 times and Solution Architect of the Year once.
I started at Fortify Software in December of 2008 as a Software Security Consultant. I was an on-site resource at the US Air Force Application Software Assurance Center of Excellence (ASACoE). My role to serve as a software security expect and subject matter expert for the Fortify products. I worked with a blended team traveling around to different Air Force bases assessing applications for vulnerabilities. In 2010 I was promoted and moved to Washington DC. My new focus was helping customers design and implement a complete software security program. Using the OWASP Open Software Assurance Maturity Model (OpenSAMM) I helped customers assess their current level of security, develop a plan for increasing software security activities to align with the risk goals of the business, and then helping customers execute the plan. I was on site with many customers training developers on secure coding, implementing software security activities at the developer level, assessing applications, and reporting progress and metrics to the Chief Information Security Office.
2008 I was DevOps before DevOps was cool. As an on-site resource, I developed web applications written in .NET for the Network Control Center at Gunter Air Force Base. In addition to writing code, I was also responsible for the web and database servers and one Microsoft SharePoint server. Don't contact me about SharePoint, it is the spawn of Satan and there is no amount of money that would make me want to work with it again.
2006-2008 I joined Aerial Information Systems to build drones. We had a contract with Composite Engineering Inc. for flight testing the new Air Force BQM-167A subscale aerial target drone. I was primarily a field engineer participating in flight tests, analyzing data, and troubleshooting issues identified during testing. We also worked on other drones primarily using aerostat and airship configurations.
Fresh out of college I knew enough to be dangerous. At Applied Research Associates I initially worked on ground station software for a micro UAV platform called the Batcam. I then moved on site with our Air Force customer at Eglin Air Force Base, FL to write code. I worked on a program used to simulate weapons effectiveness. IE, if we want to bomb a hardened bunker what bomb works best and how many do we need? This software was used to plan the global Air Force weapon armament.
War Eagle! My main interests were wireless networking. My senior project was a wireless sensor package using Zigbee. While at Auburn I was a member of Order of Omega, Omicron Delta Kappa, and Phi Kappa Tau. I held many offices in Phi Kappa Tau, including President and Vice President. During my Senior Year I served on Phi Kappa Tau's National Council as an undergraduate member. I was also the Administrative Vice President for the Interfraternity Council.
The CISSP Certification is comprehensive security certification covering many elements of security, such as Risk Management, Network Security, Security Assessment, and Security Operations.
The CSSLP Certification is the most well known certification for software security professionals. The certification covers developing software security programs, risk management, architectural analysis, and secure coding.
The CEH certification focuses on penetration testing systems using the most common tools used by hackers. Probably the certification that is the most fun to study for =).
I play a pretty mean guitar too.
I have experience at all levels of engineering. I have been a developer writing and securing code. I have been on security teams performing code reviews. I have trained thousands of developers on writing secure code. I have worked with C-Level executives to create software security programs.
As a Solution Architect my role was primarily sales engineering. I worked with some of the best enterprise sales professionals to identify new opportunities, create solutions for customers, and track deals to closure. I worked on many $1M+ deals with a couple over $10M+.