PROFESSIONAL OVERVIEW

Information Security Professional with the ability to identify, communicate, and drive remediation of technical and business risk.

Founder, FuzzDB Project

FuzzDB is the largest open - content licensed attack and discovery pattern database of test cases for security fuzz testing

PROFESSIONAL EXPERIENCE

Gotham Digital Science Consulting Manager

• Successful SDLC/Security business process transformation effort for one of the largest hedge funds in the world Analyzed the technology and business risks in organizations acquired by clients, and created remediation plans
• and integration strategies taking into account business and security requirements
• Designed and managed competitive analysis of a security assessment tool product space for a leading security tool vendor
• Performed and managed numerous penetration testing, application assessment, and source code review engagements for C .NET and Java applications
• Developed and delivered custom secure development training course to a large electronic trading technology firm's software developers in several US cities and internationally, a Federally funded space research group located at a major research university, one of the largest public transportation agencies in the United States, and others.
• Won new and ongoing business for GDS in the Financial and Public Sector markets

QuietMove - Managing Partner

• Conceptualized and co-founded a boutique security services consultancy that served organizations including Fortune 500, in diverse public sector, banking, retail, and e-commerce spaces
• Created testing and reporting methodologies, marketing collateral, web and SEO strategy
• Performed a wide variety of web application assessments, source code review, incident response, developer security training, penetration testing, wireless security, physical intrusion tests, and compliance consulting
• Sales win rate of over 75, often competing against significantly larger organizations
• Built service channel partner relationships with VARs that brought QuietMove into Fortune 500 and other large accounts for assessment engagements
• PCI-DSS readiness consulting, code review, web application assessments penetration testing. QuietMove was PCI ASV certified for its first two years
• Deployed and maintained SugarCRM for sales management and metrics.

Accuvant - Sr. Security Consultant

• Served large clients in diverse sectors such as cellular networks, power utilities, banking, traveling over 50 .
• Performed network, web application, wireless, dialup penetration testing, physical intrusion testing, and PCI, SOX, NERC, HIPAA governance and compliance consulting
• Scoped engagements, wrote statements of work, and managed engagement teams of 2-4 consultants Created and taught web application assessment and developer training offerings to
• Spoke about web application security at national security conferences on behalf of Accuvant Participated in many pre-sales presentations and meetings, contributing to wins

Pegasus Solutions - Security Analyst / Acting Security Officer

• Responsible for operational security at the leading ASP for the Hotel and Travel industry
• Managed a team of two dedicated information security personnel, and an ad-hoc team composed of network administration, system administration, development, and operations personnel responsible for the their respective domains
• Key achievements: Introduced security to the Pegasus software development lifecycle, implemented a vulnerability management program, built a multi-sensor Snort IDS, maintained an audit-ready environment
• Acting CSO for one year, navigating them through their first year of compliance with Sarbanes-Oxley Section 404

IBM Global Services - Information Security Advisor

• Promoted to be IBM Managed Security Services Delivery's ISA responsible for the security of two Fortune-500 firms Internet-facing transaction presences hosted by IBM
• Maintained an audit ready environment
• Was successfully responsible for all IBM security delivery to these clients satisfaction

Sr. Information Security Consultant

• One of the founding members of IBM's Ethical Hacking Center of Competency, a national team of Subject Matter
• Experts
• Performed network, host, dialup, web application penetration testingand compliance consulting
• Technical lead during penetration testing engagements, engagements typically consisted of 2-5 consultants
• Served Fortune 500 clients in sectors such as Banking, Insurance, Electronics, Software, and Public Sector clients Performed technical interviews of potential new hires

confidential

IT Director and Lead Systems Engineer

• Created all policies, processes, procedures, managed IT organization of 8 developers and systems administrators Assisted in developing the business plan and raising startup capital
• Built server infrastructure using Windows and FreeBSD, including a scalable web email hosting farm and a live streaming broadcast studio

cofidential

Director, MIS and Senior Systems Engineer

• Conceptualized the transformation of Ebiz Enterprises, a white-box PC manufacturer, into The Linux Store, a leading Linux workstation and server manufacturer, leading to a 2.5 million investment by The Canopy Group
• The transformation garnered significant press coverage, causing the stock share price to increase over 10x Was responsible for all Information Technology
• Led R D for new computer products, ranging from the first sub- 500 desktop workstation ever marketed to Beowulf-class Linux supercomputers

Software Developer Consultant

• The following projects primarily utilized Visual Basic, Microsoft Transaction Server, and SQL Server in n-tier client/server architecture
• Lead developer of client/server change control management system for one of the largest grocery and restaurant food distributors through deployment to hundreds of desktops across the United States
• Developed industrial automation systems for a robotic car airbag inflator assembly line, interfacing with Allen-Bradley PLCs
• Developed remote reporting solution for traveling quality inspectors for a large national franchise brand
• Automated credit card embossing machines via RS-232 serial and implemented encryption to transmit data over public phone networks, prior to the ubiquity of leased lines and Internet, for a major credit card brand

SELECTED MEDIA REFERENCES

• USB devices make companies vulnerable to computer viruses, data theft
• Sub- 400 Linux Workstation
• http://news.cnet.com/The-Linux-Store-drops-PC-prices/2100-1001 3-226820.html
• Beowulf Cluster launch event at Linux Expo 1999

SELECTED SPEAKING ENGAGEMENTS

• ISSA/ISC2 Information Security Summit 2005, Independence, OH Talk Web Application Security ISSA/ISC2 SecureSD Conference, San Diego, CA Talk on Web Application Security
• Texas Regional Information Security Conference 2005, Austin, TX Talk on Web Application Security, Walking through Walls
• Ziff-Davis Security Management Virtual Tradeshow 2007 Panel Discussion, Creating Security Awareness and Education Programs
• ISSA Southwest Security Conference 2008, Phoenix, AZ Talk, Rethinking the Perimeter
• Third Annual Arizona Entrepreneurship Conference, 2008 Panel discussion on building new products
• Third Annual Arizona Entrepreneurship Conference, 2008 Talk on Web Application Security concepts for startups and entrepreneurs
• Gangplank Brown Bag Lunch Series, 2009, Phoenix, AZ Talk on Black Hat SEO Internet Marketing, Pay Per Click PPC and Cost Per Action Fraud
• Phoenix OWASP, 2009 Talk on what the cloud means to web security

SELECTED PAPERS AND OTHER CONTRIBUTIONS

• Founder, FuzzDB Project
• Project contributor, OWASP Fuzzing Code Database
• Cloud Security Alliance Cloud Security Guidance Document V2.1
• Contributing author to Domain 6, Portability and Interoperability
• Security Catalyst Blog previously, a contributing blogger