For the last couple of years as an independent security consultant, I’ve done quite a bit of writing. I’ve created many secure development courses for Synopsys on topics such as NodeJS, Angular, MongoDB, C/C++, ’ve written articles for other companies through my work with Hit Subscribe, and I’ve delivered bespoke training for clients around the country. However, throughout all of this, I’ve written very little for myself. I put this site up almost a year ago intending to get my own blog off the ground, but for a variety of reasons I just never got it going.
So Why Now?
While I’ve been happily trudging along the past couple of years without much else than my resume and a few great recommendations, I’m finding myself in the situation where it would be helpful to establish my online identity and to write about the subjects that I often help my peers and clients with.
After finishing up few larger projects earlier this Spring and having a month or so off, I’ve decided it’s time to focus on my own online identity as well as to try and help those getting started with application security.
Before diving into what I hope to accomplish with this site, let me introduce myself, who I am, and my professional experience.
I started programming very young. I taught myself Atari Basic on an Atari 400 when I was about eight years old. I continued on eventually learning Visual Basic, C, Visual C++ and then onto Java in college. I’ve also picked up a lot of other languages and technology stacks over the years.
For a few years before starting college I worked as a contract developer putting together websites and applications for small businesses. When I started my computer science degree I managed to get a full time quality assurance job for the Summer and then onto their software development team during the school year. After graduating college, I went into the financial industry where I worked on a number of Java projects. I left the financial industry as a developer years later and went to work with a long time friend in a DevSecOps type of role.
A Passion For Security
Throughout all of my life I’ve always been interested in hacking and computer security. My first taste of the culture back then was attending 2600 meetings out in Minneapolis. My passion for security continued throughout the years and eventually I made my way to DEF CON back in 2009 with friends from college.
On returning from DEF CON, I started to get the Portland, Maine DEF CON chapter up and running. However, I held off from working in the security industry full-time. Every time I’d get a job offer it wasn’t for a consulting role. They wanted me to work on their respective products and it wasn’t something I was interested in. I eventually found a role that was a good fit and transitioned to my first full-time security consulting role on the application security team at GuidePoint Security. After a brief time at VSR (now part of NCC Group), I had a great opportunity that would allow me to focus on research and education as well as to travel the world with my girlfriend. I jumped on the opportunity and for the last couple of years, I’ve been happily independent.
What I Hope to Accomplish
My hope is that I can bring my experience in development, teaching, and consulting to turn this site into a useful resource whether you’re a student, bug bounty hunter, or an experienced software developer. I look at from the point of view of if I was just starting out today, what would I want for a resource?
It’s from thinking about that question that I’m developing a content plan that takes into account what I’m currently interested in writing, where I think I can improve on the articles out there, and what I think is missing. My plan is to offer well-written, up-to-date articles on writing secure code, attacking and defending web applications, mobile hacking, and other application security topics. What I won’t be focusing on is covering current information security news as there are plenty of others doing a great job with that.
I’d love to hear from you if you have questions, feedback, or would like a particular topic covered. Feel free to leave a comment here or use one of the methods on the Contact page to get ahold of me.
I know I personally prefer to get updates via email and if you do too, please subscribe to the mailing list.
Thank you for spending a few minutes of your time with me. I look forward to sharing my knowledge and experience and if I can help out just one person get started, then I consider this a success.