Sep 2025 – Present · 6 mos · Remote

• Founded LeoTrace, a boutique security consultancy focused on penetration testing, secure code review, and developer training
• Building a community for security-minded professionals to collaborate on secure code review, appsec, pentesting, etc. (https://community.leo-trace.com/about-community)

Apr 2023 – Sep 2025 · 2 yrs 5 mos · Remote

• Promoted from Senior to Principal in April 2025
• Performed 50+ penetration tests, identifying 300+ vulnerabilities with 15% rated High or Critical (nearly double the industry average per HackerOne)
• Discovered at least one Critical in over one-third of engagements, and one High or Critical in nearly 60%
• Won Hack of the Month 20% of the time in a 15-person team
• Some of our largest customers asked for me by name to perform their pentests
• Conducted web, mobile, desktop, network, and container pentests, as well as cloud security audits
• Consistently exceeded performance expectations in annual reviews

Nov 2020 – Apr 2023 · 2 yrs 5 mos · Remote

• Promoted from Application Security Consultant to Senior in October 2022
• Led 1500+ consultations with a customer satisfaction score of 4.89/5 and helped fix 10k+ security flaws
• Won the Veracode Way award and joined the President's Club
• Provided hands-on, code-level remediation guidance throughout the whole SDLC for flaws identified by Veracode's products (mainly SAST, DAST, SCA)
• Analyzed competitor tools to identify false positives/negatives and improve Veracode's accuracy via feedback to Sales & Engineering
• Consistently exceeded performance expectations in annual reviews

Apr 2019 – Aug 2019 · 4 mos · Greater Munich Metropolitan Area

• Supported development teams and evaluated the security of internal web applications and networks.

Apr 2018 – Mar 2019 · 11 mos · Greater Munich Metropolitan Area

• Full-stack and DevOps developer (Node.js, Angular, Python)
• Automated deployments (reduced our main product's setup time from ~1 hour to a few minutes) and served as Security Champion for internal apps

Aug 2017 – Mar 2018 · 7 mos · Australia

• Backpacking through Australia and Southeast Asia.

May 2017 – Aug 2017 · 3 mos · Greater Brisbane Area

• Reimplementation of an event management app:
• Reduced the maximum number of clicks for navigation to 3 (was 8 on average before)
• Migrated a SOAP consumer from .NET to Node.js, and implemented a PoC in Ionic

Feb 2017 – Apr 2017 · 2 mos · Nuremberg, Bavaria, Germany

• Evaluated the security of an existing REST API and implemented essential HTTP security headers.

Sep 2012 – Feb 2017 · 4 yrs 5 mos · Nuremberg, Bavaria, Germany

• Bachelor of Computer Science in combination with an apprenticeship as a software developer
• Overview of diverse IT topics such as administration of Windows and Linux servers, programming in multiple languages, server monitoring and implementation of secure software