Mar 2025 – Present · 1 yr

• Build and manage the world's best research team that consistently delivers cutting-edge research
• Write kick ass security tools
• Create research-related content for blog, podcast, and conference contexts

Feb 2024 – Present · 2 yrs 1 mo · Australia · Remote

• Cutting edge software supply chain security research
• Deliver software supply chain red team engagements
• Deliver training around software supply chain and application security

Feb 2024 – Jul 2024 · 5 mos · Gold Coast · Remote

• Introduce Software Supply Chain attack methodologies to the existing Red Team operational model.
• Updated the Red Team operation model to include "continuous operations" and adapted our Rules of Engagement.
• Interact with "Secure" product owners (SAST, DAST, Compliance) and Trust & Safety to identify areas where the Red Team and I can help.

Jan 2024 – Present · 2 yrs 2 mos · Gold Coast, Queensland, Australia · Remote

• • I'm one of the organizers for the 2026 Gold Coast BSides being held on May 23, 2026

Mar 2023 – Present · 3 yrs · Australia · Remote

• Help startup by leveraging my experience building and running startups over 30 years
• Act as security advisor for highly regulated industry startup

Jan 2023 – Present · 3 yrs 2 mos · Gold Coast · Hybrid

Jan 2022 – Present · 4 yrs 2 mos · Melbourne, Victoria, Australia

• Listen to and mentor startup founders and offer advice or assistance when I can help.
• Leverage my experience as a technical founder to help them navigate product design, capital raising, customer discovery, product security, and go-to-market challenges that most startups will face in their early stages.

Oct 2018 – May 2019 · 7 mos · Melbourne, Victoria, Australia

• Completed 6-month startup accelerator with Australia's only cybersecurity accelerator.
• Built market research and GTM for new startup SecureStack
• Built relationships with industry buyers, advisors and investors that will last for many years

Nov 2017 – Jul 2018 · 8 mos · Greater Brisbane Area

• Built testing and deployment automation for Queensland Treasury's cloud migration and operations with Terraform, Ansible and Ansible Tower
• I managed vendor relationships with agencies to make sure that they delivered secure code and applications
• Spearheaded security assessments and testing for cloud environments

Jun 2017 – Aug 2017 · 2 mos · Greater Brisbane Area

• Built first CI/CD processes for AWS ECS-based workloads for QTAC.
• Built highly scalable logging solution utilizing AWS Elasticsearch for containerized applications running in the cloud.

May 2017 – Feb 2024 · 6 yrs 9 mos · Gold Coast, Australia

• SecureStack was an early entrant to the ASPM space that I founded in 2017. Our ASPM product was the first in the world to combine source code, web vulnerability scanning, container scanning and cloud security posture testing in one product. Later on, we added compliance and SBOMs which really galvanized our position as a product that could deliver complete SDLC security coverage in one solution, one dashboard and one subscription.
• I wrote and built the original product myself, but after raising capital from Australian venture investors in 2020 I was able to hire an amazing team and move into a product owner role. I was a very technical CEO so I spent a lot of time building partnerships with AWS, GitHub, Microsoft, and Atlassian to bring our product to a global market via those channels. I also built partnerships with small to medium MSSPs as a way to leverage those relationships to gain access to new customers and new markets. These two channels accounted for more than 80% of our annual revenue.

May 2016 – May 2017 · 1 yr · Gold Coast, Australia

• Led a small DevSecOps team that owned all corporate cloud and application security.
• Built first continuous integration and deployment (CI/CD) processes for the company
• Managed all cloud and data center operations for Queensland and NSW

Apr 2016 – May 2016 · 1 mo · Greater Brisbane Area

• I built Corelogics first global vulnerability management platform
• I built intrusion detection, logging and SIEM functionality for the global organization

Apr 2012 – Apr 2016 · 4 yrs · Park City, Utah

• I authored Cambia's long term container strategy. My goal was to utilize EC2 Container Service (ECS) in a way that allows Cambia to use AWS tools as well as their own. No vendor lock-in. Deployment utilizes Jenkins and Ansible to deploy applications and start and stop the Docker container fabric. Cambia needs to migrate to the cloud but we want to do so in a way that is secure and fully managed.
• I was part of a team that was building Cambia's NextGen PaaS solution. Our buildstack uses Ansible, Docker, python, haproxy and git as the primary components of the platform stack. I helped migrate applications to AWS and looked at Rancher as a possible management/orchestration tool. The idea was to build containerized applications using Docker and migrate our existing applications to this model. I want my tool to be able to manage any endpoint regardless of where it is: AWS, Azure, local infrastructure, my macbook... wherever!
• I owned the Cambia Redhat Linux virtual provisioning and build spec. This included the creation, test and management of Vmware templates and automation for all of our Redhat infrastructure, customized for both role and environment.
• I migrated the existing Perl and Jenkins based web and app server deployments into Ansible playbooks, and/or Ansible Tower so our tier 2 staff can take over this responsibility.
• Looked at Openstack and Openshift as possible complementary pieces to our in-house IaaS and PaaS tools. I also looked at using Azure as our IaaS provider.
• I was heavily focused on scripting automation (Ansible, bash shell and Python) into our VMware linux build process using a buildstack process that builds a server, any custom NAS mounts or local LVM filesystems, installs platform components and customized application stack.
• Administered Websphere, iPlanet, IHS, Apache, Tomcat, OpenESB, GlassFish and JCAPS web application servers and their associated monitoring
• Managed F5 load balancers for web environments

Apr 2009 – Nov 2010 · 1 yr 7 mos · Park City, UT

• Led a small team of engineers who delivered managed services to customers in Utah
• Introduced cloud-based infrastructure and security services to traditional SMB-focused MSP
• Was the primary Unix/Linux and Network consultant

Dec 2007 – Mar 2016 · 8 yrs 3 mos · Park City, UT

• I built and managed a small consultancy specializing in cloud and application security
• Delivered security consulting services including penetration testing, risk and PCI assessments
• Contracted with HP to create their cloud and distributed computing certification tests including ATA Client, Server, and Networking as well as the first Cloud certification in the industry

Apr 2007 – Dec 2007 · 8 mos · Salt Lake City

• Managed FreeBSD and Linux distributed environment for large enterprise organization
• Led the infrastructure team through a successful PCI-DSS tier 1 audit
• Built and deployed automation to meet strict compliance requirements.

Apr 2004 – Dec 2006 · 2 yrs 8 mos · Bluffdale, UT

• Built and installed Linux-based HPC systems in protected US government facilities.
• Wrote and deployed custom Linux operating systems and drivers to deliver grid-based high-performance computing clusters
• Created early IP firewalling orchestration for protected HPC clusters

Jul 2001 – Dec 2003 · 2 yrs 5 mos · Salt Lake City Metropolitan Area

• Worked as Senior Unix Engineer on the Unix team administering Solaris and AIX.
• Was colocated with security team to help embed security functions in Unix distributed systems
• Cowrote first security hardening document for Unix and distributed systems for Blue Cross/Blue Shield
• Managed Unix teams HIPAA compliance program

Jan 2001 – Jun 2001 · 5 mos · Orem, Utah

• • Wrote the Linux operating system and SCSI drivers for custom hardware used to run their proprietary image processing and optimization solution.

Sep 1996 – May 2001 · 4 yrs 8 mos · Logan, UT

• Built and managed a retail storefront and a consultancy specializing in unix and networking.
• Managed a team of up to 8 technicians