Feb 2024 – Nov 2025 · 1 yr 9 mos · Remote

Jan 2024 – Present · 2 yrs 3 mos · United States · Remote

• I am the Founder, CEO, hacker, and trainer for Arcanum Information Security. We offer high tier cybersecurity consulting services and training.

Jan 2023 – Dec 2023 · 11 mos

Jul 2019 – Jan 2023 · 3 yrs 6 mos · San Francisco Bay Area

• Led and managed a global security team tackling:
• Corporate Security: privacy, compliance, physical security, security awareness, business continuity, disaster recovery, crisis management, identity, fraud, and access management.
• Application and Infrastructure Security: red team, bug bounty, incident response, threat hunting, security architecture (cloud, enterprise, devsecops, web services)
• Game Security: production assistance, cheat testing, game security assessment, anti-piracy, anti-cheat.

Oct 2018 – Jun 2019 · 8 mos

Jan 2018 – Oct 2018 · 9 mos

• As VP of Trust and Security, I provide leadership and guidance to Bugcrowd and it's customers relating to creating and sustaining high impact crowd-sourced security solutions (bug bounties and disclosure programs). On top of this, I manage a group of Security Engineers and Bug Hunters that leads special projects as well as does all Sales Engineering for Bugcrowd. In 2017 we tackled problems like matching crowds to complex technology stacks, remediation advice, target discovery technology, improved researcher tooling (presented at DEFCON 25), an Improved RFP process, and managing the incoming RFE process for the business. In 2018 our goals are to focus primarily on researcher enablement.

Sep 2016 – Jan 2018 · 1 yr 4 mos

• Dedicated to providing value to the global security market and the global security researcher community.
• I am responsible for providing leadership, strategic guidance, and operational guidelines to Bugcrowd and its clients. I am focused primarily on internal and external security policies, customer enablement, researcher engagement, and edge-case program management. I work with clients and security researchers to create high value, sustainable, and impactful bug bounty and responsible disclosure programs.

May 2015 – Sep 2016 · 1 yr 4 mos

• Responsible for managing and training internal analysts. We curate, triage, and validate vulnerability data from over 16,000 researchers including (but not limited to) hardcore vulnerabilities in mobile, web, and IoT applications/devices. We bring this data to enterprise clients to help bolster security operations programs. I also work with Bugcrowd to improve the security industries relations with researchers and work closely with sales, customer success, researcher operations, and marketing.

Mar 2014 – Oct 2014 · 7 mos

• Bugcrowd is a crowdsourced security testing platform allowing security researchers to register and participate in security bug bounties. They retain up to 30,700 registered testers and gamify their results by keeping up a "leaderboard". This leaderboard is climbed by finding web and mobile vulnerabilities in bug bounty programs.
• Every year they recognize the top researcher in that "number one" position during the Blackhat and Defcon Security conferences. In 2014 I earned that title by occupying the #1 position.

Nov 2011 – May 2015 · 3 yrs 6 mos

• At HP/Fortify I design methodologies and solutions to the toughest application security problems. Current projects include creating a binary analysis engine for iOS and Android applications, creating a security based asset discovery tool, interviewing/training mobile auditors, and maintaining the web/mobile/binary testing methodologies with cutting edge methods. This is on top of continued application assessments for iOS/Android/web applications and client interactions/pitches.
• I am also in charge of the following Penetration Testing processes:
• Methodology Development
• Mobile Application Testing
• Infrastructure Testing
• Web Application Testing
• Social Engineering Testing
• Vulnerability Assessment
• Security Research
• Process Development
• Customer Interaction
• Engineer Training and Development
• Marketing and Industry Presence

Sep 2010 – Nov 2011 · 1 yr 2 mos

• As a Sr Consultant I was counted on to deliver high quality assessments under the HP name to approximately 25% of the Fortune Top 100 list (2012 Rankings) and follow up with concise recommendations for security and application remediation.
• I was also involved at the Sr level in the following:
• Network Penetration Tests and Assessments
• Web Application Penetration Testing and Assessments
• Mobile Application Penetration Testing and Assessments
• Thick/Binary Application Penetration Testing and Assessments
• Security Process Development
• Methodology Development
• Infosec Journalist and Evangelism
• RFP Responses
• Service Offering Development
• Environment building

Aug 2009 – Sep 2010 · 1 yr 1 mo

• At Redspin I worked as Sr Engineer augmenting many of the already stellar audit methodologies with new penetration testing modules. I worked closely with other Sr staff to create the web assessment methodology. I also handled the following:
• Large Scale External Penetration Tests and Assessments
• Web Application Penetration Testing and Assessments
• Social Engineering Assessments
• Security Process Development
• Tool Development
• Infosec Journalist and Evangelism
• RFP Responses
• Service Offering Development
• Pre-Sales calls

Mar 2007 – Aug 2009 · 2 yrs 5 mos

• At Citrix I provided general IT Support to the internal organization. I also worked with development and identified security issues in internal web applications (XSS, session, SQLi, etc).