Josh Brown-White

DevOps Manager

Seattle, Washington, United States24 yrs 2 mos experience
Most Likely To SwitchHighly Stable

Key Highlights

  • Expert in software security and vulnerability management.
  • Led transformation of secure development lifecycle at Microsoft.
  • Pioneered advanced static analysis solutions for code security.
Stackforce AI infers this person is a Security Architect specializing in software security and development lifecycle management.

Contact

LinkedIn

Skills

Core Skills

SecuritySoftware DevelopmentProduct EngineeringSecure Development LifecycleApplication Security

Other Skills

Secure SDLCStatic AnalysisDynamic AnalysisMicrosoft SDLThreat ModelingPentestingAgile DevelopmentSecurity PoliciesTraining and AwarenessSecurity TestingTest AutomationPythonLinuxAJAXJavaScript

About

I have played a multitude of roles over my career, but ultimately all of the work I have done has revolved around understanding the myriad of ways that software can be vulnerable, the root causes that lead to each of those types of vulnerabilities, and what engineering strategies are effective at leading to meaningful improvements in software security.

Experience

24 yrs 2 mos
Total Experience
3 yrs 6 mos
Average Tenure
12 yrs 11 mos
Current Experience

Microsoft

3 roles

Principal Security Engineering Manager

Promoted

Mar 2018Present · 8 yrs 2 mos

  • Lead an amazing team of security engineers who are building and leveraging the most advanced static analysis solution in the world to analyze billions of lines of code for newly described security vulnerabilities in hours. We are transforming both secure development and incident response, and building the next template for what a Secure Development Lifecyle will look like for the industry.
SecuritySoftware DevelopmentSecure SDLCApplication Security

Principle Security PM

Sep 2016Mar 2018 · 1 yr 6 mos

  • Building Microsoft's strategy for secure product engineering (static analysis, dynamic analysis, feature enhancements recommendations to MS programming languages and platforms, etc.), contribute to the continuing evolution of the Microsoft SDL, participate in industry security collaborations representing MS, provide technical review of proposed security regulations and standards from external organizations, and a host of other related tasks.
SecurityStatic AnalysisDynamic AnalysisMicrosoft SDLProduct Engineering

Sr. Security Advisor

Jun 2013Sep 2016 · 3 yrs 3 mos

  • In my capacity as a Sr. Security Advisor within Trustworthy Computing, I worked with various product groups to adapt and evolve the Microsoft Secure Development Lifecycle to each organization's needs, advised on threat models and assessed security sensitive features and code, managed and oversaw third party pentesting, drove inter-organization security efforts, championed new security features within the products, and performed the Final Security Assessment for major milestones. At various points I worked with the Azure, Windows Phone and Windows Phone Services, Internet Explorer, SQL Server, and Windows organizations, as well as lead the security efforts for the Nokia Phones acquisition.
  • Additionally, I helped drive the transition of the SDL from a Waterfall centric process to one that supported Agile and Continuous development cycles.
SecurityThreat ModelingPentestingAgile DevelopmentSecure Development Lifecycle

Adp

Application Security Architect

Sep 2010Jun 2013 · 2 yrs 9 mos

Adp dealer services

IT Security Engineer III

Mar 2009Jan 2011 · 1 yr 10 mos

  • Architect responsible for designing and implementing an enterprise application security program including security policies, standards and best practices, a secure development lifecycle, and a training and awareness program.
Security PoliciesSecure Development LifecycleTraining and AwarenessSecurityApplication Security

Fedex services

Sr. Technical Analyst - Application Security

Dec 2007Mar 2009 · 1 yr 3 mos

Microsoft

SDE/T

May 2005Dec 2007 · 2 yrs 7 mos

  • Security testing, security tool design and development, and test automation development for Windows CE and Windows Mobile.

A dot corporation

Software Development Engineer

Apr 2004May 2005 · 1 yr 1 mo

Security TestingTest AutomationSecurity

Netmanage

Software Development Engineer

Jul 2000Aug 2002 · 2 yrs 1 mo

Education

Western Washington University

Bachelor of Science - BS — Computer Science

Sep 1998Dec 2000

Western Washington University

B.S. — Computer Science

Jan 1998Jan 2000

Stackforce found 100+ more professionals with Security & Software Development

Explore similar profiles based on matching skills and experience

Dharmesh Mehta

Dharmesh Mehta

Security Engineering Leader

at Google

Hyderabad, India21 yrs 3 mos exp
ComplianceDevSecOpsGovernanceInformation SecurityRisk Management
Shirish Pandey

Shirish Pandey

Solutions Architect

at Worldline Global Services

Chennai, India18 yrs 7 mos exp
AndroidEmbedded SoftwarePlatform ArchitectureProduct DevelopmentSecurity
KK

Kedar Kekan

Vice President of Engineering

at Monaire

Pune, India18 yrs 2 mos exp
Engineering LeadershipSoftware as a Service (SaaS)
Satish Patil

Satish Patil

Director of Engineering

at Guidewire Software

Bengaluru, India20 yrs 2 mos exp
Amazon Web Services (AWS)JavaPlatform EngineeringSoftware as a Service (SaaS)Technical Leadership
Bopana Ganapathy

Bopana Ganapathy

Vice President

at Epsilon

Bengaluru, India24 yrs 2 mos exp
Cloud ComputingData & Storage ManagementDigital PaymentsLeadershipSoftware Development
Olexandr Tsyshenko

Olexandr Tsyshenko

Lead Security System Engineer

at EPAM Systems

Ukraine9 yrs 3 mos exp
AS

Anubhav Sharma

Manager - Product Security

at slice

Bengaluru, India10 yrs 2 mos exp
API SecurityApplication SecurityCloud SecurityCyber-securityProduct Security
PM

Prashant Madhyasta

Co-founder & CEO

at AUMLayer

Bengaluru, India23 yrs 7 mos exp
Cybersecurity Strategy & LeadershipCloud EngineeringGovernance, Risk Management, and Compliance (GRC)