Feb 2017 – Jan 2019 · 1 yr 11 mos

Jan 2017 – Nov 2020 · 3 yrs 10 mos · Austin, Texas Area

• As VP R&D I contributed to custom-scoped projects for Atredis Partners that included advanced penetration testing, binary analysis, software development, and applied research.

May 2016 – Apr 2020 · 3 yrs 11 mos

Mar 2016 – Feb 2020 · 3 yrs 11 mos · Austin, Texas Area

• Special Circumstances offered tailored business advisory services.

Mar 2016 – Feb 2020 · 3 yrs 11 mos

Apr 2013 – Jan 2016 · 2 yrs 9 mos

• As the chief research officer, I was responsible for delivering research into real world threats and providing guidance on how to address them. In this role, I also drove technical innovation across the Rapid7’s products and services, applying company technology to current and future threats, as well as heading the development of experimental prototypes and free tools.

Oct 2009 – Apr 2013 · 3 yrs 6 mos

• As the chief security officer I was responsible for Rapid7's overall security posture and product security. In addition to internal security, I managed inbound and outbound vulnerability reporting and represented the company by speaking at industry events.

Sep 2011 – Aug 2015 · 3 yrs 11 mos · Austin, Texas Area

• IANS is a leading provider of in-depth security insights and decision support delivered through its research, community, and consulting. As a faculty member I assisted with client requests for advice on an ad-hoc basis.

Sep 2005 – Aug 2009 · 3 yrs 11 mos · Austin, Texas Area

• As the director of security research I was responsible for building the security testing capabilities of the BreakingPoint product line, leading the security research team, managing the security lab, reporting vulnerabilities to vendors, and representing the company by speaking at industry events.
• BreakingPoint was acquired by IXIA in 2012.

Jun 2003 – May 2018 · 14 yrs 11 mos · Austin, Texas Area

• I founded the Metasploit Project in 2003 with the goal of becoming a public resource for exploit code research and development. The Metasploit Project is credited with the creation of the Metasploit Framework, an open-source exploit framework used for professional penetration testing and security research.
• In 2009, Metasploit was acquired by Rapid7. As the department head, I worked with the executive team to design, build, and launch the Metasploit commercial product line. This included opening the Austin office, hiring the engineering team, leading the design process, and delivering high-quality products on an aggressive schedule for our customers.
• In 2013, I handed off ownership of the Metasploit department in order to expand Rapid7's research capabilities. I continued to assist the Metasploit team with product strategy, feature development, and community efforts around the open source project.
• I left Rapid7 in 2016 and continued to contribute to Metasploit development until June of 2018.

Jan 2000 – Sep 2005 · 5 yrs 8 mos · San Antonio, Texas Area

• As the director of vulnerability research I was responsible for designing, building, and maintaining the backend infrastructure and vulnerability scanning platform of our MSSP solution. Additional responsibilities included vulnerability research, penetration testing, and security code reviews for our customers.

Mar 1999 – Jan 2000 · 10 mos · Austin, Texas Area

• Developed advanced security tools for the DoD

Jan 1998 – Nov 2000 · 2 yrs 10 mos · Austin, Texas Area

• As a consultant I performed a variety of security and software development services for clients ranging from e-commerce to finance.