Jun 2023 – Present · 2 yrs 11 mos

• As a Strategic Technical Advisor for Akto.io, I leverage cybersecurity expertise to guide the company's API security technology vision and ensure the robustness and resilience of its solutions.

Apr 2022 – Present · 4 yrs 1 mo

• At Aviso Ventures, we invest in companies that make the enterprise smarter, faster, and more secure. We help founders with actionable advice and access to capital, while never forgetting it's their company.

Mar 2022 – Dec 2024 · 2 yrs 9 mos · Global

• MergeBase gives companies a way to know where the biggest threats are, running live. MergeBase’s Software Composition Analysis platform manages vulnerabilities and license risk, during coding, building, deployment and running of your applications. It provides developer guidance based on risk, compatibility and popularity. It triggers warnings about vulnerabilities applications running in production including from third-party components and third-party software.
• Successful exit in 2024!

Jan 2022 – Present · 4 yrs 4 mos · Global

• DefectDojo specializes in DevSecOps products. We obsess about making security scalable, useful, and actionable.

Aug 2021 – Present · 4 yrs 9 mos · Global

• RAD Security is an event-driven SaaS platform built to automatically remediate Kubernetes security risks and enforce least-privileged access control across distributed cluster infrastructures.

Apr 2019 – Present · 7 yrs 1 mo · Jacksonville, Florida

• Nucleus is an application security risk tracking platform which helps organizations track entire portfolios of applications and their respective security issues. Nucleus provides integrations with dozens of security tools across the industry so you can have one pane of glass to view and understand the complexities of application security portfolio level risk.

Jan 2014 – Present · 12 yrs 4 mos · Anahola, Kauai, Hawaii · Hybrid

• At Manicode Security we teach your developers to write secure code. We bring a combination of passion, style and years of research into all of our education offerings. Our education programs are designed for any web developer, architect, security professional or other software development professional who needs to build and maintain secure software.

Jan 2014 – Jun 2018 · 4 yrs 5 mos · San Francisco Bay Area

• Brakeman Security is a dedicated Ruby on Rails static analysis security engine company. Our main product, Brakeman Pro, was written by Neil Matatall, Jim Manico, and Dr. Justin Collins PhD, the author of the open source tool, Brakeman. Brakeman Pro was sold to Synopsys in June of 2018; an exciting successful exit for all involved.

Jun 2011 – Dec 2013 · 2 yrs 6 mos · Santa Clara, CA

• Web application secure development educator and author. Conference speaker. Product Evangelist. Remediation practice support. WhiteHat was sold to NTT in March of 2019; a successful exit for all involved.

Feb 2010 – Jul 2011 · 1 yr 5 mos

• Providing web application development and application security services to a wide variety of clients.

Jan 2008 – Present · 18 yrs 4 mos · Global

• Active OWASP volunteer since 2008.
• Co-leader and project manager of the OWASP AISVS (Artificial Intelligence Security Verification Standard), OWASP ASVS (Application Security Verification Standard), OWASP Proactive Controls and the OWASP Cheatsheet Series.
• Elected OWASP Global Board Member from January 2013 to May 2016. Helped drive the strategic vision for the organization and continue to serve as an advisor to many OWASP leaders and members.

Aug 2007 – Feb 2010 · 2 yrs 6 mos

• Lead Architect/Developer of an ongoing internal application security vulnerability management web application using J2EE/Java 1.5, Struts 1.3, Hibernate 3, JQuery/Javascript, xHTML/CSS, MySQL. Also developed a prototype XFORMS/Spring module for the Open Medical Record System project (openmrs.org) via Sun Microsystems, Partners in Health and TED.
• Application security instructor and editor for 1, 3 and 5 day classes including "Building and Testing Secure Web Application", "Secure Coding for Java EE" and "Application Security Management".
• Performed assessments of web applications and software products using architectural review, code review and penetration testing techniques. Experience identifying vulnerabilities associated with Web applications as well as system and network software. Produced detailed reports documenting vulnerabilities and specific mitigation recommendations.

Jul 2005 – Dec 2005 · 5 mos

• Played a key role on the Citibank project
• Responsible for mastering and integrating the object-relational mapping tool Hibernate
• Led the design and implementation of a web service data formatting component that had strict performance requirements
• Developed a Java training package for Plug Power

Aug 2004 – Jul 2005 · 11 mos

• Senior software engineer and director for vendor sales team. ($2 million + in annual sales) Provide Business Development support to other Departments. Perform Vendor Floorshow Manager duties at all national conventions. Train and motivate sales staff. Provide in-depth metrics on department performance. Direct report to CEO. Instructor for the LAMP (Linux, Apache, MySQL and PHP) Track.

May 2002 – Feb 2008 · 5 yrs 9 mos

• Cutting-edge website design. Application Security. Programming (Java, PHP, *ml, AJAX). Database (MySQL, Oracle, Posrgres). Software Engineering Management.

May 2002 – Aug 2004 · 2 yrs 3 mos

• 5th-12th Grade Technology Educator, Physics Educator, Network Administrator, and Head of Technology Department for Elementary, Intermediate and High school.

Feb 1997 – May 2002 · 5 yrs 3 mos

• Worked as independent consultant for GE, EchoStar, WebMD, Gazoontite, RateExchange, Fireman's Fund Insurance, Fortune 10 financial institutions and others.