I empower engineering teams to deliver secure software built to the highest industry standards while reducing cyber risk and defending government and private sector customers.
I’ve earned expertise across all aspects of building and shipping technology products. I’ve held roles as a business leader, senior software developer, and programming mentor. I’m as comfortable advising executive leaders on security and software best practices as I am doing code or architecture reviews with tech teams. I enjoy brainstorming a product road map with project managers, architects, and designers. I’m also happy to do a technical deep-dive with other developers to debug an elusive multithreading issue – as long as there’s coffee. I love to work remotely with collaborative teams composed of people with complimentary skills.
Cybersecurity improves with lasting, positive behavior change in engineers and employees. I champion cybersecurity awareness training throughout organizations. I am a co-author and core maintainer for the OWASP Web Security Testing Guide, and enjoy sharing my expertise in many business and engineering publications across the web.
September 2021 — present
Principal software engineer for Sophos Factory, a modern DevSecOps pipeline builder.
March 2020 — September 2021
I led software development at ZibaSec for a modern cybersecurity awareness training platform that uses realistic phishing simulations to create lasting behavior change and cyber risk reduction. Successes include:
- Leading the engineering team to design, implement, and secure a serverless cloud infrastructure while greatly improving application performance and achieving FedRAMP Authorization
- A 4.5x speedup in serverless application performance using multiple infrastructure components and distributed computing techniques
- Creation and implementation of strategies for increasing knowledge transfer efficacy in a growing, remote team of engineers
- Reduced onboarding time for new engineers by 75% by leading an overhaul of onboarding processes and documentation
- Scaled the engineering team size by 3x through improved processes for recruiting, interviewing, and hiring
- ZibaSec & GitHub: Would you volunteer your company for a cyber attack?
- ZibaSec’s PhishTACO Platform achieves FedRAMP Authorization
August 2019 — present
Co-author and core maintainer for the OWASP WSTG.
The Open Web Application Security Project (OWASP) Web Security Testing Guide (WSTG) is the foremost open source resource for testing web application security.
I build and establish modern CI/CD and automation practices, serve as editor for submissions from contributors, and help ensure the WSTG community is strong and healthy.
2017 — 2021
I earned the annual Top Contributor Award three years in a row from 2018-2020 from freeCodeCamp, a 501(c)(3) non-profit organization that helps millions of people worldwide learn how to code.
In 2017, I served as organizer for the inaugural freeCodeConference in Toronto. Since 2017, I provide mentorship, code review, and career guidance to motivated technologists worldwide.
2016 — 2021
As a senior technology leader with a background in cybersecurity and full-stack software development, I provided executive leadership insights and technical guidance on product and process improvement.
- Leader mentorship and development
- Increasing development velocity in engineering teams
- Application infrastructure and code efficiency, speedup, and cost savings
Products and case studies:
- ApplyByAPI.com, SaaS that improves the technical hiring process by filtering candidates at the top of the funnel, and reduces human hours spent on screening
- Modern e-commerce solutions for legacy industries, such as for large-scale commercial building construction materials
- Product design and product management for applications including an audio virtual reality application
2012 — 2015
I drove digital transformation at a small manufacturing company, resulting in a high-end e-commerce experience. Successes included:
- Advising on strategic product-market fit changes
- Planning and execution of long-term digital strategy
- Migrating business processes to use modern e-commerce solutions
- Overhauling legacy offline inventory management to a modern software solution
- Management of recruiting activities to appoint and train team leads