Resume

Professional Experience

Director, Product Security Officer - Architecturem, Philips Healthcare — 10/2016 - Present

Manager, Security Advisory Services, Rapid7 — 01/2016 - 10/2016

Sr. Security Consultant, Rapid7 — 12/2014 - 12/2015

Security Evangelist/Project Manager, Duo Security — 05/2013 - 12/2014
  • Acted as an organizational subject matter expert on information security topics to all departments
  • Presented world wide at information security, technology, and software development conferences
  • Built and presented multiple information security workshops and webinars covering technical content
  • Assumed the role of project manager for Duo Labs, the security research and special projects team
  • Provided top-tier journalists and news outlets with technical insight on information security subjects


Sr. Consultant, NetWorks Group — 09/2011 - 05/2013
  • Performed penetration testing, web application security assessments, and security architecture reviews
  • Developed Ruby-based applications including backup, reporting, and credential management solutions
  • Provided technical review on client statements of work and also participated in pre-sales engineering
  • Defined missing company processes, vetted technologies, and guided successful implementation


Sr. Linux Administrator, MNX Solutions — 10/2010 - 09/2011
  • Cloud computing and information security subject matter expert for company's broad client base
  • Management of multiple customer infrastructures totaling over 500 production servers
  • Leadership of junior employees’ activities including project management and task assignment
  • Regularly assisted with pre-sales engineering calls and client project requirements scoping


Linux Administrator, ePrize — 11/2009 - 10/2010
  • Cloud computing SME; architect and lead administrator for deployment of Amazon Web Services
  • Developed 22 Puppet modules for automated configuration management of cloud environment
  • Implemented both an internal information security mailing list and technical security meet-ups
  • Scoped and built cloud architecture that sustained two concurrent Super Bowl digital promotions


Web Application Developer, Orange Creative Solutions — 05/2009 - 11/2009
  • Created a development infrastructure utilizing Debian, Subversion, Apache, Trac, and MySQL
  • Rebuilt the company’s primary site from static HTML to PHP with a normalized 70-table database
  • Developed structured project planning and scoping utilizing SDLC as the underlying methodology
  • Performed code audits for the company’s existing web applications and remediated vulnerabilities


Co-Founder and Technical Architect, Aegis Data Security — 02/2008 - 05/2009
  • Managed up to six company projects at a time, self-monitoring milestones and team alignment
  • Developed a hardened Linux operating system for deployment on the product's server appliance
  • Engineered an object-oriented PHP server administration management & reporting console


UNIX Administrator, University of Michigan — 07/2007 - 08/2008
  • Replaced 85% of core infrastructure during a five month period with a smooth transition for users
  • Created departmental policies and procedures around information security and risk management
  • Developed and implemented server monitoring & analytics using SNMP, Cacti, and Nagios

Sr. Technician, Eastern Michigan University — 12/2003 - 07/2007
  • Created a FreeBSD-based file server for usage of staff/faculty with detailed technical documentation
  • Provided end-user computer troubleshooting, network diagnostics, and web application development
  • Managed up to 12 student employees including scheduling, task-assignment, and general mentoring


UNIX Administrator, Xzibition Data Communications — 02/2002 - 04/2003
  • Deployed four FreeBSD servers to service 500 customers and provided support via IRC and e-mail
  • Implemented Mandatory Access Controls, Port ACLs, event auditing, IPFW, process accounting
  • Custom BASH and PERL code to provide log aggregation and parsing for threat identification


Education

  • Master of Science, Information Assurance — Eastern Michigan University, 2011 [4.00]
  • Bachelor of Science, Networking & IT Administration — Eastern Michigan University, 2007 [3.24]

Certifications

  • (ISC)2 Certified Information Systems Security Professional (CISSP), 2012 - Present
  • Cloud Security Alliance Cloud Computing Security Knowledge, 2010 - Present
  • CompTIA Security+, 2006 - Present
  • CompTIA Linux+, 2004 - Present

Honors

  • University of Michigan - Outstanding Service Award, 2008
  • Business Professionals of America - Cisco Systems CCNA Competition, 1st Place, 2003
  • Science and Engineering Fair of Metro Detroit - Computer Science, 1st Place Team, 2002
  • Intel International Science and Engineering Fair - IEEE Computer Society, 1st Place Team, 2002

Professional Organizations

  • OWASP: Detroit Chapter, 2012 - Present
  • ISSA: Motor City Chapter, 2012 - Present
  • MiSec: Michigan Security Meet-up, 2011 - Present
  • ArbSec: Ann Arbor Security Meet-up, 2010 - Present
  • InfraGard: Michigan Chapter, 2009 - Present

Volunteering

  • Online Trust Alliance: IoT Trust Framework Working Group — 2015 - Present
  • A2Y.asm Security Conference: Co-Founder — 2015 - Present
  • Michigan Cyber Civilian Corps: Incident Responder — 2014 - Present
  • Plug and Play Tech Center: Mentor — 2014 - Present
  • BuildItSecure.ly: Co-Founder & Researcher — 2014 - Present
  • Henry Ford Community College: IA Advisory Committee — 2013 - Present
  • Make a Wish Foundation: Fundraising & Participant — 2012, 2014
  • Susan G. Komen: Fundraising & Participant — 2009, 2010
  • American Cancer Society: Fundraising & Participant — 2008
  • Leukemia & Lymphoma Society: Fundraising & Participant — 2006, 2007
  • NOTACON: Core Organizer & Sponsorship Chair — 2003, 2004, 2005

Presentations

No Single Answer: Balancing Cybersecurity Insurance and a Strong Security Program
Smart City Security
: The Real-World Risks & Challenges
Hide Yo' Kids: Hacking Your Family's Connected Things
The Hand That Rocks The Cradle: Hacking IoT Baby Monitors
Information Security Reconciliation: The Scene and The Profession
Cloud Security: There's a Storm Coming
The Internet of Fails: Where IoT Has Gone Wrong and How We're Making It Right
Security for the People: End-User Authentication Security on the Internet
How We're Failing to Secure the "Internet of Things"
The Internet of Things: We've Got to Chat
Eyes on IZON: Surveilling IP Camera Security
Two-Factor Authentication: A Primer
A Career in Information Security as Described by Animated GIFs
Securing the Stack: Hardening Your Drupal Deployment
How I Became an iOS Developer for Fun and Debt
So You Want to Hire a Penetration Tester?: 10 Tips for Success
Keeping the Cloud Promise: Infrastructure Agility with a DevOps Toolchain
Core Linux Security: 0-Day Isn't Everything
"It's Just a Web Site": How Poor Web Programming is Ruining Information Security
Cloud Disaster Recovery: Leveraging Cloud Computing for Cheap Hot Sites
Cloud Computing: Let's Clear the Air
Development Operations: Take Back Your Infrastructure
Being a Puppet Master: Automating Amazon EC2 with Puppet & Friends
It's Vulnerable... Now What?: Three Tales of Woe and Remediation
What's a Linux?: Creating & Teaching College Courses at 24
Get Smart[y]: The Smarty Template Engine for PHP
Miscellaneous

Vulnerabilities

Fisher-Price Smart Toy®
CVE-2015-8269 - Improper Authentication Handling

hereO GPS Platform
CERT VU#213384 - Authorization Bypass

iBaby M6
CVE-2015-2886 - Predictable Information Leak

iBaby M3S
CVE-2015-2887 - Backdoor Credentials

Philips In.Sight B120/37
CVE-2015-2882 - Backdoor Credentials
CVE-2015-2883 - Reflective, Stored XSS
CVE-2015-2884 - Direct Browsing

Summer Baby Zoom Wifi Monitor & Internet Viewing System
CVE-2015-2888 - Authentication Bypass
CVE-2015-2889 - Privilege Escalation

Lens Peek-a-View
CVE-2015-2885 - Backdoor Credentials

Gynoii
CVE-2015-2881 - Backdoor Credentials

TRENDnet WiFi Baby Cam TV-IP743SIC
CVE-2015-2880 - Backdoor Credentials

Stem Innovation IZON
CVE-2013-6236 - Hard-coded Credentials

portable-phpMyAdmin WordPress Plugin
CVE-2012-5469 - Authentication Bypass

Hotel Booking Portal
CVE-2012-1672 - SQL Injection

e-ticketing
CVE-2012-1673 - SQL Injection

phpPaleo
CVE-2012-1671 - Local File Inclusion

PHP Grade Book
CVE-2012-1670 - Unauthenticated SQL Database Export

phpMoneyBooks
CVE-2012-1669 - Local File Inclusion

Andy's PHP Knowledgebase
CVE-2011-1546 - SQL Injection Vulnerability

Quick Polls
CVE-2011-1099 - Local File Inclusion & Deletion Vulnerabilities

Seo Panel
CVE-2010-4331 - Cookie-Rendered Persistent XSS Vulnerability

Pointter PHP Micro-Blogging Social Network
CVE-2010-4333 - Unauthorized Privilege Escalation

Pointter PHP Content Management System
CVE-2010-4332 - Unauthorized Privilege Escalation

Pulse CMS Basic
CVE-2010-4330 - Local File Inclusion Vulnerability

Orbis CMS
CVE-2010-4313 - Arbitrary Script Execution Vulnerability

Free Simple Software
CVE-2010-4298 - SQL Injection Vulnerability

WSN Links
CVE-2010-4006 - SQL Injection Vulnerability

Press Coverage

Research Coverage

Fisher-Price Smart Toy® & hereO GPS Platform
Internet-Connected Baby Monitors
Stem Innovation IZON Camera

Press Quotes

Interviews

Publications

Books

Webinars

White Papers

Blog Posts

Contributed
Rapid7
Duo Security
NetWorks Group
MNX Solutions

Graduate Research

Technical Documentation

Teaching

Eastern Michigan University

NITA 212: Open Source Platform and Network Administration - Fall 2009; Winter 2010
Labs: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
Slides: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11

NITA 412: Linux Security Administration - Winter 2010; Fall 2010; 2x Winter 2011
Labs: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Slides: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9

ITT Technical Institute

IT 250: Linux Operating System - Fall 2009

Development