Objective
To make the world a better and more secure place for all.
Technical Qualifications:
- Highly Skilled in Java and Perl
- Working Knowledge of Ruby, SQL, C/C++, C#, JavaScript, and Delphi
Experience with numerous tools including: Eclipse, Visual Studio, JUnit, Cobertura, Fortify, Nmap, Hping, Wireshark, tcpdump, Perforce, and Subversion
- Security experience includes Code Review, Design Review, Threat Modeling, Web Application Security, and Mitigation
Professional Experience
Amazon.com, Seattle, WA
Amazon Web Services (AWS), Senior Security Engineer, May 2012 - Present
Google Inc., Seattle, WA
Google Cloud Storage, SWE, March 2011 - March 2012
- Implemented RSA signature verification for migration to OAuth2
- Implemented data life-cycle management code
Amazon.com, Seattle, WA
Elastic Compute Cloud (EC2), SDE, August 2008 - February 2011
- Performed security reviews on new and existing functionality
- Consulted on security related projects throughout Amazon Web Services
- Designed detection and response strategies for abuse in EC2
- Evaluated security bulletins relevant to EC2
- Supported auditing through:
- Identifying, designing, and implementing controls
- Designing tests
- Supporting external auditors and testers
- Creating tools to ease compliance burdens
IT Security, Security Engineer, July 2007 - August 2008
- Consulted and advised on security aspects of internal products
- Integrated static-analysis tools with the centralized build-system
- Wrote sample code and libraries to increase security of overall code-base
- Coordinated multiple teams to mitigate CSRF issues
- Educated employees on secure development
Video on Demand (VoD), SDE, July 2005 - July 2007
- Designed and implemented DRM system
- Designed and implemented VoD integration with TiVo
- Performed security reviews and hardening for both the client application and web-services
- Integrated static-analysis with the VoD work-flow and created custom rules to enforce both Amazon- and VoD-specific policies
- As lead-engineer (services) oversaw development of the services architecture and design of new services
Private Software Company*, Clifton Park, NY
Programmer/Analyst, May 2003 - Auguest 2004
- Designed and implemented custom Delphi components that produce cross-platform JavaScript
- Developed an Internet interface for an existing database application for adoption by the Special Olympics
- Designed and implemented a custom job management system for a print shop with integrated quoting
NationStates.net, http://www.NationStates.net
Administrator/Programmer, 7/2003 - Present
- Provided technical support to the user-base resulting in more rapid response to issues
- Uncovered and patched security issues including XSS, CSRF, DoS, and Phishing
- Developed additional game features upon owner and player request
- Oversaw code migration to Jolt.co.uk as official Nationstates-Jolt liason
Computer Science and Technical Education:
University of Rochester, Graduated May, 2005
BS Computer Science with a concentration in Theory and Algorithms
Minor in Mathematics
Overall GPA: 3.74/4.0
Computer Science GPA: 3.82/4.0
Dean's List 7 of 8 semesters
* Some personally identifying information has been removed from this version of the document due to privacy concerns. A complete resume, more detailed contact information, and references will be made available upon request.