About Me

A picture of me with my dog Xerxes An obsession with computers began early in my childhood. By my teens I was building and repairing PCs for small businesses to get side money. I started teaching myself to program while I was in High School, and I fell in love with Computer Science. I have always found Artificial Intelligence, Distributed Computing, and Cybersecurity to be interesting topics. Teaching myself new subjects has always been my primary means of learning and that extended to these topics as much as to anything else.

Table Of Contents

A stylized gopher of Benji

Google Go

In 2017, I was introduced to the Google Go programming language at a security conference hosted by SANS. Ever since it has become the language I do most of my experimentation with. The language itself is easy to read, and the built in concurrency primitives provide a framework for concurrent design that I did not have in other languages. The language was not the only thing that pulled me in though.

Gophercon

In 2018, I attended my first Gophercon conference. I had been to previous conferences in the .NET community where I worked before 2017, but none of them were like this. The Go community was friendly and welcoming and I immediately felt like I fit in. It is a wonderful group of diverse individuals who all love the Go language, but also strive to maintain an inclusive and welcoming culture.

Being part of the Go community has encouraged me to move towards an open source model whenever possible. To be part of and give back to such a great group of people.

The Secteria Logo

Awards

Stanford CyberTank Pitch Competition 2020

Invited to the Stanford CyberTank Pitch Competition (Secteria) in 2020 I was given the opportunity to pitch to a group of CISOs from large organizations (Stanford, Box, and Freedom Financial) to solve problems in the field of Cybersecurity.

Stanford CyberTank Pitch Competition (Secteria)

2020 Winner of the $10,000 investment seed award from Daswani Enterprises at the CyberTank pitch competition hosted by Stanford.

Hobbies

A photo of lower Antelope Canyon, Page Arizona

Photography

I have loved taking photos for a long time. My first camera was a 110 film camera. In 2006, I bought my first SLR and started a photography business in Coeur d’Alene Idaho. I later decided that I liked photography more as a hobby than a profession and went back to taking pictures for myself.

If you want to see some of my portfolio follow the button below to my photo gallery.

SCUBA

Ever since reading 20,000 Leagues Under the Sea as a kid I wanted to be a SCUBA diver. My interest only increased when I watched a National Geographic documentary about the Atocha which was a Spanish galleon that sunk during a hurricane off the cost of Florida in 1622. The wreckage of the Atocha was re-discovered in the 1970s by Mel Fisher and crew.

In 2015, I got certified as a PADI Open Water scuba diver and in 2018 I became a SCUBA instructor. My love for SCUBA diving has only increased over the years and I enjoy taking my photography skills underwater.

Bread Making

A photo of my sourdough bread The year 2020 was not kind, but one thing that came out of it is a new appreciation for baking. It started in October 2020 with the desire to bake fresh baguettes for my wife’s birthday. My wife studied in France for several years and one of her most fond memories is French breakfast which consists of a baguette, real French butter, and strawberry jam.

Since we were unable to travel, local, or international I wanted to surprise her. I began watching Youtube videos on making baguette and ended up really enjoying the process. There is a very tangible quality to baking that I do not get in my normal work as an engineer. At the end there is an actual physical manifestation of your work and it was very cathartic.

Since then I’ve begun baking bread roughly once every two weeks and have begun making Sourdough boules, pizza, and English muffins as well. I continue to enjoy the process and tune my results.

Work History

Principal Golang Instrumentation Engineer - Contrast Security

January 2020 – Present

  • Development of application security instrumentation for the Google Go language.
  • Implementation of agent system for monitoring user data flow through Go applications.
  • Identification of vulnerable source, sink and propagation events that occur throughout a Go application.
  • Reporting of vulnerabilities through API integrations over Protobuf, and GRPC to the Contrast UI.

Technologies

Google Go (Golang), Docker, Protobuf, GRPC


Manager, Information Security Automation Cyber Defense Operations - NortonLifeLock

July 2018 – January 2020

  • Development of application security instrumentation for the Google Go language.
  • Open Sourced the NortonLifelock Vulnerability Management Platform Aegis
  • Expanded vulnerability management automation from 360k vulnerabilities in 2017 to over 1.2 Million vulnerabilities in 2018.
  • Defined and implemented vulnerability management processes cross functionally between teams.
  • Designed the continuous automation processes utilized with container vulnerability management and remediation.
  • Guided project vision, features, and enhancements of our vulnerability automation platform.
  • Collaborated with EVPs, VPs and Directors across Symantec to meet business objectives and decrease enterprise risk.
  • Drove integrations of 3rd party APIs to completion, including AWS, ServiceNow, Dome9, and Aqua Security.
  • Led and mentored a team of software engineers and quality assurance analysts.
  • SCRUM Master for my team of software engineers and QA.
  • Paired programming and mentorship of junior colleagues.

Individual Contributions

  • Implemented architecture to utilize microservices and message queueing as well as docker to add horizontal scalability.
  • Built highly concurrent data pipelines drastically increasing the performance of the vulnerability automation platform.
  • Built passive vulnerability automation to verify patching of vulnerabilities concurrently with proactive patching.
  • Built passive vulnerability exception automation to verify the patching of vulnerabilities with approved exceptions.
  • Researched and developed machine learning and AI methodologies for use with vulnerability fingerprinting and prioritization.
  • Architected vulnerability categorization, continuous vulnerability management and multilevel remediation assignment.
  • Subject matter expert for automation of vulnerability management using Qualys and Nexpose.
  • Performance tuning and load testing for 3rd party integrations including Qualys, Nexpose, and JIRA.
  • Database schema re-design and normalization for expansion of vulnerability data across CBU organizations.
  • Developed reports and metrics showing the average aging of vulnerabilities across the organization to show SLA compliance.
  • Refactored and documented codebase.

Technologies

Google Go (Golang), Docker, RabbitMQ, MySQL, AngularJS, TypeScript, JSON, XML API Integrations: Nexpose, JIRA, Amazon KMS, Qualys, ServiceNow, Dome9, Aqua Security, AWS, Azure, Synack


Senior Security Software Engineer Cyber Defense Operations - Symantec

November 2017 – June 2018

  • Security Automation Team Lead for the Symantec Consumer Business Unit (LifeLock, Norton, ID Analytics, SurfEasy).
  • Increased the scope of the automation platform from ~5,000 assets to ~20,000 assets across the Consumer Business Unit.
  • Worked directly with vendors of each API integration to clear roadblocks and solve issues relating to their APIs.
  • Implemented the Qualys API integration for vulnerability management.
  • Mentored junior software engineers and interns.

Technologies

Google Go (Golang), MySQL, AngularJS, TypeScript, Ruby, Ruby on Rails, MongoDB, JSON, XML API Integrations: Nexpose, JIRA, Amazon KMS, Qualys


Software Development Engineer III Cybersecurity Engineering - LifeLock

November 2016 – November 2017

  • Development Team Lead for the Cybersecurity Engineering Software Team.
  • Architected and built the automation framework for vulnerability management and remediation.
  • Automated end to end vulnerability management from detection to remediation.
  • Automated technical verification of vulnerability remediation to eliminate guesswork and human error.
  • Built fully abstract libraries for JIRA and Nexpose integrations for use with ETL jobs.
  • Designed and built a scaffolding engine to generate Go code for data access objects and database connectivity.
  • Built an abstracted 3rd party API integration framework to allow for integration agnostic business logic.
  • Developed an application security program that integrated with software development teams across LifeLock.
  • Designed an information security laboratory for new tool POCs and malware analysis.
  • Evaluated vendor offerings for software related to MongoDB security and encryption.
  • Designed and implemented internal phishing tests and assessments.
  • Implemented an Agile SCRUM / Kanban environment for the security automation team.
  • Performed security code reviews for LifeLock consumer products.
  • Mentored junior software engineers and interns.

Technologies

Google Go (Golang), MySQL, AngularJS, TypeScript, Ruby, Ruby on Rails, MongoDB, JavaScript, JSON, XML API Integrations: Nexpose, JIRA, Amazon KMS


Senior Software Engineer - AutoLoop, Clearwater, Florida

September 2015 – November 2016

  • Designed and built the commercial loyalty module that increased customer engagement and retention for car dealerships.
  • Collaborated with a team of Engineers, QA, Project Managers and Business units to build a robust loyalty program.
  • Implemented secure coding best practices in my team, which were specifically focused on failing securely.
  • Performed code reviews for other Engineers on the team.
  • Developed a generic CSV serializer for reporting that allows for hierarchical classes to be converted to CSV with ease.

Technologies

C#, Asp.net MVC, Asp.net Web API, Microsoft SQL, AngularJS, TypeScript, JSON


Software Developer III - First Solar, Tempe, Arizona

September 2014 – September 2015

  • Collaborated with a comprehensive team of Developers, QA, DBA, Project Managers, and Business units to manage and maintain internally built applications.
  • Investigated the root cause(s) of software and infrastructure issues and, in some cases, improved the performance of specific applications by over 600%, thereby reducing overall technical debt.
  • Identified potential weaknesses and security flaws in critical business applications and increased their overall reliability.
  • Initiated and executed improvements to code management practices, which greatly enhanced the stability of software releases.
  • Performed preliminary research on image processing, parallel processing, neural networks, and software metrics for special projects.
  • Proposed and spearheaded the upgrade of legacy applications to newer, more maintainable technology.
  • Teamed with software development leaders whose objectives were to assess various technologies and application architectures for their overall fit within company goals.
  • Developed software using Agile SCRUM and Agile Kanban dynamic methodologies.
  • Trained in automated and unit testing based on Agile methodologies.
  • Mentored and trained software engineering interns.

Technologies

C#, Asp.net MVC, Asp.net Web API, Microsoft SQL, AngularJS, WCF, WPF, Silverlight


Senior Software Engineer - P3 Data Systems, Denver, Colorado

August 2013 – September 2014

  • Developed an intuitive software solution for the compilation of corporate filings that does not require customers to have a prior working knowledge of the eXtensible Business Reporting Language (XBRL).
  • Frequently worked independently creating fully integrated web modules (i.e., front- and back-end code).
  • Gathered requirements with key stakeholders and company leadership to build software project plans.
  • Re-engineered third-party security protocols to meet company requirements.
  • Designed sensible “Code First” models to leverage and access data efficiently in the software system.
  • Maintained data integrity in the software by effectively combining Shared Schema and Shared Database multi-tenant models.
  • Critically evaluated potential business partnerships and third-party software to determine alignment with company’s goals.
  • Collaborated with an international team of developers.
  • Regularly integrated third-party software within the company’s platform.
  • Traced and corrected pre-existing third-party software bugs.

Technologies

C#, Asp.net MVC, Asp.net Web API, Microsoft SQL, AngularJS


Software Engineer - POSitive Technology, Scottsdale, Arizona

May 2011 – August 2013


Software Engineer - Bullet Tools, Hayden, Idaho

March 2010 – April 2011


Education

Bachelor’s degree, Computer Science, 2021 - University of Illinois Springfield

Stanford Advanced Computer Security Certificate, 2018 - Stanford University

GIAC Certified Incident Handler (GCIH), 2017 – 2021

CC BY-NC-ND 4.0