About

I’m a well-informed technical information security expert based in Austin Texas. I’m passionate about information security in general and assessment in particular. I strive to understand clients’ information security challenges and deliver elegant solutions.

2018-Now – Kenna Security I’m currently Head of Research at Kenna Security, digging into the future of vulnerability management. Kenna takes a data-first approach and is leading the market in risk-based vulnerability management.

2013-2018 – Bugcrowd I took an early stage (~#7, first in the US) role with Bugcrowd, driving the future of modern application security in the Enterprise. We built and delivered a highly effective security assessment solution for applications, powered by incredible hackers from around the world.

2012-2013 – Pwnie Express I served as CTO and platform lead for Pwnie Express, an Information Security startup developing products and solutions for Security Service Providers, Government and F500 organizations. During my tenure we released 6 new products, garnered thousands of customers, and raised seed and (later, an) A round of 5.1 million.

2010-2012 – Rapid7 Metasploit  I joined the newly formed Rapid7 Metasploit team to spearhead the development of a dedicated quality assurance team for both the commercial and open source projects. Metasploit remains one of the largest open source Ruby projects in the world, and a critical tool to the pentesting and security communities. Along the way my team provided the bedrock for 75+ high-quality Metasploit releases in just 2 years.

2007-2010  – Rapid7 Professional Services  I joined as a penetration tester in 2007 and threw myself into the work, learning everything I could about security assessment and penetration testing. I quickly moved into a team lead position, mentoring and building a world-class, world-wide security assessment team. Over the course of 3 years, we conducted assessments and penetration tests for Fortune 500 clients around the globe.

2003-2007  – Iowa State University I took a job as a helpdesk technician, but quickly moved into process improvement, and later into the lead Windows administrator position for one of the largest colleges within the University. As an administrator of both student and staff machines, we dealt with many early attacks and worms such as Sasser, Blaster and others. This position provided a foundational set of knowledge for the security-focused positions i would later take on.