Below, find a brief history of my career and endeavors.

2022+ – Google Cloud  Mandiant was acquired into Google Cloud in October 2022. The mission continues.

2021+ – Mandiant Intrigue was acquired by Mandiant in August 2021 after only 8 months. We are in the process of integrating Intrigue into Mandiant Advantage and currently delivering our service to over 5000 of the world’s leading organizations.

2020-2021 – Intrigue In 2020, I founded Intrigue as an answer to a nascent opportunity in the Attack Surface Management space, and raised a 2M seed. With a small but mighty team of startup players, we set out to deliver the world’s best Attack Surface Management product, on top of an open (as in OSS) core. Intrigue was acquired by Mandiant in 2021.

2018-2020 – Kenna Security Taking a step back into the technical after a few years of building and leading teams, I joined Kenna Security as Head of Research. Our team worked with as a cross functional group, digging into the challenges of vulnerability management and analytics and delivering insight and applied research that was key to organizational success. Kenna’s data-first approach and early lead in the risk-based vulnerability management space was a great opportunity to define a market. Kenna was acquired by Cisco in 2021.

2013-2018 – Bugcrowd I joined Bugcrowd as the first employee in the US, driving the nascent bug bounty space and delivering a consumable, modern application security service in the Enterprise. Working in a variety of roles, I led a team that built and delivered a highly effective customer-oriented service, powered by incredible hackers from around the world.

2012-2013 – Pwnie Express I served as CTO and platform lead for Pwnie Express, an Information Security startup developing products and solutions for Security Service Providers, Government and F500 organizations. During my tenure we released 6 new products, garnered thousands of customers, and raised seed and (later, an) A round of 5.1 million. Outpost24 acquired Pwnie Express in 2019.

2010-2012 – Rapid7 Metasploit  I joined the newly formed Rapid7 Metasploit team to spearhead the development of a dedicated quality assurance team for both the commercial and open source projects. Metasploit remains one of the largest open source Ruby projects in the world, and a critical tool to the pentesting and security communities. Along the way my team provided the bedrock for 75+ high-quality Metasploit releases in just 2 years. Rapid7 IPO’d in 2015.

2007-2010  – Rapid7 Professional Services  I joined the small services team at Rapid7 in 2007 as a penetration tester and threw myself into the work, learning everything I could about security assessment and penetration testing. I quickly moved into a team lead position, mentoring and building a world-class, world-wide security assessment team. Over the course of 3 years, we conducted assessments and penetration tests for Fortune 500 clients around the globe.

2003-2007  – Iowa State University My first real IT position – I took a job as a helpdesk technician, but quickly moved into process improvement, and later into the lead Windows administrator position for one of the largest colleges within the University. As an administrator of a college of over 300 staff and faculty, my team dealt with many challenging support cases and security threats. This position provided a foundational set of knowledge for the positions i would later take on.