About Me

Ten years later I'm doing security training again, this time for Tenable and will be moving to Frederick County, Maryland in a few months. In December 2007 where I got an old-fashioned/non-breaking things network security (managing and building unreal numbers of *BSD based firewalls and learning not to hate Ruby) job with Hewitt Associates. Until November 2006 I did the small consulting company thing, as a security researcher/consultant for Digital Bond, a small network security practice that specializes in SCADA and Control System security. Up until September 2005 I was at Cisco (in Austin), where I worked in a number of different security consulting and research groups. I got my start in security (at least on the civilian side of the house) at Trident Data Systems back in 1997. From 1988 to 2001, I served in several Army Reserve Information Operations and Military Intelligence units in Austin and San Antonio, Texas.

Resume

  • PDF resume - a bit out of date but probably a few typos
  • Linked In profile - if you are in to that thing
  • old versions I should delete - why you should care is beyond me

    Areas (in security) where I have experience and expertise:

  • white/black box device/protocol/application assessment
  • custom protocol & application fuzzer development
  • security tool[kit] design and development
  • vulnerability testing strategy, secure product/application development
  • threat modeling
  • technical security training and course development
  • writing Snort signatures and Nessus Plugins for obscure protocols
  • various stuff that comes in handy when analyzing network protocols

    I'm quite comfortable developing application and network security testing tools in Java, Python, C#, and Ruby. I've also done code auditing of C and Java applications and protocol implementations. Also done a lot of reverse engineering of network protocols at various layers.

    Some of my pages

  • My Security Wiki with various interesting stuff
  • Conference Presentations & Papers on various security topics
  • PeerTAB - new open source project I've kicked off for sharing threat information via P2P networks.