Experience

Eclypsium, Inc.

• United States
• Computer and Network Security
• 1 - 100 Employee

• Principal Security Researcher

  • Sep 2023 - Present

  Vulnerability research focusing on enterprise platform security. Reverse engineering, fuzzing, and deep learning approaches to security analysis applied to firmware, UEFI, BMC, kernel drivers, network services on edge network devices, etc.



Fuzzing IO

• Company Owner

  • Aug 2017 - Present

  Seattle, Washington, United States FUZZING IO, LLC is a professional training and information security services company specializing in vulnerability research and security automation. Training programs and services center around fuzzing and integration of automated security testing into SDLC and CI/CD pipelines. FUZZING IO was founded in 2017. Please contact info@fuzzing.io for more information about our services.



Trellix

• United States
• Computer and Network Security
• 700 & Above Employee

• Senior Principal Security Researcher

  • Jan 2022 - Mar 2023

  Trellix Advanced Threat and Vulnerability Research Team



Oracle

• United States
• IT Services and IT Consulting
• 700 & Above Employee

• Consulting Member of the Technical Staff

  • Mar 2020 - Jan 2022

  Lead static analysis and fuzzing expert at Oracle Cloud.

• Director of Security Research

  • Nov 2018 - Mar 2020

  Greater Seattle Area Founder of a new security research team for Oracle Cloud. We perform vulnerability analysis on the entire cloud stack including hypervisors, kernels, userland libraries, and web services. I bring a specialized research focus to this work through the development of automated static analysis and dynamic test generation tooling and methodologies.



Cisco

• United States
• Software Development
• 700 & Above Employee

• Research Lead, Talos Group

  • Aug 2013 - Nov 2018

  Austin, Texas Area Technical Lead of the vulnerability discovery, triage, and mitigations team Cisco acquired Sourcefire in August 2013, this role is an expansion of previous responsibilities as Principal Research Engineer at Sourcefire. Team charter was to help build the new Cisco Talos brand through innovative research. Team was built from scratch to eight people, leveraging personal contacts in the industry and reputation of public research to fill the roster. Created the research strategies and… Show more Technical Lead of the vulnerability discovery, triage, and mitigations team Cisco acquired Sourcefire in August 2013, this role is an expansion of previous responsibilities as Principal Research Engineer at Sourcefire. Team charter was to help build the new Cisco Talos brand through innovative research. Team was built from scratch to eight people, leveraging personal contacts in the industry and reputation of public research to fill the roster. Created the research strategies and workflow for the team and reviewed/edited all content produced by the team, managing several technical projects simultaneously. Wrote and implemented the official Cisco Vendor Vulnerability Reporting process. Successfully built a team that has found 200 vulnerabilities in a single calendar year, resulting in becoming a CVE Numbering Authority. Continued to develop the fuzzing system driving the vulnerability discovery process. Co-founded the Offensive Security Summit, an internal conference that brought together 130 members of five technical teams within Cisco for research and information sharing. Opensourced tools for the infosec community. Author of five technical research lectures delivered at sixteen industry conferences. Show less



Sourcefire, part of Cisco

• United States
• Computer and Network Security
• 1 - 100 Employee

• Principal Research Engineer / Team Lead

  • Feb 2010 - Aug 2013

  Responsibilities included vulnerability analysis, proof-of-concept exploit code development, reverse engineering of competitive products and platforms, malware analysis and development of AV bypass demos to highlight product capabilities, and customer incident response on active attacks against Sourcefire IPS. Vulnerability research included design and implementation of an internal automation system for fuzzing, development of custom grammar aware fuzzers, development of the first publicly… Show more Responsibilities included vulnerability analysis, proof-of-concept exploit code development, reverse engineering of competitive products and platforms, malware analysis and development of AV bypass demos to highlight product capabilities, and customer incident response on active attacks against Sourcefire IPS. Vulnerability research included design and implementation of an internal automation system for fuzzing, development of custom grammar aware fuzzers, development of the first publicly available implementation of concolic execution driven test generation, analysis of the Adobe Reader X sandbox, mitigation prototyping with dynamic binary translation tools, and development of code coverage and taint analysis tools to aid in crash analysis. Author of five technical research lectures delivered at twelve industry conferences. Show less



Microsoft

• United States
• Software Development
• 700 & Above Employee

• Software Security Engineer (SWI)

  • Mar 2006 - Nov 2009

  Redmond, WA Responsibilities included original vulnerability research, mitigation design, debugging and analysis of externally submitted MSRC vulnerabilities, oversight of patch development, public speaking at premiere computer security conferences, and security tool development. Vulnerability research targets included: Windows Vista, Windows Server 2008, Windows 7, Windows Mobile 6.5, Windows Mobile 7, and Microsoft Office 2007. Mitigation work led to influence into the design of Windows Vista (ASLR) and… Show more Responsibilities included original vulnerability research, mitigation design, debugging and analysis of externally submitted MSRC vulnerabilities, oversight of patch development, public speaking at premiere computer security conferences, and security tool development. Vulnerability research targets included: Windows Vista, Windows Server 2008, Windows 7, Windows Mobile 6.5, Windows Mobile 7, and Microsoft Office 2007. Mitigation work led to influence into the design of Windows Vista (ASLR) and Windows Mobile 7 (ASLR, DEP, and Chambers MAC). Independent research included the areas of model based smart fuzzing, dataflow driven crash analysis, process visualization, and signal analysis. My work on signal analysis led to an invite to speak to the Senior Vice President of Windows, Jon DeVaan and Vice President of Trustworthy Computing, Scott Charney In addition, my visualization work led to an invite to speak at the Microsoft hosted Blue Hat security conference and the Massachusetts Institute of Technology. Mitigation work on Windows Vista was presented publicly at computer security conferences listed below. Show less



VERISIGN

• United States
• Technology, Information and Internet
• 700 & Above Employee

• Senior Security Engineer

  • Dec 2003 - Mar 2006

  Reston, VA I was one of the original founding team members of iDEFENSE Labs prior to the Verisign acquisition. Responsibilities included the management of the Vulnerability Contributor Program, original vulnerability research, debugging and disassembly tool development, public speaking at premiere computer security conferences, and direct interactions with global 500 corporations and government agencies to deliver analytical intelligence data. iDEFENSE offered unique opportunities working directly with US… Show more I was one of the original founding team members of iDEFENSE Labs prior to the Verisign acquisition. Responsibilities included the management of the Vulnerability Contributor Program, original vulnerability research, debugging and disassembly tool development, public speaking at premiere computer security conferences, and direct interactions with global 500 corporations and government agencies to deliver analytical intelligence data. iDEFENSE offered unique opportunities working directly with US and Japanese government to build models of progressive security intelligence research initiatives similar to the iDEFENSE Labs infrastructure. Independent research included the areas of software exploitation mitigations, advanced attack payloads, and vulnerability detection using run-time behavioral analysis and static binary analysis. Additional responsibilities included: exploit development, malware analysis, and management of the internal workflow application. Verisign acquired iDEFENSE in June 2005. New responsibilities included the addition of Nessus signature creation for all vulnerabilities in the VCP Program. Show less



EY

• United Kingdom
• IT Services and IT Consulting
• 700 & Above Employee

• Security Engineer

  • May 2002 - Dec 2003

  Kansas City, MO Responsibilities included research and delivery of vulnerability content to global 2000 enterprise companies, development of proof of concept code for public and private vulnerability information, development of software reverse-engineering and analysis tools, composition of white papers and presentations on current security concerns, management of the Research & Development network infrastructure, planning and performing annual internal vulnerability assessment, instructing other employees in… Show more Responsibilities included research and delivery of vulnerability content to global 2000 enterprise companies, development of proof of concept code for public and private vulnerability information, development of software reverse-engineering and analysis tools, composition of white papers and presentations on current security concerns, management of the Research & Development network infrastructure, planning and performing annual internal vulnerability assessment, instructing other employees in preparation for CISSP certification program and maintaining relationships with other security professionals to obtain new relevant security information. Computer Associates acquired eSecurityOnline from Ernst & Young in June 2003. As part of Computer Associates, the team became central to all eTrust research content coming from Computer Associates global research teams including anti-virus, intrusion detection, configuration management and vulnerability management data. Show less