To download this file as PDF, click here
Principle Consultant/Owner – Jardine Software Inc. 1/2004 – Present
- Provide developer related security advice to clients.
- Provide security training for clients.
- Perform research into .net security.
- Perform penetration testing and vulnerability assessments for clients.
- Perform application security program assessments for clients.
Principal Security Consultant – Secure Ideas LLC. 5/2012 – 8/2015
- Participate in Web, Network, Mobile and Physical penetration tests.
- Perform Social Engineering assessments and Security Architecture Reviews for clients.
- Lead a group of security consultants on a daily basis.
- Provide training and presentations to the community and clients on security related topics.
Instructor – SANS Institute 7/2011 – 1/2014
- Teach in-person and online courses – DEV544: Secure Coding in .Net.
- Authored portions of the DEV544: Secure Coding in .Net course.
Information Security Engineer IV – Wells Fargo Inc. 4/2011 – 5/2012
- Perform secure code reviews for .Net applications.
- Used Fortify to assist in performing code reviews. Also created custom Fortify rules.
- Rated findings for overall risk based on company defined standards.
- Create custom code review reports for the application owners.
- Researched .Net security related topics.
Application Security Engineer – Lender Processing Services 5/2009 – 4/2011
- Performed manual Secure Code Reviews .Net applications.
- Perform vulnerability assessments/penetration tests as required for winform and web applications using common testing tools (Reflector, Burp Suite, ILDASM, Web Scarab, and Fiddler)
- Train developers and QA on Secure Coding techniques
- Perform root cause analysis on vulnerabilities for large number of applications.
- Worked with White Hat Security and Veracode to test selected applications.
- Acted as Development Manager, overseeing 12 developers, for 9 months before transition to the Information Security Office.
Software Developer II – Modis 2/2009 – 5/2009
- This was a contract position for Lender Processing Services as a Developer for a high transaction web application.
Senior Software Engineer / Architect – GeoAge Inc. 4/2004 – 1/2008
- Designed and Led the development for the premiere product (FAST) for the company.
- Created WinForm and Web applications using .Net and SQL
- Mentored developers on secure development techniques.
Senior Software Engineer – Ajilon Consulting 6/2005 – 10/2005
- Converted FoxPro logistics application to a .Net winform application using VB.Net and Infragistics controls.
Software Engineer – Allstate 9/2003 – 4/2004
- Analyze, design, develop, test and support of new applications using C#, ASP.Net, VB6 and SQL.
- Support and upgrade of client/server applications using VB6, SQL 2000 and Life 70 Mainframe.
DevelopSec is a focused on maturing security in the software development lifecycle (SDLC) and engaging everyone involved in developing applications in learning about security.
Down the Security Rabbithole Podcast
Down the Security Rabbithole is a podcast dedicated to enterprise security created by Rafal Los (wh1t3rabbit). The weekly production consists of alternating weeks of weekly news and interviews with professionals in the industry.
CSSLP, GSSP – .Net, MCSD, MCAD
A.A. General Studies – University of North Florida 2003 – 2009
I completed the general studies required by all college students. I choose electives relating to Information Technology (Intro to C, Intro to OOP, COBOL).
A.S. Electronic Engineering Technology – ITT Technical Institute 1997 – 1999
I studied electronics with a great amount of hands on lab experience working with circuit boards. I was a member of the National Technical Vocational honor Society and graduated class Valedictorian.