E-Mail: [Send email using form at bottom]  Phone:  [Send email to request phone number] 52-3805 Twitter Blog
LinkedIn
Keywords

OWASP, ESAPI, OWASP Podcast Series, Web Application Security, Java, J2EE,
Struts, Wicket, JSP, Castor, Hibernate, MySQL, Oracle, DB2, PostgreSQL, PHP,
Drupal, JDBC, Servlets, XPath, Tomcat, Design Patterns, OOAD, UML, AJAX,
JavaScript, JQuery, xHTML, CVS, SubVersion, Eclipse, Tomcat, WebSphere, Rational
Rose, Physics, Technical Educator, Search Engine Optimization, Investran,
InterAction
Education and Certifications
Siena College, Loudonville, NY. Major: Computer Science Minor: Philosophy
Bachelor of Science, May 1997 (3.8/3.2)

    * Building and Testing Secure Web Applications, Black Hat US 2007 Training
    * GSEC Certified Professional
    * ILOG JRules Training for Developers
    * SANS Secure Internet Presence - LAMP (Linux + Apache + MySQL + PHP)
    * Sun Certified Programmer for the Java Platform
    * Object Oriented Analysis and Design with UML course certification, The
Learning Tree
    * Enterprise JavaBeans (EJB), U.C. Berkeley Extension
    * Project Management Fundamentals Certification

Experience

Web Application Architect, Application Security Engineer, Application Security
Instructor
Aspect Security August 2007 - Present

        * Web Application Architect: Lead Architect/Developer of an ongoing
internal application security vulnerability management web application using
J2EE/Java 1.5, Struts 1.3, Hibernate 3, JQuery/Javascript, xHTML/CSS, MySQL. Also
developed a prototype XFORMS/Spring module for the Open Medical Record System
project (openmrs.org) via Sun Microsystems, Partners in Health and TED.
        * Q2 2008 "Extreme Developer Award"
        * Q4 2008 "Call to ARMS Award"
        * Application Security Instructor/Educator: Application security
instructor and editor for 1, 3 and 5 day classes including "Building and Testing
Secure Web Application", "Secure Coding for Java EE" and "Application Security
Management".
        * Application Security Consultant: Performed assessments of web
applications and software products using architectural review, code review and
penetration testing techniques. Experience identifying vulnerabilities associated
with Web applications as well as system and network software. Produced detailed
reports documenting vulnerabilities and specific mitigation recommendations.
Provided a variety of services assisting large organizations implement OWASP
ESAPI.
        * Very broad customer base

Java/J2EE Architect, VP Software Engineering, Extreme Troubleshooting
Codemagi Inc. May 2005 - February 2008

        * Data-driven web application development on Sun Microsystems intranet
and extranet sites for Executive Communications, Analyst Relations, and
photos.sun.com.
        * Data-driven web application development for Cigcorp
        * Emergency troubleshooting services, InterAction reporting and
Investran reporting via VBA for Excel for TelesoftVC.com.
        * Development Environment includes: Telecommuting, Solaris, Linux,
Oracle, PostgreSQL, JSP, JavaBeans, AJAX, XPath, MVC, Taglibs, LDAP, Apache,
Tomcat, HTML, CSS, Investran, VBA for Excel.

Director of Software Development, Director of Vendor Relations, Secure Software
Instructor
SANS Institute August 2004 - June 2005

        * Provide technical guidance and support to web team.
        * Review and participate in business analysis.
        * PHP/MySQL programming for Vendor Relations (portal.sans.org/vendor)
and Online Training departments (www.sans.org/online).
        * Lead for corporate sales team (sales are up 33% this year).
        * Instructor for LAMP track.
        * Stay Sharp Instructor for Security Essentials.
        * A multitude of other technical, sales and educational duties upon
request from upper management.
        * A frequent “go to” guy when something critical needs to get done.

    August 2004-May 2005: Director of Vendor Relations + Software Engineering
    March 2006-present: Java Security Auditing courseware author
    July 2006: GSEC Certification Question Database Audit in preperation for
ANSI Certification
Java/J2EE Architect, O/R Database Specialist, J2EE Courseware Author
Blue Slate Solutions July 2005 - December 2005 (ongoing collaboration)

        * Java Consulting Services. Webservices and Hibernate programming for
Citibank using JDK 1.4.2 + Websphere.
        * Designed and authored 5 day introduction to Java programming class for
Plug Power.

Technology Director, Systems and Network Manager, J2EE/Technology/Physics
Instructor
Kula High and Intermediate May 2002 - August 2004 (ongoing advisory
relationship)

        * 5th-12th Grade Technology Educator
        * Physics and Technology Instructor
        * Network and Systems Administrator
        * Head of Technology Department for Elementary, Intermediate and High
school.

Java/J2EE Architect Consultant
Fireman's Fund Insurance Company April 2001 - August 2001

        * Utilized VisualAge for Java, Websphere, Design Patterns, Rational
Rose, UML, MQ, DB2, MS SourceSafe, LDAP, Policy Director, HTML and Javascript.
        * Audited and documented current automotive insurance web-based quoting
system.
        * Researched, debugged and fixed multiple multi-threading issues with
current application.
        * Documented best practices, code optimization techniques, good
webcentric programming techniques and general OO design.
        * Designed and implemented new security and user profile methodology
using LDAP and Policy Director.

Senior Java/Web Consultant
RateXchange.com October 2000 - March 2001

        * Designed and implemented a neutral trading system for standard
wholesale bandwidth capacity.
        * Utilized CVS, JDK 1.3, RMI, JDBC, XML, multithreaded server
programming, Swing, and the Java plugin 1.3.
        * Designed/Implemented asynchronous message server.
        * Created several database-driven (Oracle 8i) GUI applications with JDK
1.3/Swing.
        * Developed centralized RMI cache server for JSP Administration and GUI
Trading applications.
        * Developed object protocol and relational design for Counter party
credit financing.

Senior Java/Web Consultant
Gazoontite January - September 2000

        * Designed and implemented web-based content management/workflow system.
Utilized MS SourceSafe, JDK 1.2.2, JCE 1.2, JSP, XML, XSL, JDBC, Bluestone Server
Technology, HTML and Javascript.
        * Served as principal engineer for a 35 member web team.
        * Created multiple database-driven JSP/HTML/JavaScript applications.
        * Worked extensively with Oracle 8i SQL.
        * Created real-time web-based content editorial and scheduling tools.
        * Created multiple content synchronization applications integrating
Screaming Media and Pollen.com.
        * Designed and implemented newsletter editorial tools and newsletter
sending automation.
        * Created code standards, best practices, code optimization standards
and general enterprise-wide object-oriented design.

Lead Java/Web Consultant, IT & Content Department
WebMD April - December 1999

        * Member of the core web team for the WebMD/Healtheon merger. Utilized
CVS, Java Servlets, Java 1.1.x, 1.2.x, Jclark/XML, HTTP, FTP, automated content
parsing and categorization, JDBC, DB2 SQL, HTML, Javascript.
        * Worked directly with principal engineer implementing core content
distribution architecture of WebMD.com and all cobranded sites.
        * Created multiple high availability database-driven web applications
using a proprietary XML-based template language.
        * Gathered requirements from content/engineering departments of 4
merging companies.
        * Created database abstraction layer using DB2 SQL, an object-relational
schema, and XML.
        * Created multiple content synchronization applications integrating
Medcast News, Reuters, DMK Medical Content and several medical archives.

Java GUI Consultant
EchoStar and DMW Group Worldwide November 1998 - April 1999

        * Designed and developed a large (1280×1024) Java GUI using JDK 1.1.7B,
StarTeam and Rational Rose.
        * Worked directly with EchoStar senior executives designing customer
service products, purchasing and promotion GUIs.
        * Ensured that all engineering included abstraction of EchoStar-specific
logic for further productization.
        * Created multiple core GUI architecture components including tables and
trees.
        * Migrated legacy architecture from AWT to Swing 1.1.
        * Worked extensively with Oracle 7 SQL.
        * Utilized UML/Rational Rose to document class design and processes.
        * Authored multiple technical design documents.
        * Productization lifecycle.

Java/CGI/Web Consultant
GE Power Systems, 6 Sigma Executive Quality Team May 1997 - November 1998

        * Developed multiple GUI Java applets using JDK 1.0.2 and MS SourceSafe
for use in Netscape 3.0x.
        * Gathered requirements directly with GE Power Systems senior sales team
during design process.
        * Utilized 3rd-party GUI widgets from RogueWave, ObjectiveBlend and
ProtoView.
        * Developed and implemented client to middle-tier database access
methodology using C++/NT Service development and C++/Oracle OCI API.
        * Developed lightweight architecture components for AWT GUI
programming.
        * Created client socket-based database access Java classes.
        * Developed CGI Database reports in C++ using OCI access, HTML and
JavaScript.
        * Heavily utilized Oracle 7 SQL.
        * Re-engineered several Applets in JDK 1.1.4 for use in Internet
Explorer 4.x and Netscape 4.x.
        * Continually trained new programmers and analysts in project
architecture and code standards.
        * August/98  Recognition/Achievement award.
        * December/97  Customer Service Award.
        * August/97  Achievement award for server development.

Programmer/Analyst Consultant
GE Power Systems February - May 1997

        * Interdepartmental contractor for international Power Systems division
of General Electric.
        * Implemented multiple product inventory applications using Cold Fusion,
HTML, JavaScript and MS Access.

Career Highlights

        * OWASP Podcast Series, 2008-present Creator, Host and Producer
        * OWASP ESAPI, 2008 Featured Speaker and Web Application Security
Instructor, Shakacon II, 2008
        * SUN Microsystem Innovation Webcast, 2007 Guest participant.
        * "Wireless Security Leadership Essentials", 2005 Keynote Address, ISSA
Hawaii Chapter's Annual Discover Security Conference.
        * Kauai Computer Connection Talk Show Host, 2004 - Present KKCR
Community Radio KKCR.org
        * "Future of the World-Wide Web: A Next-Generation Web Search Engine,"
1997 Fourth Annual Hudson River Undergraduate Mathematic Conference Presentation
        * "Introductory Artificial Intelligence with PROLOG" 1996 Third Annual
Hudson River Undergraduate Mathematic Conference Presentation