I'm co-founder of Casaba Security, one of the world's leading information and cybersecurity professional services firms formed in 2002. On the business side I work on recruiting, strategy, business development, sales and marketing. I enjoy building lasting relationships and working closely with my clients to build long-term, end-to-end information security programs, and delivering results to key stakeholders.
On the technical side I jump in the deep end with engineers and ops staff to design strategy and test security. I find security vulnerabilities through writing code, building repeatable test cases, and debugging. I've identified hundreds of critical vulnerabilities in popular Web software, including browsers, applications, and network and Internet infrastructure. I simulate breaches and exercise blue team capabilities. I work with compliance and policy on the full lifecycle and stack of security.
Developing tools to automate testing or other tasks makes work a little more fun and productive. I've created a few like Watcher, to perform Web application security testing and privacy analysis, and occassionally like to test Web browsers and other stuff.
I've spoken with the press in print and on TV, and have been a speaker at various industry conferences including Black Hat, CanSecWest, the Unicode Conference, and Microsoft BlueHat, and private events including Adobe and Google.
I have a blog where I dump technical rants like test cases, results, or other information.
Occassionally I'm honored to speak with the press about a current attack or security trend. A few recent articles and interviews:
2018 April - Tech Night Owl Radio
2018 April - Wired
2017 October - Forensic Magazine
2017 May - CSO Magazine
2017 April - Yahoo Finance
2017 February - Mass Transit Magazine
2015 December - KIRO Radio
2015 July - Q13 FOX
2015 June - Breitbart
2015 July - Q13 FOX
2013 August - Bloomberg TV [VIDEO]
2013 August - CNBC [VIDEO]
2013 July - FOX [VIDEO]
2013 May - TechNewsDaily [ARTICLE]
2011 June - FOX [VIDEO]