I am currently the founder of troupeit.com, a stage/conference management SaaS site. Prior to building that service, I was employee #13 or so at Twitter, working in operations and security. These days I do a bit of information security consulting and I'd love to meet you if you work in infosec. I am also on the board of the Open Technology Fund, which utilizes available funds to support Internet Freedom projects that empower world citizens to have access to modern communication channels that are free of restrictions, in order to allow them to communicate.
I have extensive experience building security teams, managing incident response, and coordinating efforts defending against various security threats. I also have solid experience in web operations and scalabilty, and have been a strong defender of Internet Freedom and user privacy for many years through my work and independent research. I am confident that I will be an asset to you in your company’s future security work.
Building a strong and dedicated team with a focus on the user has helped me develop a successful career and as a strong public speaker, I have been able to promote security both inside (as an educator at Twitter) and outside the organizations I have worked with.
I also enjoy working on hardware, audio, and video things. If you need event production help, I'm here for you.
Director, Server Operations• January 2018 - present
Strings is Social Media 2.0, a communications service that places privacy and securtiy first.
At Strings I am reponsible for architeching and securing a high capacity message infrastructure, using WebSockets, Apache Kafka, Golang, and Linux. The team is migrating a Rails API to to Golang and Scala, and we will launch later this year.
I'm also spending a fair amount of time in Ansible, Terraform, Datadog, and other DevOps tools to bring this product to life.
Head of Information Security• March 2015 – March 2017 (2 years 1 month)
Founding member of the Bolt Infosec Team.
I worked on security issues related to crypto currencies and the payments industry, user privacy, and compliance (PCI, ISO27001/27002, SAS70). I handled frequent audits of their Amazon Web Services configuration for compliance and security. Advised software engineers on proper security methodologies and built security into Bolt's software development lifecycle.
I also worked on software engineering and security audit work in Go, Ruby, node.js, React.js, and Python. I deployed the firstidentity mangement for the company system using OpenLDAP and FreeIDM. All of this was deployed using configuration management in Ansible and Terraform on AWS.
Security Team Lead• 2010 – 2012 (3 years)
As team lead for Twitter's first security team, I worked on SSL performance at scale, cryptography, XSS/CSRF defense, malware defense, penetration analysis, security reviews, and code reviews in Ruby/Rails, Java, Scala, PHP, Python, and C.
Our fledgling infosec team set security policy for the entire company, handling security at scale.
I also educated our developers and engineers on security issues and presented at various industry conferences such as RSA, O'Reilly Velocity, Web 2.0 Expo, Defcon, and CloudComputing.
I lead a team of 14 people, and every day we worked to defend the user's voice.
Operations Engineer• 2007 – March 2010 (3 years)
As an early member (employee 13) of Twitter's Operations team, I took a site with less than 200,000 users and poor uptime to full stability and over 100M users through careful application of configuration management tools (Puppet, custom python scripts), metrics, and capacity planning.
I later founded the first security team at Twitter with Bob Lord, who went on to become the CSO of Yahoo!
Applicable technologies: Linux, Ruby on Rails, Puppet, Java, Scala, Python, DNS, SSL, etc.
From the early days of the web in the 1990's to today, I have grown my career with the Internet. I worked on some of the earliest web sites back then, and continue to work on the Internet daily.
Among the things I enjoy are DevOps, Configuration Management (chef, puppet, ansible, etc.), TLS, Operations, Scaling, Security, Privacy, Penetration Testing, Automation, Python, Ruby/Rails, Messaging, Network Engineering, Linux, Linux Performance
I've also done full-stack development in React.js, Node, Go, Ruby on Rails, and many other frameworks. If you want to see source code, just ask.
The DEFCON 25 badge I worked consisted of solving serious hardware development and manufacturing issues in KiCad, Embedded C, ChiBios, ARM assembly, and others. I've leveraged that work to do IoT security testing, which has worked well for companies like eero where I designed a seamless PKI cryptosytem that even consumers could utilize with zero effort.
Privacy, Security, Internet Freedom issues, Film and video production, audio/video editing, Vintage Synths, Cooking, Concert Photography, Electronics, Music Production/Engineering.
A simple (but very popular) application to add a UTC based clock to the menu bar.objective-c, OSX, software
Seamless stage management for everyone.React, Go, Full-stack, Web Development
A wearable hardware badge, featuring blinky lights, sound, a sub-1Ghz radio, games, and more. Based on the NXP/Freescale KW01.Hardware, software, manufacturing, design
Amateur historians give talks on a variety of science, history, art, and nature topics. I filmed and edited these, producing over 80 professional recordings. The system I developed for this purpose can be used for any mixed-media conference.Video software, Audio, AV, Editing
Proin gravida nibh vel velit auctor aliquet. Aenean sollicitudin, lorem quis bibendum auctor, nisi elit consequat ipsum, nec sagittis sem nibh id elit.Branding, Webdesign
Proin gravida nibh vel velit auctor aliquet. Aenean sollicitudin, lorem quis bibendum auctor, nisi elit consequat ipsum, nec sagittis sem nibh id elit.Photography
Proin gravida nibh vel velit auctor aliquet. Aenean sollicitudin, lorem quis bibendum auctor, nisi elit consequat ipsum, nec sagittis sem nibh id elit.Branding, Illustration