Experienced application security engineer with an origin as a software developer.
Primarily focused on web-based application security with a special interest in TLS
and supply chain related subjects. Experienced in providing technical leadership in relation to
application security, as well as engaging with teams to improve the security of
systems and applications that they develop and maintain. Passionate to be a part of the community and
giving back to the community. Additionally, enjoy spending personal time performing
personal security-related research.
Responsible for leading the overall security of the software products and services provided to customers, primarily serving as an SME
for the organization.
Roles and responsibilities include:
Help build out organisation's application security function
Help implement appropriate tooling (such as SCA and DAST)
Research and review current vulnerabilities in 3rd party components used within the product
Respond to queries from customers regarding the security related aspects of the product
Work with Engineering teams to help review proposed solutions as well as resolve existing vulnerabilities within the product
Carry out appropriate security testing and reviews
Help formulate the organisation's vulnerability management programme
Direct line management
Featurespace
Principal Application Security Engineer
April 2022 - October 2023
Responsible for the overall security of the software products and services provided to customers, primarily serving as an SME
for the organization.
Roles and responsibilities include:
Help build out organisation's application security function
Help implement appropriate tooling (such as SCA and DAST)
Research and review current vulnerabilities in 3rd party components used within the product
Respond to queries from customers regarding the security related aspects of the product
Work with Engineering teams to help review proposed solutions as well as resolve existing vulnerabilities within the product
Carry out appropriate security testing and reviews
Help formulate the organisation's vulnerability management programme
Direct line management
Immersive Labs
Principal Application Security SME
May 2020 - March 2022
Responsible for leading and managing application security content product used by customers for training their
internal staff.
Roles and responsibilities include:
Develop and manage overall strategic direction for application security product
Work with customers to identify needs and desires, incorporating feedback into strategy
Public webinars and company blogs on application security related topics
Manage team responsible for developing application security content
Perform research on application security related topics
Serve as SME on application security topics for internal engineering team
Secureworks
Lead Software Security Engineer
August 2015 - May 2020
Technical team lead responsible for leading team to achieving overall security of organisation’s internally developed software and services.
Such goals included the following:
Architect systems from a security perspective
Provide security guidance and training to teams
Training sessions such as brown bags
Demonstrate findings to teams, illustrating how an attacker would leverage the finding
Training material such as wiki pages
Perform manual penetration tests on both internal as well as third party systems
Review and triage results from scans as well as outside penetration tests
Drive integration and selection of security tools within the department
Shape and formulate security related procedures as well as standards within the department
Software development of security services and libraries
Senior Software Security Engineer
January 2013 - August 2015
Worked within a team responsible for overall security within the company's engineering department.
Responsibilities included:
Providing guidance and advice relating to security to team members
Perform penetration tests as well as investigate identified security related issues and vulnerabilities
Formulate numerous security related procedures with the company's engineering department
Help develop and maintain security related libraries which are used by development teams
Software Development Engineer
March 2011 - January 2013
Developed new resources on new Java based REST API services. Moved onto development of client portal web application.
Responsibilities included:
Development of new resources on REST API service
Writing unit tests for new resources
Code review of peers’ work
Development of new features for client portal
Fixing bugs identified in the client portal
Yell Adworks
Systems Engineer
May 2010 - March 2011
Development on company’s new Java EE workflow management system.
Responsibilities included:
Working with the team to define requirements for new features
Development of new features
Writing unit tests (Junit) and integration tests (Selenium)
System support
Development on load custom test framework (written in Java, making use of JUnit and Selenium)
Forcelink Solutions
Senior Java Developer
August 2009 - May 2010
Sister company to Acumen Software. Continued with same responsibilities as previous role.
Acumen Software
Senior Java Developer
May 2008 - August 2009
Development on company’s newly developed, Java EE based, workforce management product Forcelink.
Responsibilities involved:
Development of new features of the product
Working with management to form set of requirements for the new features
System administration of product’s database (MySQL) and application server (Glassfish)
System administration of company servers
Accomplishments:
Helped to build out initial Java based mobile application
2Cana Solutions
Software Developer
January 2008 - April 2008
Developed and completed PL/SQL scripts for the clients Oracle database system. Completed
extensive modifications on XSLT style sheets to customise the statements which were posted to the
client's customers. Performed an initial investigation in the rewrite of the organisation’s Java based
application, which was used to schedule the execution of PL/SQL scripts.
Business Connexion
Software Developer
November 2006 - December 2007
Worked on customer’s C based point of sale system. Managed to turn around the customer’s project to
integrate card payment terminals within their point of sales system.
Other responsibilities involved:
Implementation of new features with the customer’s payment system
Working with customer’s business analysts to form set of requirements for new features, as well as enhancements to existing features
Help to guide and mentor new team members
Help QA team with their testing of software before release
Other accomplishments:
Tasked with the rollout of the new payment integration system across all the customer’s sites throughout South Africa as well as within Africa
Worked with 3rd party vendors to help investigate and trouble shoot issues
Investigated and presented business case to replace ageing point of sale system
Started initial discovery work on a mobile based Java application for a pin entry device
Started initial investigation into how the newly formed PCI DSS standards would affect the customer
Research
Findings and vulnerabilities identified by myself or collectively with others.