Experienced application security engineer with an origin as a software developer.
Primarily focused on web-based application security with a special interest in TLS
and supply chain related subjects. Experienced in providing technical leadership in relation to
application security, as well as engaging with teams to improve the security of
systems and applications that they develop and maintain. Passionate to be a part of the community and
giving back to the community. Additionally, enjoy spending personal time performing
personal security-related research.
Responsible for leading and managing application security content product used by customers for training their
internal staff.
Roles and responsibilities include:
Develop and manage overall strategic direction for application security product
Work with customers to identify needs and desires, incorporating feedback into strategy
Public webinars and company blogs on application security related topics
Manage team responsible for developing application security content
Perform research on application security related topics
Serve as SME on application security topics for internal engineering team
Secureworks
Lead Software Security Engineer
August 2015 - May 2020
Technical team lead responsible for leading team to achieving primary objectives.
Such goals included the following:
Architect systems from a security perspective
Provide security guidance and training to teams
Training sessions such as brown bags
Demonstrate findings to teams, illustrating how an attacker would leverage the finding
Training material such as wiki pages
Perform manual penetration tests on both internal as well as third party systems
Review and triage results from scans as well as outside penetration tests
Drive integration and selection of security tools within the department
Shape and formulate security related procedures as well as standards within the department
Software development of security services and libraries
Senior Software Security Engineer
January 2013 - August 2015
Worked within a team responsible for overall security within the company's engineering department.
Responsibilities included:
Providing guidance and advice relating to security to team members
Perform penetration tests as well as investigate identified security related issues and vulnerabilities
Formulate numerous security related procedures with the company's engineering department
Help develop and maintain security related libraries which are used by development teams
Software Development Engineer
March 2011 - January 2013
Developed new resources on new Java based REST API services. Moved onto development of client portal web application.
Responsibilities included:
Development of new resources on REST API service
Writing unit tests for new resources
Code review of peers’ work
Development of new features for client portal
Fixing bugs identified in the client portal
Yell Adworks
Systems Engineer
May 2010 - March 2011
Development on company’s new Java EE workflow management system.
Responsibilities included:
Working with the team to define requirements for new features
Development of new features
Writing unit tests (Junit) and integration tests (Selenium)
System support
Development on load custom test framework (written in Java, making use of JUnit and Selenium)
Forcelink Solutions
Senior Java Developer
August 2009 - May 2010
Sister company to Acumen Software. Continued with same responsibilities as previous role.
Acumen Software
Senior Java Developer
May 2008 - August 2009
Development on company’s newly developed, Java EE based, workforce management product Forcelink.
Responsibilities involved:
Development of new features of the product
Working with management to form set of requirements for the new features
System administration of product’s database (MySQL) and application server (Glassfish)
System administration of company servers
Accomplishments:
Helped to build out initial Java based mobile application
2Cana Solutions
Software Developer
January 2008 - April 2008
Developed and completed PL/SQL scripts for the clients Oracle database system. Completed
extensive modifications on XSLT style sheets to customise the statements which were posted to the
client's customers. Performed an initial investigation in the rewrite of the organisation’s Java based
application, which was used to schedule the execution of PL/SQL scripts.
Business Connexion
Software Developer
November 2006 - December 2007
Worked on customer’s C based point of sale system. Managed to turn around the customer’s project to
integrate card payment terminals within their point of sales system.
Other responsibilities involved:
Implementation of new features with the customer’s payment system
Working with customer’s business analysts to form set of requirements for new features, as well as enhancements to existing features
Help to guide and mentor new team members
Help QA team with their testing of software before release
Other accomplishments:
Tasked with the rollout of the new payment integration system across all the customer’s sites throughout South Africa as well as within Africa
Worked with 3rd party vendors to help investigate and trouble shoot issues
Investigated and presented business case to replace ageing point of sale system
Started initial discovery work on a mobile based Java application for a pin entry device
Started initial investigation into how the newly formed PCI DSS standards would affect the customer
Research
Findings and vulnerabilities identified by myself or collectively with others.
I am one of the founding members of The Beer Farmers. A group of friends with a passipon for sharing and helping
others within the community. So of the achievments of the group include:
The formation of InfoSec Happy Hour, a weekly social call started at the beginning of the COVID pandemic. The aim of
effort was to allow people to gather together vitrually during difficult times. The outcome of was new friendships
and even individuals getting their first roles.
The group has also successfuly run the following conferences and events:
Beer Con 1 - an event that run over 24 hours and help to raise a significant amount for charitable causes.
Beer Con 2 - a conference solely for rookies and new speakers. The success of this led to some of the speakers
going to to speak at other events.
Beer Con 3 - the 3rd conference involving a mixture of rookie and seasoned speakers.
Contact
You can contact myself using my personal email adress: [email protected]
Alternatively you will be able to find and contact me on social media.