Joe is responsible for managing the professional services business at Security Innovation. He leverages his unique experience as a development lead, trainer, researcher, and test engineer to lead the security engineering team in their delivery of high-quality, impactful assessment and remediation solutions to the company’s customers. His ability to blend his technical skills with risk-based contextual analysis and unwavering customer commitment makes him an invaluable asset for each Security Innovation client.
Joe has spent most the majority of his professional career analyzing application behavior, understanding application threats and developing tools and methodologies that assist in the discovery and removal of application security problems. To keep his technical skills honed, Joe participates in SDLC process assessments and security engineering activities such as security design and code reviews, threat modeling, and application penetration testing.
Joe’s deep knowledge of application risk, coupled with his hands-on experience assessing a plethora of commercial software, makes him a trusted advisor for customers and is often a “go to” resource for specialized training and critical consulting services. He has worked on projects directly for Microsoft, Symantec, OWASP, HP, US Courts, and many others during his 8+ year tenure with the company.
Joe is an active member in the security and open-source communities, having contributed technology, training, utilities, expertise and methodologies. He manages the company’s engineering blog and has written several publications that focus on vulnerabilities at the source code level. Joe holds a B.S in Computer Science from Montana State University.
Areas of Expertise: • Microsoft Technologies - ASP.Net, Windows, Azure, C#, • Secure SDLC, Application Risk, Security testing methodologies, attacker techniques • Web Application Security: Web Services, Cloud, SaaS Software Development • TeamMentor - led the development efforts for the company’s secure development guidance system • YASAT – developed a static analysis tool that uses regular expression based rules on a code base to quickly find potential security vulnerabilities • WhatTheFuzz – developed an open-source, easy to use and run fuzzer for Web sites • Transform – developed an open-source, easy to use encoder/decoder • RegexMatcher – developed a simple Regular Expression Matcher and tester Training & Speaking • Security Innovation Customers Microsoft, Tyco, Harris, Liberty Mutual, HP, Amazon.com, Symantec, Credit Suisse, Adobe, ING, Sony, and T2 Systems • Industry Events OWASP USA, OWASP Europe, EMC World, Microsoft Professional Developers Conference (PDC), Compuware OJ.X, Nationwide Testing Symposium, ISSA, Software Security Summit, Secure World • Media CSO Magazine, SC Magazine, Dr. Dobbs, ComputerWorld, CIO Update, Software Test & Performance, DM Review, SearchSoftwareQuality.com