User:Tgbenson

From OWASP
Jump to: navigation, search

Todd began his journey with computers at the ripe old age of 12, when his parents brought home a Texas Instruments 99/4a. Without a paying job to buy video games, he resorted to learning BASIC to program the games he wanted to play. His father, looking to take advantage of child labor, asked Todd if he could write a program to track profits and losses for his store. Of course he could.

Within a year or two, Todd abandoned his computer and focused on more social and educational pursuits. There was the occasional college class, or helping his girlfriend write Turbo C programs. However, his computer journey resumed upon the purchase of an IBM compatible computer. There he learned of the wonderful world of online bulletin board services. He continued writing DBASE4 programs for tracking softball stats and for his internship at a food distribution company.

After graduating college, he found a job working for an insurance company doing mainframe work. He began by doing tape backups, printing and collating. He quickly volunteered for a small project taking the activity club members from the HR database, located on a stand-alone PC, exporting the data to the mainframe and printing membership cards. When his boss asked, "How are you going to write it, in SAS?" he responded "of course." without knowing what SAS was. It was a programming language. After writing the program for the activities cards, he spent his ample free time learning all he could about mainframe operations and quickly progressed his career.

Looking to the future, which he predicted was not in mainframes operations, but rather PCs, databases, and networking, he attended classes to obtain the coveted Certified Netware Administrator certification. Armed with the new-found certification and taking advantage of the sudden demand for IT professionals in the mid 90's, he found a job doing support for a local pool company. His job at the pool company was helpdesk/PC support/network administrator/WAN manager. During this time, he was a key member of the team which expanded the company network to 11 stores, including opening new locations in Las Vegas.

After the expansion of the network, he found a job working as a contractor for the US Courts, in the test center in Phoenix. This was another helpdesk/PC support/network administrator/systems admin job. While there, he also began programming web pages in PERL. This first started as writing a home page which included the display of employee and contractor birthdays, meeting schedule, time out of office schedule, etc. as an organization portal. Additionally, he wrote the very first defect tracking system used by the test center, which until that time was using WordPerfect templates to gather defect data, printing off the information, and FedEx-ing the paper to DC for developers to review, adding "developer" to his already lengthy set of responsibilities.

After 12 years as a contractor, he became a full-time government employee. When the existing Test Manager of the security team retired, he was asked if he would like to take the position. He did. After a year of being the Test Manager, the Information Technology Security Office absorbed the security test team from the testing branch. He remained in Phoenix for another 3 years as a lead on the team, performing a number of security assessments against hosts, web applications, web services, and mobile applications. He presented to the security team and to US Courts developers on a number of projects and was often the first to identify and report a number of vulnerabilities, including cross-site request forgery, clickjacking, XML entity expansion attacks, etc.

After 4 years on the security team, Todd found another job, once again as a contractor and once again in the insurance industry. There Todd has worked with the security team to build a security program, introducing security early in the SDLC, responsible for threat modeling, advising the developers of security issues during design and development phases, conducting security assessments against the web application, APIs and mobile applications, and reporting identified vulnerabilities to relevant stakeholders.

Todd is a Phoenix native and lives and plays in the greater Phoenix area. He enjoys traveling every chance he gets.