started my career as software engineer that first built commercial software and then migrated to the specialty of testing software for vulnerabilities.
I researched software security for the first vulnerability research think tank, L0pht Heavy Industries, from 1994-1999. I was one of the authors of L0phtCrack, the Windows password auditing program. I am the author of Netcat for Windows. I have published several major security vulnerabilities in Lotus Notes, Microsoft Windows and Cold Fusion.
I have performed dozens of security code audits, design reviews, and software penetration tests for major software vendors on products such as web servers, SQL servers, mail servers and DRM products.
I have led highly productive and innovative software development teams and have had product management roles.
My work has led me to testify on Capitol Hill twice on software security. I am a founder of the Organization for Internet Safety. I have been interviewed by several major newspapers, magazines, and TV news programs on the subject of computer security.
I am the author of "Software Security Testing" published by Addison-Wesley.
My goals are to automate the difficult task of finding vulnerabilities in software and to let customers assess the security of the software they purchase that can put them at risk.