I am currently employed at Praetorian as a senior security consultant.  My current focus is on research and tool development to support penetration testing and vulnerability research, as well as actively performing a variety of thorough penetration tests.  Current research thrusts are in software assurance and vulnerabilities in web and mobile applications and platforms.

Prior to Praetorian, I was employed as associate staff in the Information Systems Technology Group at MIT Lincoln Laboratory.  My focus while at MIT Lincoln Laboratories was on the research and development of technology and systems in support of national Cyber missions including computer network defense, attack, and exploitation. Focus areas included testing and evaluation of cyber system, cyber ranges, and system analysis.  I also worked in the code analysis group, in which I focused on the development of a prototype tool to automate the malware analysis process using information flow and virtual machine introspection.

Prior to Lincoln Laboratory, I worked at 21st Century Technologies and Applied Research Labs in Austin, TX, and PricewaterhouseCoopers in Dallas, TX.  My previous work has included graph-based network attack correlation, steganography, netflow traffic analysis, vulnerability and risk analysis, and identity management.  I was also an active member of The Honeynet Project from 2002-2008, in which I participated in the testing and development of various honeynet technologies, and was invited to give several talks on the usefulness of honeynets for strengthening network security as well as data collection for research.

I received a M.S. in Security informatics from Johns Hopkins in 2008, in which I focused on network and systems security as well as privacy and technical public policy.  I also received a B.S in Electrical Engineering in 2006 from The University of Texas in Austin, where I focused on information assurance and network communications.  While at the University of Texas, I was the head of the local information security group on campus, and the organizer of the local cyber capture the flag exercise.  As a result of this position, I was invited to a NFS funded workshop to determine the efficacy of a National Collegiate Cyber Defense Exercise, and subsequently assisted in the organization of the inaugural Collegiate Cyber Defense Competition, which now hosts over 50 Universities in 8 regional qualifiers and a finalist round in San Antonio.  While pursuing a BS in Computer Engineering at the University of Texas, I led a team of graduate students to design and implement a prototype of an automated polymorphic shellcode analyzer to extract the system calls and parameters of arbitrarily obfuscated Windows shellcode.

While I primarily focus on the full range of Computer Network Operations (CND/A/E), I have also maintained an academic and personal interest in policy and international relations.  Focus areas include technical law and policy, international cyber law, privacy, and international relations.  My current academic focus is blending these interests in the emerging field of Cyber Warfare policy and doctrine.