
It was a windy New England fall in 1999 when my information security career began at a Boston-based start-up called “@stake, inc”. I was chosen to be their marketing ambassador in the Northwestern United States.
It felt like serendipity. This new and unique offering to the tech world perfectly suited my skillset and passion to uncover and promote commercial innovation in the tech sector.
I couldn’t have known at the time exactly how far the firm would propel my efforts as an accidental pioneer in the field. Working with their sizable MIT hacker collective, “L0pht”, exposed me to the world of preeminent computer security subject matter experts. While we toiled a quiet organic shift was occurring and @stake, inc. was becoming the first information security consultancy of its kind.
Never would I have imagined that I would become part of the developing sector about to propel forward at the blistering speed of internet technology. Tech was evolving and advancing far too fast for security within the industry and marketplace to keep up.
As a response to this growing problem, Microsoft launched its Trustworthy Computing Initiative in 2002. It was through this initiative that the importance of internet security was thrust into the spotlight. Security and trust became high priorities for companies large and small.
I found myself discussing complex security challenges in the offices of multi-million dollar skyscrapers, and on the campuses of leading high-tech companies including Microsoft. I was part of an elite class of security experts, most of whom later became industry-wide figureheads and luminaries in their specializations.
And while I was aware of the work I had put in, I still looked around wondering “How did I get here?”. It felt like my world changed in the blink of an eye - but in a way both stimulating, exciting, and filled with new possibilities.
This work shaped me. I dove into the software security aspect of InfoSec head first. Always searching for the next innovation in the field I could evangelize. A pursuit aided considerably by two of the industry's greatest innovators in software security assessment automation, Chris Wysopal and Dan Kuykendall.
As co-founder and CTO at Veracode, Chris successfully brought first-of-its-kind cloud-based application security testing to market. Dan, whose experience began with FoundScan, went on to form NT OBJECTives, Inc, and create the prolific DAST scanner, NTOSpider, to be later acquired by Rapid7 and renamed AppSpider and InsightAppSec.
They would become the source of my passion for automated application security testing and would lead me to assemble the group of talented & knowledgeable industry experts that comprises True Positives, LLC.
For AppSec testing made easy, fast, and more affordable.