Lifestyle

I am a remote employee, and have been telecommuting since January 2011. I rarely travel, and have no interest in changing that. I will never move. I have two small children, and do not work beyond ~40 hours a week. People seem to like me and find me useful, despite these things.

Education

University of Manitoba

  • Received a Bachelor of Science, Majoring in Computer Science.
    • Graduated with distinction.
    • Completed requirements for the Networks and Security Specialization.
    • Completed requirements for the Computer Systems Specialization.
    • Received the University Program Medal for the Highest Standing in the Science Major Degree Program.
  • Currently working on a Master's of Science, in Computer Science.

Work Experience

SecurityScorecard

Lead Threat Researcher

May 2017 – Present

  • Write programs to scan the entire Internet for security issues.
  • Add new and bulletproof existing continuous integration.
  • Occasionally shout "BIG DATA" while making jazz hands.

Online Business Systems Inc.

Senior Security Consultant, Technical Lead

March 2015 – May 2017

  • Performed penetration tests and code audits of desktop, mobile, and Web applications.
  • Acted as an advisor to clients with security-related questions.
  • Assisted with writing statements of work and RFP responses.
  • Maintained infrastructure to support testing activities.

Leviathan Security Group Inc.

Security Consultant

March 2014 – February 2015

  • Performed code audits and penetration tests.
  • Developed training to help organizations meet their security goals.

Tenable Network Security Inc., Reverse Engineering Dept.

Senior Reverse Engineer, Technical Lead

August 2012 – February 2014

  • Reviewed code from my team, prior to submission to Quality Assurance.
  • Participated in interviews and assisted in hiring decisions.
  • Wrote and maintained NASL protocol libraries, including ACAP, IPMI, JSON, NNTP, SSH, and SSL.
  • Researched vulnerabilities, applications, and protocols and wrote detection/enumeration/vulnerability plugins.
  • Gave presentations on the use of tools to improve our work.
  • Wrote a static analysis framework to lower defect rate and maintain consistency across 60,000 plugins.
  • Occasionally dove into the Nessus engine to add features my team needed.

Tenable Network Security Inc., Nessus Plugins Dept.

Research Engineer

January 2011 – July 2012

  • Wrote hundreds of Nessus plugins, all still in production.
  • Overhauled the entire SSL subsystem.
  • Added support to the SSH library for certificate-based login.
  • Designed and implemented a new workflow to transition the department from email-based code review and patch submission to using Git and an issue tracker.

Telenium Inc.

Programmer

June 2009 – December 2010

  • Wrote plugins for Asterisk that perform real-time Fourier analysis for checking phone lines against milliwatt test lines.
  • Ported OpenSSH to QNX, creating an emulated 64-bit integer library to work around an old C89 compiler.
  • Uncovered a local exploit that allows users to cause a kernel panic QNX 4.
  • Wrote a render manager in Python to spread map tile generation across multiple servers.
  • Rewrote an OCX program to be a single-page web application in JavaScript.
  • Researched and deployed USB smart cards for login to a Cisco ASAs, Apache websites, and servers running SSH.
  • Convinced organization to start managing configuration and source code by storing it in a centralized, versioned repository.

Telenium Inc.

Programmer

May 2008 – August 2008 [Co-op Workterm #3]

  • Updated a compiler and runtime for a proprietary scripting language|created circa 1985|to adhere to modern coding standards including using consistent code formatting, unit testing, and version control.
  • Created several new constructs for the scripting language that offered an interface to speech recognition libraries for interactive voice response (automated telephone) applications.
  • Ported the compiler and runtime to an embedded device built atop a PowerPC core.
  • Wrote a unit testing framework that emulates the scripter's current environment — Asterisk's AGI interface — to ensure that language constructs operated as expected in a variety of situations.
  • Designed and implemented PostgreSQL stored procedures to be used on a 60 GB geographic information database for provincial road condition reporting services.

Government of Manitoba, Information Protection Centre

Security Analyst

August 2007 – January 2008 [Co-op Workterm #2]

Seccuris Inc., Labs Dept.

Application Developer

January 2007 – April 2007 [Co-op Workterm #1]

  • Added scoping and regular expression support to BSMTrace, a new host-based intrusion detection system designed to minimize false positives.
  • Benchmarked alternate memory models for high-speed packet capture in FreeBSD.
  • Experimented with different synchronization methods for minimizing overhead in the FreeBSD kernel's audit framework.
  • Developed a reporting system that created Atom feeds from intrusion detection sensors at multiple sites, aggregating them to provide reports on malicious and suspicious network traffic.
  • Assisted in the design and programming of BSDSVC, a service manager for Unix systems.

Best Buy Canada, TechZONE Dept.

Customer Educator

September 2003 – March 2004

  • Spent two weeks training to give classes teaching customers how to operate consumer electronics.
  • Learned the importance of metaphors, reframing discussions, rephrasing explanations, and talking in the student's own language.
  • Taught several scheduled classes every week.
  • Offered impromptu explanations and demonstrations as necessary to assist customers.

Teaching Experience

SSL Troubleshooting with Wireshark

Sharkfest

June 2013

  • Was asked to design and teach full-day workshop with two weeks notice.
  • Did a trial run at SkullSpace, and again at the conference.
  • Covered the basics of asymmetric and symmetric cryptography, hashing, and signing. Detailed the structure, contents, and sequence of SSL packets.

Forth Introductory Talk

SkullSpace

May 2013

  • Introduced stack-based languages using Forth as an example.

C Course

SkullSpace

March 2012 – May 2012

  • Taught students with varying experience how to program in C.

Lua Course

SkullSpace

August 2011 – February 2012

  • Taught students with no programming experience how to program in Lua.

Nmap NSE Introductory Talk

Code Camp

February 2011

  • Explained the basics of the Nmap Scripting Engine, and how to write Lua scripts for it.

Organizations

SkullSpace

Co-founder

December 2010 – Present

  • Co-founded Winnipeg's first and only hackerspace with two friends.
  • Went to various events around town and talked up the concept of a hackerspace.
  • Served as a Director at the start, and temporarily in times of crisis.
  • SkullSpace currently holds the title of Canada's largest hackerspace.

BSides Winnipeg

Co-founder

July 2012 – Present

  • Co-founded the organization, our first conference took place November 2013.
  • Managed the CFP and the ongoing registration of attendees.
  • Over 160 people attended, it was a smash hit.

Papers We Love Winnipeg

Co-Founder

January 2015 – Present

  • Co-founded the organization.
  • Academic papers presented eight months of the year.

Programming Experience

Known Languages

  • Working knowledge of: Assembly (x86), C, C++, Forth, Java, JavaScript, Lisp, Lua, Perl, PHP, Python, Ruby, SQL, Unix Shell, VHDL
  • Basic knowledge of: Assembly (M68K, MOS 6502, SPARC), FP, Haskell, Prolog

Open Source Contributions

  • BSMtrace: Added PCRE support.
  • Nmap: Wrote a handful of NSE scripts.
  • DNSrecon: Rewrote the NSEC zone walker algorithm.
  • XMLSEC: Added support for all the algorithms required by SCAP.
  • Libnasl: Wrote a Ruby parser for the NASL programming language.
  • Pedant: Wrote a static analysis framework in Ruby.
References available upon request.