I am a remote employee, and have been telecommuting since January 2011. I rarely travel, and have no interest in changing that. I will never move. I have three small children, and do not work beyond ~40 hours a week. People seem to like me and find me useful, despite these things.
University of Manitoba
- Received a Bachelor of Science, Majoring in Computer Science.
- Graduated with distinction.
- Completed requirements for the Networks and Security Specialization.
- Completed requirements for the Computer Systems Specialization.
- Received the University Program Medal for the Highest Standing in the Science Major Degree Program.
- Currently working on a Master's of Science, in Computer Science. I've passed my thesis defense and am undergoing final edits.
Lead Threat Researcher
May 2017 – Present
- Write programs to scan the entire Internet for security issues.
- Strategically break things to prove that they're unsafe.
- Add new and bulletproof existing continuous integration.
- Occasionally shout "BIG DATA" while making jazz hands.
Online Business Systems Inc.
Senior Security Consultant, Technical Lead
March 2015 – May 2017
- Performed penetration tests and code audits of desktop, mobile, and Web applications.
- Acted as an advisor to clients with security-related questions.
- Assisted with writing statements of work and RFP responses.
- Maintained infrastructure to support testing activities.
Leviathan Security Group Inc.
March 2014 – February 2015
- Performed code audits and penetration tests.
- Developed training to help organizations meet their security goals.
Tenable Network Security Inc., Reverse Engineering Dept.
Senior Reverse Engineer, Technical Lead
August 2012 – February 2014
- Reviewed code from my team, prior to submission to Quality Assurance.
- Participated in interviews and assisted in hiring decisions.
- Wrote and maintained NASL protocol libraries, including ACAP, IPMI, JSON, NNTP, SSH, and SSL.
- Researched vulnerabilities, applications, and protocols and wrote detection/enumeration/vulnerability plugins.
- Gave presentations on the use of tools to improve our work.
- Wrote a static analysis framework to lower defect rate and maintain consistency across 60,000 plugins.
- Occasionally dove into the Nessus engine to add features my team needed.
Tenable Network Security Inc., Nessus Plugins Dept.
January 2011 – July 2012
- Wrote hundreds of Nessus plugins, all still in production.
- Overhauled the entire SSL subsystem.
- Added support to the SSH library for certificate-based login.
- Designed and implemented a new workflow to transition the department from email-based code review and patch submission to using Git and an issue tracker.
June 2009 – December 2010
- Wrote plugins for Asterisk that perform real-time Fourier analysis for checking phone lines against milliwatt test lines.
- Ported OpenSSH to QNX, creating an emulated 64-bit integer library to work around an old C89 compiler.
- Uncovered a local exploit that allows users to cause a kernel panic QNX 4.
- Wrote a render manager in Python to spread map tile generation across multiple servers.
- Researched and deployed USB smart cards for login to a Cisco ASAs, Apache websites, and servers running SSH.
- Convinced organization to start managing configuration and source code by storing it in a centralized, versioned repository.
May 2008 – August 2008 [Co-op Workterm #3]
- Updated a compiler and runtime for a proprietary scripting language|created circa 1985|to adhere to modern coding standards including using consistent code formatting, unit testing, and version control.
- Created several new constructs for the scripting language that offered an interface to speech recognition libraries for interactive voice response (automated telephone) applications.
- Ported the compiler and runtime to an embedded device built atop a PowerPC core.
- Wrote a unit testing framework that emulates the scripter's current environment — Asterisk's AGI interface — to ensure that language constructs operated as expected in a variety of situations.
- Designed and implemented PostgreSQL stored procedures to be used on a 60 GB geographic information database for provincial road condition reporting services.
Government of Manitoba, Information Protection Centre
August 2007 – January 2008 [Co-op Workterm #2]
Seccuris Inc., Labs Dept.
January 2007 – April 2007 [Co-op Workterm #1]
- Added scoping and regular expression support to BSMTrace, a new host-based intrusion detection system designed to minimize false positives.
- Benchmarked alternate memory models for high-speed packet capture in FreeBSD.
- Experimented with different synchronization methods for minimizing overhead in the FreeBSD kernel's audit framework.
- Developed a reporting system that created Atom feeds from intrusion detection sensors at multiple sites, aggregating them to provide reports on malicious and suspicious network traffic.
- Assisted in the design and programming of BSDSVC, a service manager for Unix systems.
Best Buy Canada, TechZONE Dept.
September 2003 – March 2004
- Spent two weeks training to give classes teaching customers how to operate consumer electronics.
- Learned the importance of metaphors, reframing discussions, rephrasing explanations, and talking in the student's own language.
- Taught several scheduled classes every week.
- Offered impromptu explanations and demonstrations as necessary to assist customers.
SSL Troubleshooting with Wireshark
- Was asked to design and teach full-day workshop with two weeks notice.
- Did a trial run at SkullSpace, and again at the conference.
- Covered the basics of asymmetric and symmetric cryptography, hashing, and signing. Detailed the structure, contents, and sequence of SSL packets.
Forth Introductory Talk
- Introduced stack-based languages using Forth as an example.
March 2012 – May 2012
- Taught students with varying experience how to program in C.
August 2011 – February 2012
- Taught students with no programming experience how to program in Lua.
Nmap NSE Introductory Talk
- Explained the basics of the Nmap Scripting Engine, and how to write Lua scripts for it.
December 2010 – Present
- Co-founded Winnipeg's first and only hackerspace with two friends.
- Went to various events around town and talked up the concept of a hackerspace.
- Served as a Director at the start, and temporarily in times of crisis.
- SkullSpace currently holds the title of Canada's largest hackerspace.
July 2012 – Present
- Co-founded the organization, our first conference took place November 2013.
- Managed the CFP and the ongoing registration of attendees.
- Over 160 people attended, it was a smash hit.
January 2015 – Present
- Co-founded the organization.
- Academic papers presented eight months of the year.
- Basic knowledge of: Assembly (M68K, MOS 6502, SPARC), FP, Haskell, Prolog
Open Source Contributions
- BSMtrace: Added PCRE support.
- Nmap: Wrote a handful of NSE scripts.
- DNSrecon: Rewrote the NSEC zone walker algorithm.
- XMLSEC: Added support for all the algorithms required by SCAP.
- Libnasl: Wrote a Ruby parser for the NASL programming language.
- Pedant: Wrote a static analysis framework in Ruby.
References available upon request.