I am an application security engineer who spends his time penetration testing and designing solutions to make security easier for engineers. I've led the application security program for 1,000+ developers inside a Fortune 5 subsidiary (we handled 90% of that Fortune 5's customer traffic). I care about strengthening application security controls while reducing the friction of those controls on engineering teams.
This blog is a place to capture my thoughts and share tips and tricks for a technical audience (although often no security background is expected). This means the posts will usually be on cyber security-related topics or software engineering. I also leverage the articles as a vehicle to dive deeply into some topics I'd like to know more about. Can't write about it unless you understand it! I may make mistakes from time to time - if you catch something, I'd appreciate constructive feedback.
I have no current plan on a regular cadence for posts; as I come across topics that interest me, I will dive into them and write up what I learn. I reserve the right to re-write articles multiple times as my understanding of a topic grows and I realize how badly I've misinformed you.