Over the last 20 years, I’ve worked for leading finance and consulting firms in the US and Japan as a Platform & Security Engineer.

In doing this, I’ve learned that while possible to fulfill software development, infrastructure engineering, and security roles independently, it’s much more effective to take a holistic approach in what I call “Security-Driven Software Development."

I believe that combining engineering skills with IT risk management, meaningful audits, and programs like bug bounty programs, and you’re well-positioned to deliver critical services with a high level of stability and confidence over time.

I now work providing consulting services for SimplyCubed and specialize in delivering secure and highly performant microservices written in Golang running on Google Cloud Platform (GCP), Google Kubernetes Engine (GKE), and Azure Kubernetes Service (AKS).

My Process

Security-Driven Software Development

Research

Collaborate with stakeholders to understand both the business and engineering motivations and context behind each project.

Discovery

Start with a broad problem statement and refine the project requirements using use cases and an iterative approach to gather stakeholder feedback.

Design

Create a high-level architectural design covering known critical components. This phase often includes threat modeling, data classification, data privacy, and confirmation of SLA's and SLO's.

Development

Prototype the solution focusing first on high-risk areas to identify potential problem areas early in development. From there, I build only the core functionality for an end-to-end working system with unit and security tests.

Iteration

From there, I continue to build the remaining features to satisfy the project requirements. During this phase, I continue to add automated security and load tests and work on refactoring any areas that are not scalable.

Repeat

While active development does have a "Done" status, it's generally far from the end of the application and data lifecycle. To help with the transition to maintenance and support, I ensure that documentation and any handoff is complete before moving on to next actions.

Case Studies

Brief sample of my recent work

Vulnscan CLI

Security Tools

Vulnscan is an open-source static source code, binary, and dependency analyzer designed for Software Engineers to deliver highly secure iOS and macOS applications.

Read Me