- Seasoned Software Engineer & Architect
- adam@vexingworkshop.com
- @ Github @ Gitea
With over 20 years of experience developing applications for the web, I have had the opportunity to work across a large number of problem domains in numerous languages, platforms and frameworks. I focus on building stable and secure systems while growing and cultivating the teams required to maintain them.
Application security is a field still in its infancy, and as such requires patient balance between the realities of the present and the needs of the future. I work to anticipate project and product needs and translate them into software that serves those needs today while being flexible enough to adapt to the needs of tomorrow.
As a Director and Development Manager I have lead and grown large, cross-functional teams of engineers and developers across multiple domains. I found success leading teams to greater efficiency while rapidly growing the depth and breadth of skills across each team. I reduced turnover on my teams by focusing on team identity and encouraging every team member to participate and to own our shared narrative.
Whether as a manager or as a senior contributor, I make teams better.
Certified Information Systems Security Professional (CISSP)
October 2021 - Present
- Mentor and guide development teams and team leads
- Provide guidance to development and product around security concerns
- Contribute to open source projects and participate in communities, notably Sigstore
- Participate in broader architecture review and discussion
I joined VMware to get closer to the open source application security community, specifically in the software supply chain space. At VMware Tanzu I am staff engineer for the Artifact Integrity team, providing tools to validate cryptographic signatures and signed attestations at deploy time. Our primary output is primarily Kubernetes admission controllers, including donating our custom policy definition custom resource to the Sigstore project.
As a staff engineer I work across teams, working closely with product and development to clarify vision, and to ensure we are building the critical security tools our customers require - well before our customers have asked for them. This means building provenance and trust into each component of Tanzu's supply chain offerings, often with a long view towards tools and techniques that may not yet have been invented.
Technology Stack: Kubernetes, Cartographer, Tekton, Docker, Carvel Tools, Golang, Knative, Controller Runtime, sigstore
June 2020 - October 2021
- Mentor and guide development teams and team leads
- Introduced Istio to aid in migration from EC2 to Kubernetes
- Design and construction of CI/CD pipeline in Tekton
- Leverage Tekton to create full preview environments automatically for every PR
- Introduction of secrets management using SOPS
As an engineering leader, I hold a place on every development team at Fulcrum. It is my primary function to work with the teams to improve productivity and reduce errors through development of automation and tools. I work with engineering to select technology and to design systems as our product offering grows.
As a security champion, I have worked with the engineering teams to improve our overall security posture by chairing the Security Guild. The Security Guild performs such services as hosting regular discussion on application security and the OWASP Top Ten, hosting CTFs and hackathons for skills development, and periodic book clubs.
Technology Stack: Kubernetes, Istio, Tekton, SOPS, Artifactory, Helm, Docker
January 2020 - June 2020
- Offensive testing of web and mobile applications.
- White, Grey and Black box testing
- Secure code review
- Research & tool development
As a penetration tester it is my responsibilty to not only discover flaws in a web application, but to guide my clients to understand and remediate those flaws that they may be avoided in the future. My experience as a software engineer allows me to anticipate the decisions that lead to a particular system's design and to efficiently root out vulnerabilities.
Tools Used: Python, Burp Suite, ASVS, CVSS
April 2018 - January 2020
- Evaluate and introduce new development tools and techniques
- Participate in design discussions and code reviews
- Collaborate with Product and Engineering teams on strategic initiatives
- Provide ambient support to developers and teams on the ground
- Actively advocate for security within the engineering team
As a software architect at PGi, it is my responsibility to be a part of every engineering team. Rather than dictate system design from an ivory tower, my approach has been to work directly with teams, embedding when possible, to arrive at the best implementation possible using the capabilities, time and expertise at hand.
Technology stack: Kubernetes, Kubeless, NGINX, Kazoo VoIP platform, API Gateways
October 2017 - April 2018
- Key contributor and architect to PGi's UCaaS desktop development effort
- Developed PGi flagship personal web conferencing application in Electron and Angular
- Frequent contributor to product efforts
- Founded and co-chaired the ReadyTalk Security Guild
- Recipient September 2018 Mediallion Programme award
Working directly with the Chief Architect and key partners, spearheaded the development and integration of the Globalmeet Unified Communications (UC) product. Guided development of the product across multiple teams and timezones under very aggressive timelines.
Technology stack: Angular5+, Node.js, Typescript, Electron, Kanban
January 2017 - October 2017
- Lead and mentored a cross-functional team of developers, testers and product managers to plan, develop and deploy the ThinkTank flagship application.
- Worked with CFO and Product Management to establish, review and ratify the total of ThinkTank's security policies.
- Negotiated and consolidated security software contracts, resulting in ~25k annual software and contractor savings.
- Assisted the CFO in preparing ThinkTank for SOC2 Readiness Assessment.
Technology stack: Angular2/4, Node.js, Docker, Amazon AWS (ECS, S3, Inspector), Typescript, Veracode, AlertLogic, Bash, Python
August 2015 - December 2016
- Contributed to the development of the HP Helion Eucalyptus Cloud Management Console.
- Advocated for stronger web design patterns by demonstrating effective use of AngularJS directives, services, and by introducing more solid REST principles.
- Provided feedback to documentation team to improve user experience.
- Administered a small, two-node HP Eucalyptus cloud in my home office for testing and deployment of web projects.
- Participated in a maturing agile/scrum process among an entirely distributed team.
Technology stack: AngularJS, Python, Pyramid, boto, d3.js, Foundation, HP Helion Eucalyptus, Amazon AWS, CentOS, gunicorn, SASS, bash, IRC
September 2014 - August 2015
May 2013 - December 2013
August 2009 - May 2013
June 2006 - August 2009
January 2002 - June 2006
January 1998 - January 2001
2016, 2017, 2016
2015-16, 2016-17 School Years
Web Development, Python, JavaScript, Software Development, CSS, AJAX, MVC, Perl, Enterprise Software, Web Architecture, JSON, XML, HTML, OOP/OOD, Agile Methodologies, Integration, Unix, Linux, Apache, Architecture, Web Services, Cross-functional Team Leadership, Git, Node.js, Tornado, Pyramid, Nginx, iOS, Angular, d3.js, Karma, Jasmine, SASS, LESS, Cloud, AWS, Electron, Docker, Kubernetes, CISSP, ASVS, Burp Suite, CVSS, Secure Code Review, Offensive Testing, Penetration Testing