Experience

Rebellion Defense

Head of Infrastructure Engineering • May 2023 — Present

Vacasa, LLC

VP of Information Security • April 2022 — April 2023

Director of Engineering • Jan 2019 — April 2022

Team Lead Software Engineer - Data Products • July 2018 — Jan 2019

Directly managed a teams of data scientists, data engineers, and cross-functional software engineers focused on improving yield management, real estate growth, advertising, and field operations for a 35k unit portfolio. Helped design, launch, and scale machine learning systems accounting for over $1.3Bn in gross revenue.

  • Built a comprehensive, enterprise-grade security program from the ground up, managing team building, tool acquisition, and policy integrations.
  • Established roadmaps for fully containerized infrastructure and highly-available data systems enabling zero-downtime systems maintenance.
  • Lead central infrastructure, data platform, reliability, and security teams to build core systems enabling a successful $4.4Bn IPO.

Tozny, LLC

Head of Engineering • Sept 2017 — July 2018

Software Engineer • May 2016 — Sept 2017

Developed secure authentication, identification, and privacy management tools and hosted SaaS platform for enterprise partners. Helped design and build a scalable, end-to-end encrypted database for managing consumers’ personally identifying information (PII).

  • Devised and engineered a dynamically-scalable, real-time event notification system for record publication.
  • Designed the secure onboarding and registration system powering the Atlanta Streetcar’s mobile application.
  • In partnership with Amazon, leveraged Lambda@Edge (while in beta) to safely and securely deliver single-page cryptographic web applications to end users.
  • Designed and developed a secure, end-to-end encrypted data storage solution used by clients such as DARPA to protect sensitive information while at rest.

10up, Inc

Lead Web Engineer • Nov 2014 — April 2016

Senior Web Engineer • Sept 2012 — Nov 2014

Developed engineering plans for various clients in partnership with the engineering management team. Created prototypes and final implementations of advanced systems integration tools and API libraries.

  • Reviewed project code for standards compliance, secure coding practices, and enterprise-level scalability.
  • Detected and remediated any server vulnerabilities related to client hosting environments.
  • Launched multiple, high-profile, enterprise-grade website redesigns, including TechCrunch.com.

Hawksoft, Inc

Web Developer • July 2011 — Sept 2012

  • Developed custom content management system for new corporate website.
  • Designed and built a custom web service API for managing media and customer subscriptions.
  • Maintained secure customer forums and web-enabled service applications.

Education

Portland State University

Master of International Management, Global Marketing • 2007

University of Oregon

Bachelor of Science, Political Science • 2006

Recipient of the Centurion Award

University of Oregon

Bachelor of Science, Physics/Mathematics • 2005

Recipient of the Computer Science, Engineering, and Mathematics Scholar Award

Publications

PHP Cookbook

O'Reilly Media • May 2023

If you're a PHP developer looking for proven solutions to common problems, this cookbook provides code recipes to help you resolve numerous scenarios. By leveraging modern versions of PHP through version 8.2, PHP Cookbook's self-contained recipes provide fully realized solutions that can help you solve similar problems in your day-to-day work.

Security Principles for PHP Applications

php[architect] • Dec 2017

Security is an ongoing process not something to add right before your app launches. In this book, you'll learn how to write secure PHP applications from first principles. Why wait until your site is attacked or your data is breached? Prevent your exposure by being aware of the ways a malicious user might hijack your web site or API. Discover how to secure your applications against many of the vulnerabilities exploited by attackers.

Security Corner | Monthly Column

php[architect] • Sept 2017-Present

Recent Public Speaking

Asynchronous Awesome - Task Management in PHP

php[tek] • May 2023

Sometimes, our use of PHP grows beyond the typical request/response cycle of dynamic page generation. Unfortunately, the threaded nature of PHP - and the stateless nature of the server - betrays any efforts to expand our utilization of the server. Image processing, video rendering, APNS (Apple Push Notification Service) integration - any of these can easily take longer than is reasonable for a simple page request.

Enter tools like message and job queues that empower daemonized PHP workers to handle data processing in the background. Yet further tools enable long-running event loops and asynchronous Promise-driven operations. PHP isn’t multi-threaded, but that doesn’t mean you’re limited to a single-thread paradigm. I will demonstrate various use cases necessitating asynchronous operations, then delve into the code and the tools that make these systems work. Every attendee will leave armed with new ways to think about the management of large data jobs in PHP and an understanding of the tools they can use to make it happen.

Maintaining Operational Sanity Across 100+ AWS Accounts

Datadog Dash • Oct 2021

At Vacasa, AWS accounts represent the unit of isolation for distinct applications & services in our software ecosystem, providing security benefits and operational autonomy for our teams as we scale. Managing accounts at this scale requires strong DevOps practices to maintain security, operational sanity, and uniform observability across the system. In this talk, we’ll cover the benefits of such an approach, the practices that make it possible, and the important role Datadog plays.

WordPress, Meet AI

Midwest PHP • April 2021

With new advances in machine learning, advanced integrations with AI platforms are now available to everyone! You can easily build AI into your WordPress site without a Ph.D. or advanced knowledge of linear algebra or the algorithms that make machine learning work.

In this talk, we’ll cover some simple integrations with commonly available tools to make your WordPress installation truly “smart.” No prior experience in machine learning is required, just come prepared to learn, ask questions, and get your hands dirty with tools like AWS Recognition.

Web Application Security Update: Top Vulnerabilities

php[world] • Oct 2019

The Open Web Application Security Project (OWASP) curates a list of the top ten security risks for web applications and how to mitigate them. The ever-changing world of web development created a challenge for the 2017 list, which needs to combine both existing approaches and modern trends in web development. This session takes a look at each item in the list from a PHP perspective, demonstrates what can go wrong, and makes sure that this won’t happen in our web sites.

Password-Based Authentication Strategies

NomadPHP • Oct 2019

The first point of contact most users have with your application is the login screen. It’s a ubiquitous interface, and approaches for handling authentication are legion. A plethora of options for authentication doesn’t mean it’s an easy practice, though. Together, we’ll review authentication from first principles, starting with password-based systems and diving deeper into defensive hashing techniques and the edge cases developers need to consider when protecting user data. We’ll also go deep into the secure remote password flow, leveraging the technique both from native PHP and a JavaScript client-side implementation.

The Future of the Web is Low-Tech

CoderCruise • Aug 2019

This session will cover use cases, user groups, and a few proposed techniques for making both content and publishing tools available to those without high-speed Internet, 3G/4G connectivity, or traditional desktop publishing tools. It will also delve into some of the emerging technologies that make content more accessible to those with limited access (and the controversy surrounding them).

Additional Links