Experience

Vacasa, LLC

Director of Engineering • Jan 2019 — Present

Team Lead Software Engineer - Data Products • July 2018 — Jan 2019

Directly managed a teams of data scientists, data engineers, and cross-functional software engineers focused on improving yield management, real estate growth, advertising, and field operations for a 25k unit portfolio. Helped design, launch, and scale machine learning systems accounting for over $1.3Bn in gross revenue.

Tozny, LLC

Head of Engineering • Sept 2017 — July 2018

Software Engineer • May 2016 — Sept 2017

Developed secure authentication, identification, and privacy management tools and hosted SaaS platform for enterprise partners. Helped design and build a scalable, end-to-end encrypted database for managing consumers’ personally identifying information (PII).

  • Devised and engineered a dynamically-scalable, real-time event notification system for record publication.
  • Designed the secure onboarding and registration system powering the Atlanta Streetcar’s mobile application.
  • In partnership with Amazon, leveraged [email protected] (while in beta) to safely and securely deliver single-page cryptographic web applications to end users.
  • Designed and developed a secure, end-to-end encrypted data storage solution used by clients such as DARPA to protect sensitive information while at rest.

10up, Inc

Lead Web Engineer • Nov 2014 — April 2016

Senior Web Engineer • Sept 2012 — Nov 2014

Developed engineering plans for various clients in partnership with the engineering management team. Created prototypes and final implementations of advanced systems integration tools and API libraries.

  • Reviewed project code for standards compliance, secure coding practices, and enterprise-level scalability.
  • Detected and remediated any server vulnerabilities related to client hosting environments.
  • Launched multiple, high-profile, enterprise-grade website redesigns, including TechCrunch.com.

Hawksoft, Inc

Web Developer • July 2011 — Sept 2012

  • Developed custom content management system for new corporate website.
  • Designed and built a custom web service API for managing media and customer subscriptions.
  • Maintained secure customer forums and web-enabled service applications.

Education

Portland State University

Master of International Management, Global Marketing • 2007

University of Oregon

Bachelor of Science, Political Science • 2006

Recipient of the Centurion Award

University of Oregon

Bachelor of Science, Physics/Mathematics • 2005

Recipient of the Computer Science, Engineering, and Mathematics Scholar Award

Publications

Security Principles for PHP Applications

php[architect] • Dec 2017

Security is an ongoing process not something to add right before your app launches. In this book, you’ll learn how to write secure PHP applications from first principles. Why wait until your site is attacked or your data is breached? Prevent your exposure by being aware of the ways a malicious user might hijack your web site or API. Discover how to secure your applications against many of the vulnerabilities exploited by attackers.

Securty Corner | Monthly Column

php[architect] • Sept 2017-Present

Recent Public Speaking

Asynchronous Awesome - Task Management in PHP

SunshinePHP • Feb 2020

Sometimes, our use of PHP grows beyond the typical request/response cycle of dynamic page generation. Unfortunately, the threaded nature of PHP - and the stateless nature of the server - betrays any efforts to expand our utilization of the server. Image processing, video rendering, APNS (Apple Push Notification Service) integration - any of these can easily take longer than is reasonable for a simple page request. Enter tools like message and job queues that empower daemonized PHP workers to handle data processing in the background. Yet further tools enable long-running event loops and asynchronous Promise-driven operations. PHP isn’t multi-threaded, but that doesn’t mean you’re limited to a single-thread paradigm.

I demonstrate various use cases necessitating asynchronous operations, then delve into the code and the tools that make these systems work. Every attendee will leave armed with new ways to think about the management of large data jobs in PHP and an understanding of the tools they can use to make it happen.

Web Application Security Update: Top Vulnerabilities

php[world] • Oct 2019

The Open Web Application Security Project (OWASP) curates a list of the top ten security risks for web applications and how to mitigate them. The ever-changing world of web development created a challenge for the 2017 list, which needs to combine both existing approaches and modern trends in web development. This session takes a look at each item in the list from a PHP perspective, demonstrates what can go wrong, and makes sure that this won’t happen in our web sites.

Password-Based Authentication Strategies

NomadPHP • Oct 2019

The first point of contact most users have with your application is the login screen. It’s a ubiquitous interface, and approaches for handling authentication are legion. A plethora of options for authentication doesn’t mean it’s an easy practice, though. Together, we’ll review authentication from first principles, starting with password-based systems and diving deeper into defensive hashing techniques and the edge cases developers need to consider when protecting user data. We’ll also go deep into the secure remote password flow, leveraging the technique both from native PHP and a JavaScript client-side implementation.

The Future of the Web is Low-Tech

CoderCruise • Aug 2019

This session will cover use cases, user groups, and a few proposed techniques for making both content and publishing tools available to those without high-speed Internet, 3G/4G connectivity, or traditional desktop publishing tools. It will also delve into some of the emerging technologies that make content more accessible to those with limited access (and the controversy surrounding them).

Fortifying your Defenses with Threat Modeling

php[tek] • May 2019

Properly securing your applications and data require an understanding of the threats facing them. Threat modeling is the methodology for identifying and quantifying the threats your application can and will face. There are a number of resources available for performing a threat model but this session will get you started building a strategy from nothing.

Additional Links