Vacasa LLC

Director of Engineering • Jan 2019 — Present

Team Lead Software Engineer - Data Products • July 2018 — Jan 2019

Tozny, LLC

Head of Engineering • Sept 2017 — July 2018

Software Engineer • May 2016 — Sept 2017

Developed secure authentication, identification, and privacy management tools and hosted SaaS platform for enterprise partners. Helped design and build a scalable, end-to-end encrypted database for managing consumers' personally identifying information (PII).

  • Devised and engineered a dynamically-scalable, real-time event notification system for record publication.
  • Designed the secure onboarding and registration system powering the Atlanta Streetcar's mobile application.
  • In partnership with Amazon, leveraged [email protected] (while in beta) to safely and securely deliver single-page cryptographic web applications to end users.
  • Designed and developed a secure, end-to-end encrypted data storage solution used by clients such as DARPA to protect sensitive information while at rest.

10up, Inc

Lead Web Engineer • Nov 2014 — April 2016

Senior Web Engineer • Sept 2012 — Nov 2014

Developed engineering plans for various clients in partnership with the engineering management team. Created prototypes and final implementations of advanced systems integration tools and API libraries.

  • Reviewed project code for standards compliance, secure coding practices, and enterprise-level scalability.
  • Detected and remediated any server vulnerabilities related to client hosting environments.
  • Launched multiple, high-profile, enterprise-grade website redesigns, including TechCrunch.com.

Hawksoft, Inc

Web Developer • July 2011 — Sept 2012

  • Developed custom content management system for new corporate website.
  • Designed and built a custom web service API for managing media and customer subscriptions.
  • Maintained secure customer forums and web-enabled service applications.


Portland State University

Master of International Management, Global Marketing • 2007

University of Oregon

Bachelor of Science, Political Science • 2006

Recipient of the Centurion Award

University of Oregon

Bachelor of Science, Physics/Mathematics • 2005

Recipient of the Computer Science, Engineering, and Mathematics Scholar Award


Security Principles for PHP Applications

php[architect] • Dec 2017

Security is an ongoing process not something to add right before your app launches. In this book, you’ll learn how to write secure PHP applications from first principles. Why wait until your site is attacked or your data is breached? Prevent your exposure by being aware of the ways a malicious user might hijack your web site or API. Discover how to secure your applications against many of the vulnerabilities exploited by attackers.

Securty Corner | Monthly Column

php[architect] • Sept 2017-Present

Public Speaking

Intro of PHP Encryption

php[world] • November 2018

Modern PHP supports modern encryption: Sodium. This new interface provides a set of opinionated cryptographic primitives that help prevent you from making a costly mistake. Sodium allows symmetric encryption, public/private encryption, and data signing just like you’re used to in other languages. It’s also native to PHP as of version 7.2.

Evolution of PHP Security

php[tek] • May 2018

[Training Class] PHP is a secure, modern programming language suitable for any number of applications. As with any other language or tool, PHP can only be used securely if the developers using it wield their tools safely.

2FA, U2F, OOB, and Other Terrifying Security Acronyms

NomadPHP • Feb 2018

In 2016, NIST announced it was deprecating SMS-based 2FA (second-factor authentication) from its Digital Authentication Guidance. As the internet works to harden application and online security, what are the proper options available for truly secure authentication? What are those OOB (out-of-band) transactions anyway? Why is identity security so hard? Learn about the tools that define the identity security landscape and how to easily integrate strong identity verification methods with your existing services. BYOA (bring your own acronyms).

PHP Userland Security - Step by Step and Beyond

php[world] • Nov 2017

Too often, the security of our applications is an afterthought rather than a pillar of design. This leads to embarrassing leaks of information, unintended violations of security best practices, or even critical vulnerabilities. This tutorial will walk through securing an app from first principles through smooth UX. We'll navigate password hashing, two factor authentication, and login by way of magic links. We'll then go even further with auth by way of mobile push notifications!

Going Password-Free

SunshinePHP • Feb 2017

Should a password be long and complex? What about a string of easy-to-remember words instead? Are password managers the best way forward? What about multiple factors? Is there a better way?

These are all questions your users have: learn how to answer them and how to make security easy by moving beyond passwords for your web app entirely with magic link based authentication! Your users just click a link; they don't have to remember anything.

Monkeys in the Machine

NortheastPHP • Aug 2016

Sometimes, our use of PHP grows beyond the typical request/response cycle of dynamic page generation. Unfortunately, the threaded nature of PHP – and the stateless nature of the server – betrays any efforts to expand our utilization of the server. I will walk attendees through various evolutions of a specific application from synchronous execution of loops through asynchronous execution with Promise-based libraries in PHP.

JavaScript for PHP Developers

php[tek] • May 2016

JavaScript and PHP look fairly similar, but they run in entirely different ways and environments. Writing JavaScript as you would PHP or vice versa is a recipe for disaster. As JS makes its way deeper into our stack, it has become an important tool that all PHP engineers should understand and be comfortable with. Attendees will learn the basic differences between these languages and gain a better understanding of how to think in a "JavaScript world," both in the browser and on the server.

The Future of WordPress is Low-Tech

php[world] • Nov 2015

This session will cover the severe need for low-tech access to WordPress but will focus on content production and consumption—which is a somewhat unique problem in the developing world. It will cover use cases, user groups, and a few proposed techniques for making content and publishing tools available to those without high-speed Internet, 3G connectivity, or traditional desktop publishing tools. Attendees will achieve a deeper understanding of potential, unreached user demographics and the tools/techniques they can use to reach these groups.

Sandboxing your Development Environment with Vagrant

ZendCon • Oct 2015

One of the newest tools on the market is an open source system called Vagrant. Thanks to this amazing application, you can quickly and easily create a new virtual development environment at a moment's notice.

Additional Links