Experience

Vacasa LLC

Director of Engineering • Jan 2019 — Present

Team Lead Software Engineer - Data Products • July 2018 — Jan 2019

Directly managed a teams of data scientists, data engineers, and cross-functional software engineers focused on improving yield management, real estate growth, advertising, and field operations for a 15k unit portfolio. Helped design, launch, and scale machine learning systems accounting for over $600MM in gross revenue.

Tozny, LLC

Head of Engineering • Sept 2017 — July 2018

Software Engineer • May 2016 — Sept 2017

Developed secure authentication, identification, and privacy management tools and hosted SaaS platform for enterprise partners. Helped design and build a scalable, end-to-end encrypted database for managing consumers' personally identifying information (PII).

  • Devised and engineered a dynamically-scalable, real-time event notification system for record publication.
  • Designed the secure onboarding and registration system powering the Atlanta Streetcar's mobile application.
  • In partnership with Amazon, leveraged [email protected] (while in beta) to safely and securely deliver single-page cryptographic web applications to end users.
  • Designed and developed a secure, end-to-end encrypted data storage solution used by clients such as DARPA to protect sensitive information while at rest.

10up, Inc

Lead Web Engineer • Nov 2014 — April 2016

Senior Web Engineer • Sept 2012 — Nov 2014

Developed engineering plans for various clients in partnership with the engineering management team. Created prototypes and final implementations of advanced systems integration tools and API libraries.

  • Reviewed project code for standards compliance, secure coding practices, and enterprise-level scalability.
  • Detected and remediated any server vulnerabilities related to client hosting environments.
  • Launched multiple, high-profile, enterprise-grade website redesigns, including TechCrunch.com.

Hawksoft, Inc

Web Developer • July 2011 — Sept 2012

  • Developed custom content management system for new corporate website.
  • Designed and built a custom web service API for managing media and customer subscriptions.
  • Maintained secure customer forums and web-enabled service applications.

Education

Portland State University

Master of International Management, Global Marketing • 2007

University of Oregon

Bachelor of Science, Political Science • 2006

Recipient of the Centurion Award

University of Oregon

Bachelor of Science, Physics/Mathematics • 2005

Recipient of the Computer Science, Engineering, and Mathematics Scholar Award

Publications

Security Principles for PHP Applications

php[architect] • Dec 2017

Security is an ongoing process not something to add right before your app launches. In this book, you’ll learn how to write secure PHP applications from first principles. Why wait until your site is attacked or your data is breached? Prevent your exposure by being aware of the ways a malicious user might hijack your web site or API. Discover how to secure your applications against many of the vulnerabilities exploited by attackers.

Securty Corner | Monthly Column

php[architect] • Sept 2017-Present

Recent Public Speaking

Intro of PHP Encryption

php[world] • November 2018

Modern PHP supports modern encryption: Sodium. This new interface provides a set of opinionated cryptographic primitives that help prevent you from making a costly mistake. Sodium allows symmetric encryption, public/private encryption, and data signing just like you’re used to in other languages. It’s also native to PHP as of version 7.2.

Evolution of PHP Security

php[tek] • May 2018

[Training Class] PHP is a secure, modern programming language suitable for any number of applications. As with any other language or tool, PHP can only be used securely if the developers using it wield their tools safely.

2FA, U2F, OOB, and Other Terrifying Security Acronyms

NomadPHP • Feb 2018

In 2016, NIST announced it was deprecating SMS-based 2FA (second-factor authentication) from its Digital Authentication Guidance. As the internet works to harden application and online security, what are the proper options available for truly secure authentication? What are those OOB (out-of-band) transactions anyway? Why is identity security so hard? Learn about the tools that define the identity security landscape and how to easily integrate strong identity verification methods with your existing services. BYOA (bring your own acronyms).

PHP Userland Security - Step by Step and Beyond

php[world] • Nov 2017

Too often, the security of our applications is an afterthought rather than a pillar of design. This leads to embarrassing leaks of information, unintended violations of security best practices, or even critical vulnerabilities. This tutorial will walk through securing an app from first principles through smooth UX. We'll navigate password hashing, two factor authentication, and login by way of magic links. We'll then go even further with auth by way of mobile push notifications!

Going Password-Free

SunshinePHP • Feb 2017

Should a password be long and complex? What about a string of easy-to-remember words instead? Are password managers the best way forward? What about multiple factors? Is there a better way?

These are all questions your users have: learn how to answer them and how to make security easy by moving beyond passwords for your web app entirely with magic link based authentication! Your users just click a link; they don't have to remember anything.

Additional Links