Work samples

Writing

While contracting with the Google Open Source Security Team, I worked with team members to develop ideas for their blog posts. I would interview the authors, create an outline for the post and work with the authors on a series of drafts and revisions. Here are my favorite pieces:

• AI-Powered Fuzzing: Breaking the Bug Hunting Barrier
• Supply chain security for Go series
  • Part 1: Vulnerability management
  • Part 2: Compromised dependencies
  • Part 3: Shifting left
• Getting to know the Open Source Vulnerability (OSV) format
• Using the determineversion API to find C/C++ vulnerabilities

Here are a few other pieces of writing from over the years:

• Five things I knew about security, before I knew anything about security
• Django security tips
• A year-old dormant malicious remote code execution vulnerability discovered in Webmin

Speaking

• Google Cloud Next 2019: Securing Serverless by Breaking In
• JS Conf US 2019: Postmortem on the Ingen Incident
• Developing a Security Mindset: Practical Lessons for Pythonistas for PyTexas

Code

In Case of Emergency: 2020 Dev.to x Twilio Hackathon runner up

• Project repository
• Documentation
• Dev.to blog