My name is Ben and I am an experienced Security Engineer with over a decade of experience. I have a passion for security and enjoy putting my skills to use to advance business objectives.
I have a strong and broad technical background that includes computer networking, systems administration, cloud computing, software development, and DevOps / DevSecOps.
I am well versed in many aspects of information systems security, including offensive security (red team), network / system defense (blue team), security automation, security tool development, security operations, security analysis, threat hunting, and incident response.
I believe automation is critical to security. From defining infrastructure as code, thus enforcing pre-defined best practices and providing secure defaults, to automating detection and response, reducing alert fatigue and acting as a force-multiplier for scarce security engineers and analysts.
I primarily program in Python, Go, and Bash, but also have various levels of experience across a wide range of programming and domain-specific languages (C, Ruby, PHP, JavaScript, Terraform, Helm, Puppet, and Chef to name a few). I am a big fan of Linux and FOSS in general.
I have experience coding things like CLI scripts, automation code and 'glue', web applications, back-end API services, and configuration and infrastructure as code (IaC), among other projects.
I hold a B.S. degree in Information and Network Technologies with a major in Systems Security.
I have earned many industry certifications, such as CISSP and OSCP.
I am currently a Staff Security Engineer at Aurora Innovation, where we are working to bring the benefits of self-driving technology to the world. I am on the Enterprise Security Team where I'm the tech-lead for client endpoint security, leading initiatives to secure our enterprise devices, networks, and software. I also contribute to our overall security operations and security automation initiatives.
Previously, I was a Senior Security Engineer, on the Security Customer Protection Team, at Slack, a team that focused on detecting and preventing platform abuse and attacks against our customers. When I joined, the team was the Enterprise Security Operations Team, responsible for the security detection and incident response capabilities of the company, with a focus on our global corporate networks, corporate endpoints, enterprise SaaS tools, and customer-facing security matters (including platform misuse and abuse). This was a hybrid role that included engineering, analysis, threat hunting, IR, and tool development. We pushed the envelope, exploring emerging ways to bring big data concepts to security. An interesting project I worked on was helping to create and build the malware detection engine that scans all Slack file uploads. I was at Slack from pre-IPO to post-Salesforce acquisition, and the Security Organization evolved greatly throughout that time.
Before joining Slack, I was a Senior Security Operations Engineer at Sony Interactive Entertainment aka PlayStation. My team helped to ensure the security of the PlayStation Network (PSN), protecting both users and the platform. I was at PlayStation as the entire PSN platform was migrated from on-prem datacenters to the cloud (primarily AWS) and contributed to selecting and implementing cloud-native security tooling. PSN operated at an enormous scale in terms of network traffic, operations, and budget / revenue.
Earlier in my career, I worked in multiple roles for a national datacenter provider (ViaWest, since acquired by Peak 10 and rebranded Flexential), helping to build and secure their PCI and HIPAA compliant cloud and its customers; for Managed Security Service Provider (MSSP) GBprotect (now Nuspire after a merger) and for regional ISP and CLEC Microtech-Tel (now OTAVA).
Feel free to contact me on LinkedIn, with the exception of unsolicited sales pitches, which I will promptly ignore.
You can also catch me annually at Hacker Summer Camp (I have attended Defcon about a dozen times now and often attend BSidesLV as well).