LinkedIn: https://www.linkedin.com/in/landonkey
I am an experienced application security architect with over 19 years of professional experience. My specialties include secure web & mobile application development for enterprise customers. I am passionate about application security at enterprise scale. My years of application development, penetration testing, and systems architecture experience allow me to enable the business to move quickly and securely.
ASP (Classic), ASP.NET (MVC, Web Forms) Assembly, C#, C/C++, CodeQL, Flash, Flex, Go/Golang, HTML5, Java, JavaScript (Angular,React,Node), Objective-C, Perl, PHP, Python, Powershell, Ruby, Silverlight, SQL, Swift, VB.NET, VB6, VBA, VBScript, Xamarin, XML
AWS, Apache, Azure, BurpSuite, Citrix, Cortex XDR, CyberArk, Docker/Kubernetes, Fortify/WebInspect, Github Enterprise, Hadoop, IIS, JIRA, Jenkins, Linux, MySQL, Nessus, Oracle, Prometheus, Symantec DLP, SQL Server, Splunk, Tanium, Azure, Windows Server
Experienced in performance and scalability design, product security testing, refactoring
Data mining and data warehousing techniques
Software reverse engineering techniques (source and binary)
Skilled in advanced penetration testing techniques
Hardware design skills (microprocessor design) using AHDL and VHDL
Firmware extraction skills
Self-taught in the Spanish language
As a Principal Security Researcher at Zoom, I focused on critical security initiatives, particularly in identifying and mitigating vulnerabilities that would garner public scrutiny if discovered externally. This included extensive work on the Zoom Client, resulting in CVEs such as CVE-2022-28755, CVE-2023-39216, CVE-2023-39213, CVE-2023-36534 (Critical) and CVE-2022-28763, CVE-2023-28597, CVE-2023-36533 (High) as well as several findings pending Critical CVEs as of Q4 2023. Overall, my tenure at Zoom has been marked by a dedicated focus on strengthening security measures and effectively mitigating potential risks within the Zoom Client.
As a member of the PSIRT I performed regular security assessments of the Tanium platform. I was the PSIRT’s first point of contact and principal security researcher for the initial partnership between Salesforce and Tanium. I also worked to establish automated DAST scanning in AWS as a part of Tanium’s FedRAMP efforts in 2020-2021. Working along with other members of the PSIRT team we discovered and mitigated many vulnerabilities prior to feature release including everything from custom MS Windows driver exploits to Linux restricted shell escape paths.
Actively participated in the Architectural Review Board to ensure proposals met standards set by IT Security. Worked closely with internal application development teams to develop strategies for maturing secure development practices. As a member of the Cloud Center of Excellence worked to develop cloud security strategies used for systems leveraging AWS, Azure, and Oracle cloud environments. Developed Next Gen Web VPN using Apache Guacamole on a Kubernetes Cluster.
Working closely with internal clients on projects ranging from environmental and wildlife management systems to executive dashboards for monitoring supply and demand in near real time. Architected and developed cyber protection systems for critical infrastructure in accordance with the NERC CIP standards. I have gained experience in many areas of the energy and utilities business. I have had the opportunity not only to add value with my knowledge of software system design but also go gain experience in the business of delivering reliable and affordable energy. I am responsible for training and leading junior members of the development team as well as aid senior members where advanced assistance is required.
Developed web applications used for process auditing and maintenance. Developed AJAX based web client coupled with server side components to provide flexible and extendable framework upon which future applications have been built. Performed application testing and debugging for various web and windows based applications. Performed maintenance tasks on many previously released software systems.
Created a software system for the automation of many tasks performed by the distribution engineers. Created a web interface which was used for displaying and calculating values needed to perform studies on the many distribution networks. Used reverse engineering skills to provide interoperability between two external database systems so that new information could be obtained from existing systems. Administered internal web and database servers used for information harvesting and business intelligence applications.
University of Alabama at Birmingham
University of Alabama at Birmingham
https://github.com/postworthy?tab=repositories
Exploitable App - Hacking Sandbox
KeyTranslations iOS App
English to Spanish Translation App
English to Spanish Translation Verbs
Opensource Arcade
Socks Web Proxy
Twitter Command And Control, Remote Acces Tool
Managed Code Remote Key Logger Service
Android Based NFC Access Card Cloning