Photo of Me

J. Landon Key

LinkedIn:

I am an experienced application security architect with over 19 years of professional experience. My specialties include secure web & mobile application development for enterprise customers. I am passionate about application security at enterprise scale. My years of application development, penetration testing, and systems architecture experience allow me to enable the business to move quickly and securely.

Skills

Language Experience

ASP (Classic), ASP.NET (MVC, Web Forms) Assembly, C#, C/C++, CodeQL, Flash, Flex, Go/Golang, HTML5, Java, JavaScript (Angular,React,Node), Objective-C, Perl, PHP, Python, Powershell, Ruby, Silverlight, SQL, Swift, VB.NET, VB6, VBA, VBScript, Xamarin, XML

Tooling, Platform, Systems Experience

AWS, Apache, Azure, BurpSuite, Citrix, Cortex XDR, CyberArk, Docker/Kubernetes, Fortify/WebInspect, Github Enterprise, Hadoop, IIS, JIRA, Jenkins, Linux, MySQL, Nessus, Oracle, Prometheus, Symantec DLP, SQL Server, Splunk, Tanium, Azure, Windows Server

Software Architecture Experience

Experienced in performance and scalability design, product security testing, refactoring
Data mining and data warehousing techniques

Vulnerability Analysis Experience

Software reverse engineering techniques (source and binary)
Skilled in advanced penetration testing techniques

Misc

Hardware design skills (microprocessor design) using AHDL and VHDL
Firmware extraction skills
Self-taught in the Spanish language

Experience

Security Assurance Testing Initiatives Aug. 2021 - Present

 Principal Product Security Researcher - Zoom

As a Principal Security Researcher at Zoom, I focused on critical security initiatives, particularly in identifying and mitigating vulnerabilities that would garner public scrutiny if discovered externally. This included extensive work on the Zoom Client, resulting in CVEs such as CVE-2022-28755, CVE-2023-39216, CVE-2023-39213, CVE-2023-36534 (Critical) and CVE-2022-28763, CVE-2023-28597, CVE-2023-36533 (High) as well as several findings pending Critical CVEs as of Q4 2023. Overall, my tenure at Zoom has been marked by a dedicated focus on strengthening security measures and effectively mitigating potential risks within the Zoom Client.

Product Security & Incident Response May 2020 - Aug. 2021

 Principal Product Security Researcher - Tanium

As a member of the PSIRT I performed regular security assessments of the Tanium platform. I was the PSIRT’s first point of contact and principal security researcher for the initial partnership between Salesforce and Tanium. I also worked to establish automated DAST scanning in AWS as a part of Tanium’s FedRAMP efforts in 2020-2021. Working along with other members of the PSIRT team we discovered and mitigated many vulnerabilities prior to feature release including everything from custom MS Windows driver exploits to Linux restricted shell escape paths.

Security Architecture & Engineering May 2018 - May 2020

 Sr. Application Security Architect - Southern Company

Actively participated in the Architectural Review Board to ensure proposals met standards set by IT Security. Worked closely with internal application development teams to develop strategies for maturing secure development practices. As a member of the Cloud Center of Excellence worked to develop cloud security strategies used for systems leveraging AWS, Azure, and Oracle cloud environments. Developed Next Gen Web VPN using Apache Guacamole on a Kubernetes Cluster.

Business Intelligence Organization Jan. 2006 - May 2018

 Sr. Application Architect - Southern Company

Working closely with internal clients on projects ranging from environmental and wildlife management systems to executive dashboards for monitoring supply and demand in near real time. Architected and developed cyber protection systems for critical infrastructure in accordance with the NERC CIP standards. I have gained experience in many areas of the energy and utilities business. I have had the opportunity not only to add value with my knowledge of software system design but also go gain experience in the business of delivering reliable and affordable energy. I am responsible for training and leading junior members of the development team as well as aid senior members where advanced assistance is required.

Real Time Systems Jan. 2005 - Dec. 2005

 Software Developer - Alabama Power

Developed web applications used for process auditing and maintenance. Developed AJAX based web client coupled with server side components to provide flexible and extendable framework upon which future applications have been built. Performed application testing and debugging for various web and windows based applications. Performed maintenance tasks on many previously released software systems.

Distribution Planning May 2003 - Jan. 2005

 Software Developer - Alabama Power

Created a software system for the automation of many tasks performed by the distribution engineers. Created a web interface which was used for displaying and calculating values needed to perform studies on the many distribution networks. Used reverse engineering skills to provide interoperability between two external database systems so that new information could be obtained from existing systems. Administered internal web and database servers used for information harvesting and business intelligence applications.

Education

Information Engineering Management (MSEE) 2006 - 2008

University of Alabama at Birmingham

Electrical and Computer Engineering (BSEE) 2000 - 2006

University of Alabama at Birmingham

Previous Work

Open Source Projects

https://github.com/postworthy?tab=repositories

Examples of Work

Exploitable App - Hacking Sandbox
KeyTranslations iOS App
English to Spanish Translation App
English to Spanish Translation Verbs
Opensource Arcade
Socks Web Proxy
Twitter Command And Control, Remote Acces Tool
Managed Code Remote Key Logger Service
Android Based NFC Access Card Cloning