Web Application and API Communication & Security Portfolio

tl;dr

During my 8 years at a leading InfoSec vendor, I positioned, demoed, and POC’ed two web application security products- a Dynamic Application Security Testing (DAST) and a Runtime Application Self-Protection (RASP). I became the regional SME in AppSec and wrote a large amount of AppSec training materials for fellow sales engineers.

As the Lead Sales Engineer for our Enterprise West team, I led AppSec POCs for FAANG and other large west coast tech companies. I also handled technical escalations for all of our sales engineers on the US West team.

While I was a sales engineer at Ziften Technologies, I wrote an internal web application using Python Django to track and monitor issues for our on-prem and cloud consoles used for POC and production customers.

As a side hobby, I write code to archive difficult-to-archive websites.

Technical Enablement for Sales Engineers

In 2018, most of my fellow 50+ sales engineers lacked fundamental knowledge in web communications and AppSec, and struggled to present the amazing value of our AppSec tool.

Without any manager asking me to, I took initiative and created an internal enablement course to teach the necessary knowledge to our SE organization. I built slides and gave live workshops to fellow SEs, and built out step-by-step exercises to teach the job-specific technical skills they needed.

My course, and several other AppSec training materials I created, resulted in AppSec knowledge becoming standard in our SE org, and eventually translated to increased sales and customer success. SMEs, leads, and SE managers could now say “go take Tim’s course” when an SE needed AppSec help, instead of tutoring them for weeks.

My 100+ page step by step guide walked SEs through the basics of troubleshooting web communication up through advanced AppSec troubleshooting.

I also gave out an abbreviated version to my prospects and webinar/conference talk attendees.

Webinars and Conference Talks about AppSec

In early 2020, I delivered a webinar to AppSec practitioners at large tech companies on how to take their DAST AppSec program from the Walk stage to the Run stage.

I also created and delivered a conference talk for novice AppSec practitioners on the different types of AppSec tools and advice on how to evaluate them for the October 2019 Rochester Security Group Conference.

Go-To SE for AppSec Marketing

I regularly worked with our marketing team to develop and review AppSec promotional materials and documentation for technical accuracy, and clarity of communicating business value.

I contributed to several parts of Rapid7 Academy, an online self-service free training portal designed for new and existing customers.

Short video explaining the differences between traditional vulnerability management and application security, designed as a top of the funnel point.

Into the technical weeds

I contributed Bash and Python scripts for all products to Rapid7’s Presales Engineering GitHub repository. Prospects and fellow sales engineers used these to accelerate troubleshooting and meet niche needs.

I’ve also written scripts using Python with Selenium, Bash, and various APIs to archive content from various websites like Reddit, TikTok, YouTube, and Jackbox Games.

I’ve built several Docker container images to deploy my code.