Sulley Python Security
Team Sportsball Security
I joined ThinAir as employee #5 early in 2015. When I came on board I was solely responsible for building the first few iterations of
backend with one goal in mind - bring ubiquitous encryption to the masses! Written in Django it is
API consumed by our iOS, C++, .Net, and Java clients that we deploy to customer sites and is
collecting file and security events from endpoints, as well as brokering the escrow of encryption
are stored in a "zero-knowledge" fashion.
With that I was also the founding member of the devops team, solely responsible for deploying our software until we brought on more backend developers and devops team members.
I was also the first member of the security team. I coordinated our first security review of our entire product end to end, and helped incorporate the fixes necessary for us to have a security report at the end of the engagement with no issues exceeding a LOW rating. I also helped coordinate our SOC II (type 2) audit, which we passed with flying colors.
I joined the Palantir Infosec Engineering Team 6 months before I graduated (working remotely), then moved across
to help defend Palantir's network from insider threats, state actors, and all sorts of nasty things.
For the first
year and a half or so I did a lot of different things, like get deployed to customer sites to conduct forensics and
evidence to law firms, conducting large-scale penetration tests in-house, and contributing
to the core Palantir platform.
From there I lead the Internal Application Security Team efforts, which was responsible for coordinating large scale security reviews with external contractors, setting up security tooling as part of the build infrastructure, conducting internal security reviews and training, and contributing fixes directly to the core platform.
While attending university at Michigan Tech, I also worked as a linux administrator for the first
two years or
so, being responsible for thousands of machines across the fleet.
Security has always been an interest of mine, so along with my administration tasks I started
issues as well as attackers within our infrastructure, and worked hard to mitigate them. Eventually
director of security took notice and created a job for me as the sole other security team member.
After that they basically just locked me in the NOC and told me to help find and mitigate any security issues that I could, which was an absolutely invaluable learning period for me.