Personal details

Joe L.

Timezone: Eastern Time (US & Canada) (UTC-4)

Summary

I currently work as an offensive security engineer focusing on application security. I've been conducting application security audits and penetration tests for a variety of public and private companies for the past 3 years. I lead all of my organization's application security assessments. In this role, I regularly develop open-source security tools and give talks at major security conferences. I've spoken or delivered security training at BlackHat USA (3 times), Wild West Hackin' Fest (2 times), x33fcon (1 time) and several other conferences. In addition to my security responsibilities, I manage all of my organization's internal web development projects.

I have a MS in CyberSecurity Risk and Strategy from NYU Law/Engineering and received a BS in International Security from Georgetown University.

Before my current role, I built a Python-based web application SaaS product that I sold in 2018. Prior to that, I worked in business development for a few years.

I'm happy to be a "mentor" and guide you through a solution OR just code up a working solution and share it with you. I'd suggest coming to me for Python web dev questions or application security questions / audits / reviews.

Technical skills

Security testing・3 yrs Python・6 yrs Web Application Security・3 yrs Information Security・3 yrs Application Security・3 yrs

Work Experience

Lead Application Security Engineer

FortyNorth Security | May 2019 - Present

Python

Django

Node.js

Application Security

Application Architecture

Security testing

Network Security

Information Security

Conduct penetration tests, red team assessments, social engineering campaigns and web application assessments. Develop offensive security training courses and deliver content at security conferences like BlackHat USA/Asia and Wild West Hackin' Fest. Contribute to the open-source community via projects like C2concealer and EXCELntDonut. Conferences / Talks: May 2021 - x33fcon - What the F#? October 2020 - GrayHat Con - A Practical Introduction to Bypassing Application Whitelisting September 2020 - BlackHat Asia - Intrusion Operations September 2020 - Wild West Hackin' Cast - Offensive MalDocs in 2020 May 2020 - DERPCON - Bypassing Application Whitelisting March 2020 - Pancakes Con - Living Off the Land with a Side of Bubble Tea March 2020 - WW Wild West Hackin' Fest - An Introduction to Developing Phishing Malware August 2019 - BlackHat USA - Intrusion Operations

CTO

LeadWash | Dec 2016 - Dec 2018

Python

Flask

Pandas

Celery

Exited/Acquisition Built and sold a data-cleansing SaaS application.