Since the beginning of 2004 my focus had been and continues to be in the area of software security tools associated with the improvement of common software development life cycle methodologies as currently practiced. In February of 2004 I join the silicon valley start-up Fortify Software [now HP Fortify Software] as a full-time employee. As the seventh employee at Fortify I helped define and build what would become Fortify Source Code Analyzer [Fortify SCA] and the associated Fortify Suite of security products. Over a three plus year period at Fortify Software I worked as and defined the role of Fortify Software Security Consultant [SSC]. I provided Fortify Software security analysis domain expertise to many Fortune 100 companies as well as a very large number of small to mid-sized software development organizations. I have personally deployed the Fortify Suite of security products for numerous Fortify customers. I have integrated the Fortify SCA into a wide variety of build processes. I have written hundreds of custom Fortify SCA rules. I have audited hundreds of thousands of Fortify SCA results. I have trained numerous development teams in the optimal use of the HP Fortify security solutions in their environments.
After leaving Fortify Software, as an independent consultant, I continue to provide consulting services in the areas of build integration, code review, audit, and training in the real-world use of the HP Fortify security solutions. Fortify Software Expert-level certification. References include the Fortify Software founders, the original management team members, and several key field & engineering team individuals.