Las Vegas, Nevada, United States
Aaron Lord is a Sr. Director Analyst with Gartner covering software engineering security, DevSecOps, supply chain security, API security, and vulnerability management. Formerly a Senior Application Security Engineer and researcher for Vimeo and Workday, performing design and security reviews for critical applications as well as static analysis automation. Before that, he spent six years helping secure the internet presence for Zappos.com, an Amazon company. He is an ex-member of the WhiteHat Security (now Synopsys) Threat Research Center for the WhiteHat Sentinel vulnerability management platform. He is passionate about secure coding principles and patterns, information security research and a proponent of Security by Design.” information security, web application security, network security, webappsec, vulnerability research, windows, mac, linux, apache, nginx, xhtml, hardware, css, php, mysql, ruby, ruby on rails, python, metasploit, tcp/ip, java, scala, shellcode, reverse engineering
- Created and defined a secure SDLC for Vimeo development that does not impede innovation. - Documented and improved security of Vimeo product pipelines. - Completed multiple privacy audits across multiple cloud platforms. - Created a Python IP blocking service running in Google Cloud. - Lead vendor selection of static analysis security testing solution. - Implementation of self-service static analysis security testing solution without impeding developer innovation.
• Contributed to a Python automated Static Analysis platform for automated secure code scanning. • Performed Application Security reviews for new features through design and architecture review, secure code review, and delivery of security requirements. • Created an automated code scanning tool in Python that utilizes ‘Trufflehog’ to find secrets and information leakage in code bases destined for open source. • Acted as a Subject Matter Expert for Development, Privacy, and Legal teams. • Spearheaded security for technical onboarding of company acquisition. • Triaged SAST findings in source code and configured scanning rules to ensure quality of automated findings.
Security Assessments & Penetration Testing, Secure Application Design, Application Code Reviews, Threats Intelligence and Secure Coding Standards & Training. - Implemented a Secure Development Lifecycle - Created a PCI accepted developer training course - Implemented application security scanning automation using static analysis and dynamic analysis. - Created policies for application security in the enterprise - Defined and delivered fully customized application security reporting and metrics
Web Application Threat research, WhiteHat Sentinel service delivery, client technical relations, lead trainer and training program development for Threat Research Center. Info sec team management and team building for the WhiteHat Threat Research Center Houston.
Web application business logic assessment, threat research, WhiteHat Sentinel service delivery, client technical relations, lead trainer and quality controller for Threat Research Center.
Web application business logic assessment, threat research, WhiteHat Sentinel service delivery, client technical relations.