Leader in application security who specializes in driving and improving the Secure Development Lifecycle from beginning to end, including: architecture and design review, penetration testing, automated security testing, and security metrics reporting. Possesses detailed security knowledge at the network, systems, and code layers. Consistently delivers high-quality work as an engineering manager through clear communication, strong leadership and organizational skills.

Continue to make meaningful contributions in application security while broadening and deepening my technical and managerial skills. Hold positions that allow me to create a positive impact on the security of the Web.

Manager, Security Research and Testing

Mozilla Corporation - Mountain View, CA

7/2011 - Present

• Manage a distributed team of six Security Engineers responsible for fuzzing and penetration testing
• Perform risk analysis of Mozilla Engineering initiatives and prioritize projects requiring focused testing
• Lead security design reviews and threat modeling for all new Firefox features
• Created the first comprehensive security testing plans for Boot to Gecko, Open Web Apps, and Web API projects
• Serve as an Editor of the Content Security Policy W3C standard

Security Program Manager

Mozilla Corporation - Mountain View, CA

12/2007 - 7/2011

• Member of the Mozilla Security Group, the body responsible for shaping security policies and incident responses
• Designed and implemented Content Security policy, a mitigation framework for content injection vulnerabilities
• Drove adoption of CSP by working with strategic partners and internal web developers and speaking at Web Security conferences
• Created automation system for the collection, processing, and reporting of security bug statistics
• Raised awareness within the organization of key product security metrics
• Created and tested fixes for memory safety bugs and other browser security flaws
• Manage the vulnerability remediation process for the Mozilla codebase including bug triage and milestone tracking
• Publish security advisories for bugs fixed in each security release
• Develop material to increase awareness and utilization of security best practices by Mozilla developers
• Provide point of contact for reporters and researchers regarding security initiatives

Information Security Engineer

eBay, Inc. - San Jose, CA

9/2005 - 12/2007

• Member of the Information Security Testing and Monitoring Team
• Responsible for host-and-application level security for eBay Marketplaces and corporate network
• Run weekly and quarterly scans for internal security (ISO 17799) and regulatory (Sarbanes-Oxley) compliance
• Developed a process and supporting web application to facilitate the vendor security program
• Perform periodic penetration tests and code audits of the Marketplaces websites to assess application level vulnerabilities
• Developed Active Content Framework prototype allowing site users to safely include HTML and JavaScript in eBay web pages
• Created RSS feeds monitoring system to alert Security team of pertinent disclosures and new vulnerabilities
• Developed application to support internal vulnerability management
• Project Management of outsourced security engagements
• Winner of Information Security contest to discover the most application layer vulnerabilities in the eBay platform

Web Developer

Webconsuls - Newport Beach, CA

7/2004 - 8/2005

• Develop creative websites for new clients including original design and content
• Manage existing websites to keep content current
• Optimize web pages to maintain top rankings on major search engines
• Stay abreast of latest Internet trends and technologies and incorporate them in Internet marketing strategies
• Keep clients' CGI scripts and software packages updated and free of security vulnerabilities

Webmaster / Alumni Tracking

Sunrise Recovery Ranch - Riverside, CA

7/2002 - 6/2005

• Maintenance of company website generating 50% of new business
• Increase monthly traffic and conversions through reciprocal linking and organic Search Engine Optimization
• Built and maintained database of former clients' contact information and periodically made contact calls for updates

Platforms: Linux, Mac OS X, Windows

Languages: Python, PHP, C, C++, HTML, JavaScript, CSS, XML, SQL, Bash, LaTeX

Software: Django, jQuery, Nessus, Nmap, Wireshark, Paros Proxy, gdb, Apache, nginx, Sendmail, MySQL, Subversion, Mercurial, Tcpdump, SSH, OpenSSL, GnuPG/PGP, QualysGuard, Photoshop, GIMP, MBSA

B.S. in Information Systems, University of California, Riverside, June 2005. GPA: 3.49.

Coursework: Computer Security, Software Engineering, Data Structures and Algorithms, Operating Systems, Networks, Database Management Systems, UNIX System Administration, Computational Geometry, Automata and Formal Languages, Artificial Intelligence

CISSP

5/2007 - Present

Awarded Certified Information Systems Security Professional by (ISC)² in May 2007.

SANS - Audit 507

10/2005

Completed six-day training course on Auditing Networks, Perimeters & Systems

Swimming, Water Polo, Triathlon, Golf, Science Fiction Novels, Web Development, Web Application Security, Linux, MythTV, Artificial Intelligence, Search Engine Optimization

Personal Website:

http://brandon.sternefamily.net - informational site contains articles on personal interests and code samples.

Social News and Link Recommendation:

http://sharengeti.com - social news site built on top of Django aggregates interesting Web content and recommends articles based on each user's unique preferences.

Psychotherapist Site:

http://www.terryneifinglcsw.com - professional site for psychotherapist lists services provided and frequently asked questions about therapy. Top search engine rankings for "East Bay Psychotherapy" and other geographically-based search terms.