Web Application and API Communication & Security Portfolio

tl;dr

During my 8 years at Rapid7, I positioned, demoed, and POC’ed two web application security products- InsightAppSec (a DAST) and tCell (a RASP). I became the regional SME in AppSec and wrote the AppSec training materials for new SEs.

As the Lead Sales Engineer for our Enterprise West team, I led AppSec POCs for FAANG and other large west coast tech companies. I also handled technical escalations for all 12 sales US West engineers for our whole portfolio, including AppSec.

While I was a sales engineer at Ziften Technologies, I wrote an internal web application using Python Django to track and monitor issues for our on-prem and cloud consoles used for POC and production customers.

As a side hobby, I write code to archive difficult to archive websites for archive.org.

Technical Enablement for Sales Engineers

In 2018, our company was underperforming in AppSec sales. Most of the 50+ sales engineers lacked fundamental knowledge in web communications and AppSec, and struggled to present the amazing value of our AppSec tool.

I took initiative and created an internal enablement course to teach the necessary knowledge to our SE organization. I built slides and gave live workshops to fellow SEs, and built out step-by-step exercises to teach the job-specific technical skills they needed.

This course, and several other AppSec training materials I created resulted in AppSec knowledge becoming standard in our SE org, and eventually translated to increased sales and customer success.

Here is the public release version of the step by step exercises as a PDF. This abreviated version was shared with prospects to teach them, and also to my webinar and conference talk attendees.

The full internal version was 107 pages long and included more information about advanced troubleshooting for our AppSec tool.

This is a recording of one of the many times I taught the Intro to Web Communication, APIs, and AppSec course to fellow Sales Engineers.

Webinars and Conference Talks about AppSec

I created and delivered a conference talk on the different types of AppSec tools and advice on how to evaluate them for the October 2019 Rochester Security Group Conference.

See the slides here.

In early 2020, my sales team was having trouble breaking into some specific enterprise accounts at large tech companies. I worked with my sales manager and my AppSec specialist to develop a webinar designed as a back door sales pitch.

I delivered an hour long webinar on how to take your AppSec program from the Walk stage to the Run stage for large companies. We got a foothold into one of the companies we were trying to break into.

Marketing’s Go-To SE for AppSec

I regularly worked with our marketing team to develop and review AppSec promotional materials and documentation for technical accuracy, and clarity of communicating business value.

I contributed to parts of Rapid7 Academy, an online self-service free training portal designed for new and existing customers.

Here is a short video explaining the differences between traditional vulnerability management and application security, designed as a top of the funnel point.

Into the technical weeds

I contributed Bash and Python scripts for our AppSec products InsightAppSec and AppSpider, to Rapid7’s Presales Engineering GitHub repository. Prospects and fellow sales engineers used these to accelerate troubleshooting and meet niche needs.

I’ve also written scripts using Python with Selenium, Bash, and various APIs to archive content from various websites like Reddit, TikTok, YouTube, and Jackbox Games.

I’ve built several Docker container images to deploy my code.