Senior Security Researcher at Sonatype
CIO.com Contributor
Author, Editor at Central
M.S. in Computer Science, Georgia Tech.
B.S. in Software Engineering, Drexel University
Endorsed an Exceptional Talent, a recognised leader in Tech by the British Government and frequently featured on leading media outlets like Fortune, The Register and CIO, Ax is a Security Researcher and Engineer who holds passion for perpetual learning. In his spare time, he loves exploiting vulnerabilities, ethically and educating a wide range of audiences.
Ax’s expertise includes vulnerability research, development and web app security. Through responsible disclosure, he has previously exposed serious bugs and security vulnerabilities affecting national & global organisations like HM Government, Yodel, U.S. DHS, P.F. Chang’s, Planet Fitness, Comcast/Arris, Ellucian and the popular restaurant chain, Buca di Beppo.
In early 2018, Ax helped prevent a massive data breach at Georgia Tech by going public with a serious flaw which was left unpatched for over a year. He hence earned himself a place on Tech’s Vulnerability Reporters “hall of fame” page.
To consult Ax for your next big security project or for media source requests, drop him a note here.
Ax’s hobbies include working out, reading, playing piano and developing innovative, upcoming web projects. He also runs his CIO.com column titled, “The Tech Mindset” and his Medium technology blog:
- 5 things I learned from contracting CoronavirusUncertainty, hope, job, family, friends, and time for self-reflection. Continue reading on Medium » Read more »
- Why must TV license be scrapped off in 2020?In a digitally advanced world, repressive ‘TV tax’ holds no justification and grants zero tangible benefits to the public. Continue reading on Medium » Read more »
- What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?When prioritising security vulnerabilities, the new CVSS model takes into account more than just a score. Continue reading on Central Online » Read more »
- How one can revoke your U.S. residence, permanently — and you won’t even know it.US immigration forms and procedures lack adequate security, letting anyone renounce your permanent residence status. Continue reading on Central Online » Read more »
- Why ‘herd immunity’ might actually be the only way of tackling COVID-19While sharp rise in ‘pandemic’ cases is making headlines, death statistics tell a whole other story — which is good news. Continue reading on Central Online » Read more »
- Netgear TLS private key disclosure through device firmware imagesBunding CA’s private keys with publicly available router firmware means rendering SSL encryption useless. Continue reading on AxDB » Read more »
- Stored Cross-Site Scripting attacks using crafted SVG images
How can malicious SVGs be used to exploit XSS vulnerabilities? Continue reading on AxDB » Read more » - “Rewriting the laws” of a British Overseas territory with SQL Injection.How this security vulnerability could let anyone “rewrite the laws” of HM Government of Gibraltar. Continue reading on AxDB » Read more »
Medium: Go to Medium blog >
- 5 ways cybersecurity awareness trainings can strengthen your organization
According to an InfoScales report, 95% of successful cyberattacks have human error as the leading cause – most notably company employees falling for phishing scams. This is an important observation as cybersecurity efforts often intuitively focus largely on strengthening the technical controls in an organization to prevent data leakage, willful… Read more » - 5 practical ways your organization can benefit from DevSecOps
It’s right there in the moniker: DevSecOps , a portmanteau of Development, Security and Operations, implies introducing security early on – as a part of a comprehensive, agile Software Development Life Cycle (SDLC) used by your organization, rather than doing so iteratively or waiting until after a release. Given how… Read more » - Is our obsession with regulation killing the web?
Anybody who’s been paying attention has noticed just how much the internet has changed within the last 10 years. From the humble looks of Google’s homepage to the vast existence old-school message boards and a virtually irrelevant “social” media, the internet largely felt like an accessory, a toy you could… Read more » - 7 steps to landing your first IT job, fast
IT is a constantly expanding sector with its ever-increasing demand for skilled talent and the projected scope for growth within the next few years. This is especially true for the Information Security subfield for which the vacancies are drastically going up while the workers are struggling to catch up in… Read more » - 7 ‘don’ts’ of diversity for fostering a healthy office culture
Change at a workplace is hard and often comes with improvements and challenges which cannot be ignored. Change can be a struggle for employees who often need time to gradually adapt themselves to it, rather than feeling forced into it. Even minor changes, for example, changing your company’s choice of… Read more » - 5 ways a global presence can benefit your tech company
If you run a successful tech startup or an established business, primarily offering digital products and services, chances are you have a significant customer presence worldwide. There also lies a high probability that you leverage a remote workforce ‘round-the-globe enabling increased collaboration over time zones. While staying local never hurt… Read more »