Senior Security Researcher at Sonatype
CIO.com Contributor | An IDG Influencer
Editor @ Central
M.S. in Computer Science, Georgia Tech
B.S. in Software Engineering, Drexel University
Endorsed an Exceptional Talent, a recognised leader in Tech by the British Government and frequently featured in leading media outlets like Fortune, The Register and CIO, Ax is a Security Researcher and Engineer who holds passion for perpetual learning. In his spare time, he loves exploiting vulnerabilities, ethically and educating a wide range of audiences.
Ax’s expertise includes vulnerability research, development and web app security. Through responsible disclosure, he has previously exposed serious bugs and security vulnerabilities affecting national & global organisations like HM Government, Yodel, U.S. DHS, P.F. Chang’s, Planet Fitness, Comcast/Arris, Ellucian and the popular restaurant chain, Buca di Beppo.
In early 2018, Ax helped prevent a massive data breach at Georgia Tech by going public with a serious flaw which was left unpatched for over a year. He hence earned himself a place on Tech’s Vulnerability Reporters “hall of fame” page.
To consult Ax for your next big security project or for media source requests, drop him a note here.
Ax’s hobbies include working out, reading, playing piano and developing innovative, upcoming web projects. He also runs his CIO.com column titled, “The Tech Mindset” and his Medium technology blog:
- Hacked Peruvian Government servers are sending phishing campaigns, and that’s worrisome
What’s interesting about this particular phishing campaign is, it originates from Government of Peru’s hacked email servers… Continue reading on Central Online » Read more » - Netgear TLS private key disclosure through device firmware imagesBunding CA’s private keys with publicly available router firmware means rendering SSL encryption useless. Continue reading on AxDB » Read more »
- Stored Cross-Site Scripting attacks using crafted SVG images
How can malicious SVGs be used to exploit XSS vulnerabilities? Continue reading on AxDB » Read more » - “Rewriting the laws” of a British Overseas territory with SQL Injection.How this security vulnerability could let anyone “rewrite the laws” of HM Government of Gibraltar. Continue reading on AxDB » Read more »
- Why TechCrunch needs to rethink its Contributor program, Extra Crunch
As a technology writer, your choice of platform greatly dictates your chances of being read. Extra Crunch goes an extra mile to kill that. Continue reading on Medium » Read more » - How purple.com became Virgin Atlantic’s WiFi landing page
Captive portals, domains and WiFi at 35,000 ft — a behind-the-scenes overview. Continue reading on Medium » Read more » - Military Grade Encryption Won’t Save You, or Your BusinessWith two recent vulnerabilities making headlines this month, notably CVE-2019–14899, impacting VPNs running on Linux distros and… Continue reading on Medium » Read more »
- Introducing AxDB — a publication for firsthand vulnerability disclosures
For times when responsible disclosure options don’t apply and the vulnerability deserves media attention, what do you do? Continue reading on AxDB » Read more »
Medium: Go to Medium blog >
- 5 ways cybersecurity awareness trainings can strengthen your organization
According to an InfoScales report, 95% of successful cyberattacks have human error as the leading cause – most notably company employees falling for phishing scams. This is an important observation as cybersecurity efforts often intuitively focus largely on strengthening the technical controls in an organization to prevent data leakage, willful… Read more » - 5 practical ways your organization can benefit from DevSecOps
It’s right there in the moniker: DevSecOps , a portmanteau of Development, Security and Operations, implies introducing security early on – as a part of a comprehensive, agile Software Development Life Cycle (SDLC) used by your organization, rather than doing so iteratively or waiting until after a release. Given how… Read more » - Is our obsession with regulation killing the web?
Anybody who’s been paying attention has noticed just how much the internet has changed within the last 10 years. From the humble looks of Google’s homepage to the vast existence old-school message boards and a virtually irrelevant “social” media, the internet largely felt like an accessory, a toy you could… Read more » - 7 steps to landing your first IT job, fast
IT is a constantly expanding sector with its ever-increasing demand for skilled talent and the projected scope for growth within the next few years. This is especially true for the Information Security subfield for which the vacancies are drastically going up while the workers are struggling to catch up in… Read more » - 7 ‘don’ts’ of diversity for fostering a healthy office culture
Change at a workplace is hard and often comes with improvements and challenges which cannot be ignored. Change can be a struggle for employees who often need time to gradually adapt themselves to it, rather than feeling forced into it. Even minor changes, for example, changing your company’s choice of… Read more » - 5 ways a global presence can benefit your tech company
If you run a successful tech startup or an established business, primarily offering digital products and services, chances are you have a significant customer presence worldwide. There also lies a high probability that you leverage a remote workforce ‘round-the-globe enabling increased collaboration over time zones. While staying local never hurt… Read more »