I thrive on shipping best in class strategy and implementations for securing assets and data from theft or abuse. Specialties of mine include general security architecture, vulnerability assessment & mitigation, authentication schemes, hardware security modules, supply chain attack mitigation, PII protection, web application hardening, system architecture, and Linux/*BSD hardening/automation. Over the past two decades I have been working in this space I have started multiple companies, designed and deployed hundreds of projects, and solved problems for many Fortune 500 companies. If you have interesting security or scaling challenges, we should talk.
The widely trusted cryptocurrency library libbitcoin was found to generate keys with only 32 bits of entropy, which enabled real world theft of millions of dollars in value across several major blockchains.
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.
Inexpensive method for acquiring social media data by distributing workload between browsers and servers as appropriate to drastically reduce infrastructure needs.
Decentralized Tech Mentorship
Informational Technology
I've worked with Lance extensively during our overlapping tenure at BitGo. From the get go, I could tell that Lance knows security. His passion is palpable; beyond concerning himself with the well-being of company systems, he preoccupied himself with the personal security of each of his coworkers. He is also very aware of the vulnerability landscape, and helped steer the company in the right direction multiple times when picking technologies. Security threats are constant, but Lance is even more tenacious.
As Lance's team member for the past year, I've benefited from his creativity and aptitude for solving hard technical problems. Lance was directly responsible for handling incoming requests and delegating company wishes to the team. Thanks to Lance's expertise and commitment, the company was a much more safe and secure working environment. He would never pass a chance to see if he could poke security holes in any side-project someone would set up. As a colleague, Lance is extraordinary generous with his time and sharing expertise. He will never tell you the answer, but rather guide you along the way so you can learn how to get to the answer yourself. His humor, colorful past and unique personality make Lance one of the best people I have ever had the pleasure of working with. I'd be happy to answer any questions you might have about his specific skills and experience.
Lance is a security conscious, production engineer with great communication skills. I worked with Lance at Pebble for over two years with him at first as a direct report of mine and and later as my peer, during which time he tackled a wide variety of challenges from an Angular mobile app to developing our deployment platform to being our hands-on production engineering lead. Lance was confident yet not cocky, had a positive can-do attitude and excelled with Linux, Docker, shell scripting and AWS. I would gladly work with Lance again.
Lance is a very self-motivated developer capable of taking extremely hard problems and solving them quickly and efficiently. He has immense logical and analytical skills coupled with an amazing creativity which creates the perfect combination needed for a successful developer or any position in the technology field. I worked with him in a major version milestone of our company's software that required a complete gutting of the system, and his knowledge and understanding of both development and systems helped immensely in our communications to swiftly and successfully complete the project.
Upon meeting Lance three years ago I've always known him as a fun, spontaneous guy who excels at what he does. He is proficent in computer security, multiple programming and scripting languages, and is an all around tech guru. He's a great motivator and has encouraged me in my programmers-walk multiple times. I'd recommend him for any computer-related task and would be confident in doing so, to this day I still look up to Lance and seek his advice.
Lance demonstrates a drive few IT professionals possess and has a large amount of technical knowledge to back it up. I would trust him to adequately handle any project given to him and likely surpass any expectations. He is an excellent contact to have and the right guy to put on your most critical job.
Lance is very charismatic, able to work very well with clients and help them understand. He's very good at making sure everyone is on the same page, and goes out of his way to ensure clients are happy with his work. When he's on a project, he will work with a single-minded focus. He is extremely clever, often combining many different techniques to arrive at a better solution. In web design, he has an eye for layout, but doesn't sacrifice browser compatibility or standards in order to create what he wants. He spends much time with clients, helping narrow down what it is they want, and then creates, making sure they are satisfied with the end result.