ASP.NET Security Consultant

I'm an author, speaker, and generally a the-way-we've-always-done-it-sucks security guy who specializes in web technologies and ASP.NET.

I'm a bit of a health nut too, having lost 50 pounds in 2019 and 2020. Check out my blog for weight loss tips!

My Story

About My Career

My first job out of college was repairing band instruments, often fluts and clarinets, though I can repair anything you can blow into. I hadn't been doing that for very long when I started questioning my future in that career. Between my ever-increasing standards of what a "good" repair looked like an the ever-decreasing quality of instruments coming across my desk, I knew I either had to lower my standards or find a new career. So I left band instrument repair and half planned and half lucked into a career in web programming.

In all honesty, the first couple of years were difficult because I had a pretty bad case of impostor syndrome. I was working with people with degrees in Computer Science, and here I was with a degree in music and no knowledge of many Computer Science topics. However, I eventually realized that coming from a non-C.S. background gave me a couple of advantages as a programmer:

  1. My customer service experience helped me understand which questions to ask to figure out what my clients want, not just what they ask for
  2. My experience discussing which repairs were worth it meant that I didn't waste time making a perfect solution when a good one would do

It's hard to find a career as a programmer, though, with those attitudes (and the problem has gotten worse as agile methodologies become more common), so another career change was needed. Again I made a career change that was partly planned and partly luck, this time into application security.

I currently work as an application security consultant, focusing on helping companies find and fix security issues with their websites built in ASP.NET. The impostor syndrome is (nearly) gone, since I'm one of the very few people in the world with both hands-on knowledge of ASP.NET development and a security person's knowledge of web attacks and defenses. Want to learn more about what a security person says about ASP.NET? Check out my book! Need help securing a website? Contact Me!

About My Weight Loss

I've been heavy for much of my life. I lost 60 pounds in 2006 with a traditional diet and exercise regimen. I kept it off for several years, but slowly dropped my good habits, and as I dropped my good habits, slowly gained weight back. Eventually, I was 20 pounds heavier than my 2006 peak, culminating in the weight you see in my weight loss photo.

My second time around, I lost weight in a more sustainable way.

I ate dessert every night.

I ate pizza multiple times a week.

And I still lost weight. How? You'll have to check out my blog!

And finally, after losing 50 pounds, I hit a bit of a plateau. Or flat valley, I suppose? So, I started lifting weights and attempting bodybuilding. I'm still learning and still working when it comes to bodybuilding, but I've lost even more weight but put on quite a bit of muscle. Of course, as I get time, my blog will include lessons learned from bodybuilding too, and how it differs from pure weight loss.

Languages, Frameworks, and Tools


Finance, Non-profit, Insurance, Marketing, Health Care, Real Estate, Manufacturing, Consulting, Software


Agile, Scrum, ITIL, COBIT, Six Sigma, Lean Programming

Programming Languages

C#, F#, ASP.NET Web Forms, ASP.NET MVC, ASP.NET Core, JavaScript, SQL, JQuery, AngularJS, R, Python

Education and Certifications


CISSP (Certified Information Systems Security Professional)
MCTS (Microsoft Certified Technology Specialist) – Web Development with ASP.NET 4.0
MCTS (Microsoft Certified Technology Specialist) – SQL Server 2005
ITIL Foundation 2011
MCAD (Microsoft Certified Application Developer)


MBA – Indiana University, Kelley School of Business – Bloomington, IN
BA – Music – St. Olaf College – Northfield, MN