=== Kelby Ludwig ===
                               ==== AppSec Engineer ====
                             === kelbyludwig@gmail.com ===
                === http://kel.bz - @kelbyludwig - github.com/kelbyludwig ===
       |=-----------------------------=[ Resume ]=--------------------------------=|
       ----[ About Me ]
       I am an Austin-based security engineer with a background in computer science.
       My personal and professional technical interests are in software security and 
       cryptography. I pride myself on my near-constant pursuit of furthering my own
       understanding of computer security, as well as my often-pragmatic attitude.
       ----[ Skills and Proficiency ]

       * Cryptography (Engineering)                                      [****- 4/5]

       * Cryptography (Mathematics)                                      [***-- 3/5]
       * Web Application Penetration Testing                             [****- 4/5]
       * External Network Penetration Testing                            [***-- 3/5]
       * Secure Code Review                                              [****- 4/5]
       * Golang                                                          [****- 4/5] 
       * Python                                                          [****- 4/5]
       * Linux                                                           [***-- 3/5]
       ----[ Work Experience ]

       ------ [ Duo - Senior AppSec Engineer - Mar 2017 => Present
       At Duo, I was an early member of the AppSec team. A large portion of my daily 
       work was focused on collaborating with  feature teams and delivering security 
       assessments of their output. Outside of review work, our team focused efforts 
       on ensuring we were consistently improving Duo's security maturity-level and
       also operating AppSec program like a well-organized security consultancy.

       ------ [ Praetorian - Principal Security Engineer - Jan 2014 => Mar 2017
       At Praetorian, my primary responsibility was leading, managing, and executing 
       application security assessments.  A majority of my engagement work  involved 
       finding flaws in modern web applications, however, I have also  done software
       security work for many different tech stacks  and  platforms.  In addition to 
       assessment work,  I was also responsible for assisting sales in closing deals
       and was a core contributor to Praetorian's recruiting team.
       ------ [ 21CT - R&D Software Engineering Intern - Oct 2013 => Dec 2013
       During my internship at 21CT I was involved in many aspects of their software 
       development life-cycle including creating and maintaining test plans, writing 
       and implementing unit tests for new and existing code,  as well as developing 
       a library for use in company projects.
       ----[ Education and Training ]
       BS Computer Science - University of Texas at Austin - 2011 => 2015
       GIAC Web Application Penetration Tester (GWAPT) - 2015 => 2019 
       ----[ Projects, Writing, Speaking, and Miscelleneous Work ]
       ------ [ Trudy & MITM-VM 
       Trudy is a modular, and transparent TCP proxy written in Golang. It was built 
       to increase the efficiency of monitoring  &  modifying TCP-based protocols on 
       proxy  unaware devices.  MITM-VM is a  Vagrant virtual  machine that provides 
       proxy and  man-in-the-middle tooling, was well as configures a virtual router 
       that works well with Trudy.
       Trudy: https://github.com/praetorian-inc/trudy
       MITM-VM: https://github.com/praetorian-inc/mitm-vm
       ------ [ noyz 
       noyz is a Golang implementation of Trevor Perrin's  Noise protocol framework.
       noyz  also has  a  small application layer  with an API modeled  after Golang 
       standard library networking interfaces.

       noyz: https://github.com/kelbyludwig/noyz
       ------ [ OCSP Stapling in SSLScan
       I contributed a  pull-request  to SSLScan  to add support for testing whether 
       TLS servers support OCSP-stapling.
       SSLScan's Project Page: https://github.com/rbsec/sslscan
       My pull request: https://github.com/rbsec/sslscan/pull/48
       ------ [ Otter 
       Otter is an extension for Burp Suite  that facilitates authorization testing. 
       Its primary design goal is to make authorization testing for web applications
       as simple as browsing the application with a web browser.
       Otter: https://github.com/kelbyludwig/otter

       ------ [ CVE-2017-11424 

       CVE-2017-11424 is an issue I identified within the PyJWT Python library which 
       could enable symmetric/asymmetric "key confusion" attacks against its users.

       The patch: https://github.com/jpadilla/pyjwt/pull/277