=== Kelby Ludwig ===
==== AppSec Engineer ====
=== firstname.lastname@example.org ===
=== http://kel.bz - @kelbyludwig - github.com/kelbyludwig ===
|=-----------------------------=[ Resume ]=--------------------------------=|
----[ About Me ]
I am an Austin-based security engineer with a background in computer science.
My personal and professional technical interests are in software security and
cryptography. I pride myself on my near-constant pursuit of furthering my own
understanding of computer security, as well as my often-pragmatic attitude.
----[ Skills and Proficiency ]
* Cryptography (Engineering) [****- 4/5]
* Cryptography (Mathematics) [***-- 3/5]
* Web Application Penetration Testing [****- 4/5]
* External Network Penetration Testing [***-- 3/5]
* Secure Code Review [****- 4/5]
* Golang [****- 4/5]
* Python [****- 4/5]
* Linux [***-- 3/5]
----[ Work Experience ]
------ [ Duo - Senior AppSec Engineer - Mar 2017 => Present
At Duo, I was an early member of the AppSec team. A large portion of my daily
work was focused on collaborating with feature teams and delivering security
assessments of their output. Outside of review work, our team focused efforts
on ensuring we were consistently improving Duo's security maturity-level and
also operating AppSec program like a well-organized security consultancy.
------ [ Praetorian - Principal Security Engineer - Jan 2014 => Mar 2017
At Praetorian, my primary responsibility was leading, managing, and executing
application security assessments. A majority of my engagement work involved
finding flaws in modern web applications, however, I have also done software
security work for many different tech stacks and platforms. In addition to
assessment work, I was also responsible for assisting sales in closing deals
and was a core contributor to Praetorian's recruiting team.
------ [ 21CT - R&D Software Engineering Intern - Oct 2013 => Dec 2013
During my internship at 21CT I was involved in many aspects of their software
development life-cycle including creating and maintaining test plans, writing
and implementing unit tests for new and existing code, as well as developing
a library for use in company projects.
----[ Education and Training ]
BS Computer Science - University of Texas at Austin - 2011 => 2015
GIAC Web Application Penetration Tester (GWAPT) - 2015 => 2019
----[ Projects, Writing, Speaking, and Miscelleneous Work ]
------ [ Trudy & MITM-VM
Trudy is a modular, and transparent TCP proxy written in Golang. It was built
to increase the efficiency of monitoring & modifying TCP-based protocols on
proxy unaware devices. MITM-VM is a Vagrant virtual machine that provides
proxy and man-in-the-middle tooling, was well as configures a virtual router
that works well with Trudy.
------ [ noyz
noyz is a Golang implementation of Trevor Perrin's Noise protocol framework.
noyz also has a small application layer with an API modeled after Golang
standard library networking interfaces.
------ [ OCSP Stapling in SSLScan
I contributed a pull-request to SSLScan to add support for testing whether
TLS servers support OCSP-stapling.
SSLScan's Project Page: https://github.com/rbsec/sslscan
My pull request: https://github.com/rbsec/sslscan/pull/48
------ [ Otter
Otter is an extension for Burp Suite that facilitates authorization testing.
Its primary design goal is to make authorization testing for web applications
as simple as browsing the application with a web browser.
------ [ CVE-2017-11424
CVE-2017-11424 is an issue I identified within the PyJWT Python library which
could enable symmetric/asymmetric "key confusion" attacks against its users.
The patch: https://github.com/jpadilla/pyjwt/pull/277