Formerly worked for a security firm from home doing PCI ASV/PCI QSA work. Decided I hated working from home and that company, now I do vulnerability management for a corporate entity. I mostly still work in PCI, but I'm on the other end of the stick (the side that gets hit with the stick) Most of my time is spent spanking system owners when they don't patch properly, the rest is dedicated to reviewing and writing policy to help build up our VM program.

I used to know a whole lot of technical stuff, but then I got wrapped up for 2 years in PCI and lost all my skills by getting rusty and complacent. I spend a lot of time on /r/netsec.

I also created #DC407 and I'm an organizer of BsidesOrlando