Education (where I got schooled)

Virginia Tech – Master's of Science, Computer Science, expected Dec 2016

  • Expecting to earn HCI Certificate
  • Completed courses include: Usability Engineering, Software Engineering, Models of HCI, Service Design, and Network Architecture and Protocols
  • GPA: Overall - 3.78

Virginia Tech – Bachelor's of Science, Computer Science, May 2011

  • Classes focused in UX and software engineering
  • GPA: Overall - 3.34, In-major – 3.49
Photo courtesy of Brian Sewell

"Official" Work Experience (you know... the full-time kind)

Office of the VP of IT at Virginia Tech, Software Developer - Sept 2015 - Present

  • Contribute to Summit, a research administrative system in development at Virginia Tech
  • Developed, architected, and performed transition to Docker-based QA environment (see blog post here)
  • Investigating methods to use cloud-based infrastructure to run applications at Virginia Tech
  • Starting VT DevCom, a university-wide developer community to provide collaboration, knowledge sharing, and best practices

Network Infrastructure & Services, Software Developer - May 2011 - Sept 2015

  • Build and maintain applications (see the buzz word list)
  • Evaluated various tools and processes to drive adoption of Agile development
  • Helped lead transition from Spring 3/4 (using Tomcat) to Java EE7 (using Wildfly)
  • Introduced the use of WebSockets to create event-driven web applications
  • Identified need for a model-backed web interface, driving adoption for Backbone, AngularJS, etc.
  • Led and trained numerous teams, ranging from full-time employees to students
  • Contributed patches for various open source projects, including Wildfly/Undertow, Spring, and Mojarra
  • Enhanced critical university applications, including VT Alerts. Led RFP testing phase for new SMS/Voice vendor integration.

Blacksburg Electronic Village, Lead Developer - March 2009 – May 2011

  • Develop web applications using PHP, XHTML, CSS, jQuery, and Drupal CMS
  • Work with clients to establish requirements, provide training and support
  • Used Atlassian JIRA to manage team load and ensure projects stayed on task
  • Developed application to document, manage, and automate Selenium test cases
  • Debugged, fixed, and submitted numerous patches for various Drupal modules

The Vanguard Group – IT College to Corporate Intern, Systems Testing – Summer 2010

  • Updated test cases to conform to new corporate standard
  • Expanded test cases to increase testing quality accuracy – expanded 11 cases to 143.
  • Modified automation framework to support third-party built applications

The buzz word list...

  • Agile
  • Test-driven development
  • Java EE 7
  • Arquillian
  • Drone
  • Graphene
  • Selenium
  • JPA/Hibernate
  • AngularJs
  • WebSockets
  • JSF
  • HTML5/CSS3
  • Backbone.js
  • jQuery
  • Bower
  • Grunt
  • Continuous Integration
  • Jenkins
  • Maven
  • Spring Framework
  • JMS
  • Wildfly
  • Docker

Freelancing Work (during my copious spare time)

I'm the proud owner and CEO of Nerdwin15, LLC. Why that name?

My wife often calls me Nerdwin and we were hoping that 2015 is the year we'd become homeowners.

So, combined the two, and bam! Nerdwin15!

Campstur - Summer 2011 - Present

  • Processed over $1.2 million using Stripe's API
  • Helped support over 50 camps per year
  • Worked with camp coordinators to ensure the application works best for them
  • Application written in PHP, starting with "the glass first" (what's it going to look like?)
Check it out!

RunKeeper Fitness Activity Log - Summer 2012 - Present

  • Provides a fitness log in RSS format that allows data to be consumed by other plugins, services, etc.
Check it out!

The clients' words...

Working with Michael on the redesign and management of our website has been a seamless process. His competence, creativity, and professional approach to his work is what really sets him apart from others that we have worked with. We couldn’t be happier with our site and the positive affect it has had on the growth of our business.
Tony Robie - VT Wrestling and Kevin Dresser Camps

Open-Source Work

I believe strongly in giving back. Whether it's my own knowledge or bug fixes, there's always something to give. And, it doesn't take much time to do it.

Never doubt that a small group of thoughtful, committed people can change the world. Indeed, it is the only thing that ever has.

Margaret Meade

Stash Webhook to Jenkins

#2 Most Popular Plugin for Atlassian Stash (as of November 2015)

The plugin allows for continuous deployment/integration by notifying Jenkins when code has been pushed. Options exist to configure when and how the hook should be used.


Patches to other Projects

  • Wildfly/Undertow - fixed NPE that occurred when using a custom AuthenticationMechanism, which we were trying to do at the time
  • Spring - added support for Glassfish 4.0 WebSockets after it was accidentally removed
  • Mojarra - found and fixed a bug in the JSF Ajax Javascript library that occurred when using f:ajax on a form that had file uploads
Photo courtesy of David Marcu at Unsplash

Security Work

I love tinkering with stuff. In most cases, it's trying to figure out if I can break it.

But, in the process, I occasionally get lucky and find a vulnerability.

I do my best to provide detailed docs on what I find and responsibly disclose it.

PGP Tinkering

I've spent some time tinkering with PGP and potentially using it to better secure client-side code running in the browser.

I'm thinking of making a proposal to extend SRI (Subresource Integrity) to support signing, rather than simple hashes. An example implementation can be found here.

Third-party vendor - Summer 2014

  • Through a combination of privilege escalation and lack of input sanitation, I was able to effectively lock out, steal passwords, or manipulate the login page for a major notification delivery system.

Google Voice Vulnerability - Dec 2012

I was inducted into the Google Security Hall of Fame after discovering a vulernability in Google Voice. The vulnerability allowed a user to add any arbitrary phone number as a forwarding number, completely circumventing the phone call to verify physical access to the phone.

Read about the Vulnerability