Education (where I got schooled)

Virginia Tech – Master's of Science, Computer Science, expected Dec 2017

  • Expecting to earn HCI Certificate
  • Completed courses include: Usability Engineering, Software Engineering, Models of HCI, Service Design, and Network Architecture and Protocols
  • GPA: Overall - 3.78

Virginia Tech – Bachelor's of Science, Computer Science, May 2011

  • Classes focused in UX and software engineering
  • GPA: Overall - 3.34, In-major – 3.49
Photo courtesy of Brian Sewell

"Official" Work Experience (you know... the full-time kind)

Office of the VP of IT at Virginia Tech, Software Developer - Sept 2015 - Present

  • Contribute to Summit, a research administrative system in development at Virginia Tech
  • Developed, architected, and performed transition to Docker-based QA environment (see blog post here)
  • Investigating methods to use cloud-based infrastructure to run applications at Virginia Tech
  • Starting VT DevCom, a university-wide developer community to provide collaboration, knowledge sharing, and best practices
  • Leading university efforts to adopt Docker and cloud-based environments

Network Infrastructure & Services, Software Developer - May 2011 - Sept 2015

  • Build and maintain applications (see the buzz word list)
  • Evaluated various tools and processes to drive adoption of Agile development
  • Helped lead transition from Spring 3/4 (using Tomcat) to Java EE7 (using Wildfly)
  • Introduced the use of WebSockets to create event-driven web applications
  • Identified need for a model-backed web interface, driving adoption for Backbone, AngularJS, etc.
  • Led and trained numerous teams, ranging from full-time employees to students
  • Contributed patches for various open source projects, including Wildfly/Undertow, Spring, and Mojarra
  • Enhanced critical university applications, including VT Alerts. Led RFP testing phase for new SMS/Voice vendor integration.

Blacksburg Electronic Village, Lead Developer - March 2009 – May 2011

  • Develop web applications using PHP, XHTML, CSS, jQuery, and Drupal CMS
  • Work with clients to establish requirements, provide training and support
  • Used Atlassian JIRA to manage team load and ensure projects stayed on task
  • Developed application to document, manage, and automate Selenium test cases
  • Debugged, fixed, and submitted numerous patches for various Drupal modules

The Vanguard Group – IT College to Corporate Intern, Systems Testing – Summer 2010

  • Updated test cases to conform to new corporate standard
  • Expanded test cases to increase testing quality accuracy – expanded 11 cases to 143.
  • Modified automation framework to support third-party built applications

The buzz word list...

  • Agile
  • Test-driven development
  • Java EE 7
  • Arquillian
  • Drone
  • Graphene
  • Selenium
  • JPA/Hibernate
  • AngularJs
  • WebSockets
  • JSF
  • HTML5/CSS3
  • Backbone.js
  • jQuery
  • Bower
  • Grunt
  • Continuous Integration
  • Jenkins
  • Maven
  • Spring Framework
  • JMS
  • Wildfly
  • Docker

Freelancing Work (during my copious spare time)

I run my own little business named Irwin Tech, LLC. Now I can joke I work for IT!

Campstur - Summer 2011 - Present

  • Processed over $2 million using Stripe's API
  • Helped support over 50 camps per year
  • Worked with camp coordinators to ensure the application works best for them
  • Application written in PHP, starting with "the glass first" (what's it going to look like?)
Check it out!

Open-Source Work

I believe strongly in giving back. Whether it's my own knowledge or bug fixes, there's always something to give. And, it doesn't take much time to do it.

Never doubt that a small group of thoughtful, committed people can change the world. Indeed, it is the only thing that ever has.

Margaret Meade

Stash Webhook to Jenkins

#2 Most Popular Plugin for Atlassian Stash (as of November 2015)

The plugin allows for continuous deployment/integration by notifying Jenkins when code has been pushed. Options exist to configure when and how the hook should be used.

 

Patches to other Projects

  • Wildfly/Undertow - fixed NPE that occurred when using a custom AuthenticationMechanism, which we were trying to do at the time
  • Spring - added support for Glassfish 4.0 WebSockets after it was accidentally removed
  • Mojarra - found and fixed a bug in the JSF Ajax Javascript library that occurred when using f:ajax on a form that had file uploads
Photo courtesy of David Marcu at Unsplash

Security Work

I love tinkering with stuff. In most cases, it's trying to figure out if I can break it.

But, in the process, I occasionally get lucky and find a vulnerability.

I do my best to provide detailed docs on what I find and responsibly disclose it.

PGP Tinkering

I've spent some time tinkering with PGP and potentially using it to better secure client-side code running in the browser.

I'm thinking of making a proposal to extend SRI (Subresource Integrity) to support signing, rather than simple hashes. An example implementation can be found here.

Third-party vendor - Summer 2014

  • Through a combination of privilege escalation and lack of input sanitation, I was able to effectively lock out, steal passwords, or manipulate the login page for a major notification delivery system.

Google Voice Vulnerability - Dec 2012

I was inducted into the Google Security Hall of Fame after discovering a vulernability in Google Voice. The vulnerability allowed a user to add any arbitrary phone number as a forwarding number, completely circumventing the phone call to verify physical access to the phone.

Read about the Vulnerability