Mark is a director and founder of Azimuth Security, and brings over 10 years of security experience to the team. The bulk of his professional career has been focused in the area of application security research. Mark spent a number of years as a senior researcher at IBM's Internet Security Systems (ISS) X-Force, during which he discovered a number of high-profile vulnerabilities in ubiquitous Internet software. In addition to professional vulnerability research, Mark's previous experience includes serving as a principal security architect for McAfee, as well as performing a variety of information security consulting services independently and for ITAC Consulting.
Mark's vulnerability research record speaks for itself. Over the last decade, Mark has identified and helped remediate critical remotely exploitable security vulnerabilities in Sendmail, Microsoft Exchange, OpenSSH, Internet Explorer, Mozilla Firefox, Adobe Flash, Checkpoint VPN, and Microsoft's SSL implementation. In addition to his vulnerability research, Mark has published several technical research papers, and was a co-author of the Addison-Wesley Professional book "The Art of Software Security Assessment". He was the winner of the 2009 Google Native Client Security Contest. Mark regularly speaks at industry conferences, including BlackHat, CanSecWest, PacSec, and Ruxcon.
John is a director and founder of Azimuth Security, who brings over a decade of security experience to the team. John's professional experience has been focused on software security, split evenly between vulnerability research and security consulting. John has held positions as a senior security researcher for IBM's Internet Security Systems X-Force and NAI Covert Labs (now McAfee). He spent five years as a senior security consultant for Neohapsis, where he was responsible for security engagements ranging from network penetration tests to in-depth focused manual source code reviews of COTS software. His experience is rounded out by a tour of duty as a security architect for Citibank, and participation in various professional development efforts.
As a vulnerability researcher, John has identified and helped resolve numerous critical vulnerabilities, including remotely exploitable issues in QuickTime, XviD, Solaris, BSD, Checkpoint FireWall-1, OpenSSL, and BIND. John is also a co-author of Addison Wesley's "The Art of Software Security Assessment." He has published multiple papers over the years, and presents his research at industry conferences such as BlackHat and CanSec West.