Résumé of James Michael Manico

Education and Certifications

Siena College, Loudonville, NY.
Bachelor of Science, Computer Science
May 1997

• Building and Testing Secure Web Applications, Black Hat US 2007 Training
• GSEC Certified Professional
• ILOG JRules Training for Developers
• SANS Secure Internet Presence - LAMP (Linux + Apache + MySQL + PHP)
• Sun Certified Programmer for the Java Platform
• Object Oriented Analysis and Design with UML course certification, The Learning Tree
• Enterprise JavaBeans (EJB), U.C. Berkeley Extension
• Project Management Fundamentals Certification

Experience

VP Security Architecture
WhiteHat Security June 2011 - present

• Providing secure coding and developer awareness training. Member of the static analysis (SAST/SCA) team. Conference Speaker, Product Evangelist.

Independent Application Security Professional
February 2010 - June 2011

• Providing application security assessment, architectural, software engineering and training services to a wide variety of organizations.

Web Application Architect, Application Security Engineer, Application Security Instructor
Aspect Security August 2007 - February 2010

• Web Application Architect: Lead Architect/Developer of an ongoing internal application security vulnerability management web application using J2EE/Java 1.5, Struts 1.3, Hibernate 3, JQuery/Javascript, xHTML/CSS, MySQL. Also developed a prototype XFORMS/Spring module for the Open Medical Record System project (openmrs.org) via Sun Microsystems, Partners in Health and TED.
• Q2 2008 "Extreme Developer Award"
• Q4 2008 "Call to ARMS Award"
• Application Security Instructor/Educator: Application security instructor and editor for 1, 3 and 5 day classes including "Building and Testing Secure Web Application", "Secure Coding for Java EE" and "Application Security Management".
• Application Security Consultant: Performed assessments of web applications and software products using architectural review, code review and penetration testing techniques. Experience identifying vulnerabilities associated with Web applications as well as system and network software. Produced detailed reports documenting vulnerabilities and specific mitigation recommendations. Provided a variety of services assisting large organizations implement OWASP ESAPI.
• Very broad customer base

Java/J2EE Architect, VP Software Engineering, Extreme Troubleshooting
Codemagi Inc. May 2005 - February 2008

• Data-driven web application development on Sun Microsystems intranet and extranet sites for Executive Communications, Analyst Relations, and photos.sun.com.
• Data-driven web application development for Cigcorp
• Emergency troubleshooting services, InterAction reporting and Investran reporting via VBA for Excel for TelesoftVC.com.
• Development Environment includes: Telecommuting, Solaris, Linux, Oracle, PostgreSQL, JSP, JavaBeans, AJAX, XPath, MVC, Taglibs, LDAP, Apache, Tomcat, HTML, CSS, Investran, VBA for Excel.

Director of Software Development, Director of Vendor Relations, Secure Software Instructor
SANS Institute August 2004 - June 2005

• Provide technical guidance and support to web team.
• Review and participate in business analysis.
• PHP/MySQL programming for Vendor Relations (portal.sans.org/vendor) and Online Training departments (www.sans.org/online).
• Lead for corporate sales team (sales are up 33% this year).
• Instructor for LAMP track.
• Stay Sharp Instructor for Security Essentials.
• A multitude of other technical, sales and educational duties upon request from upper management.
• A frequent “go to” guy when something critical needs to get done.

August 2004-May 2005: Director of Vendor Relations + Software Engineering
March 2006-present: Java Security Auditing courseware author
July 2006: GSEC Certification Question Database Audit in preperation for ANSI Certification

Java/J2EE Architect, O/R Database Specialist, J2EE Courseware Author
Blue Slate Solutions July 2005 - December 2005 (ongoing collaboration)

• Java Consulting Services. Webservices and Hibernate programming for Citibank using JDK 1.4.2 + Websphere.
• Designed and authored 5 day introduction to Java programming class for Plug Power.

Technology Director, Systems and Network Manager, J2EE/Technology/Physics Instructor
Kula High and Intermediate May 2002 - August 2004 (ongoing advisory relationship)

• 5th-12th Grade Technology Educator
• Physics and Technology Instructor
• Network and Systems Administrator
• Head of Technology Department for Elementary, Intermediate and High school.

Java/J2EE Architect Consultant
Fireman's Fund Insurance Company April 2001 - August 2001

• Utilized VisualAge for Java, Websphere, Design Patterns, Rational Rose, UML, MQ, DB2, MS SourceSafe, LDAP, Policy Director, HTML and Javascript.
• Audited and documented current automotive insurance web-based quoting system.
• Researched, debugged and fixed multiple multi-threading issues with current application.
• Documented best practices, code optimization techniques, good webcentric programming techniques and general OO design.
• Designed and implemented new security and user profile methodology using LDAP and Policy Director.

Senior Java/Web Consultant
RateXchange.com October 2000 - March 2001

• Designed and implemented a neutral trading system for standard wholesale bandwidth capacity.
• Utilized CVS, JDK 1.3, RMI, JDBC, XML, multithreaded server programming, Swing, and the Java plugin 1.3.
• Designed/Implemented asynchronous message server.
• Created several database-driven (Oracle 8i) GUI applications with JDK 1.3/Swing.
• Developed centralized RMI cache server for JSP Administration and GUI Trading applications.
• Developed object protocol and relational design for Counter party credit financing.

Senior Java/Web Consultant
Gazoontite January - September 2000

• Designed and implemented web-based content management/workflow system. Utilized MS SourceSafe, JDK 1.2.2, JCE 1.2, JSP, XML, XSL, JDBC, Bluestone Server Technology, HTML and Javascript.
• Served as principal engineer for a 35 member web team.
• Created multiple database-driven JSP/HTML/JavaScript applications.
• Worked extensively with Oracle 8i SQL.
• Created real-time web-based content editorial and scheduling tools.
• Created multiple content synchronization applications integrating Screaming Media and Pollen.com.
• Designed and implemented newsletter editorial tools and newsletter sending automation.
• Created code standards, best practices, code optimization standards and general enterprise-wide object-oriented design.

Lead Java/Web Consultant, IT & Content Department
WebMD April - December 1999

• Member of the core web team for the WebMD/Healtheon merger. Utilized CVS, Java Servlets, Java 1.1.x, 1.2.x, Jclark/XML, HTTP, FTP, automated content parsing and categorization, JDBC, DB2 SQL, HTML, Javascript.
• Worked directly with principal engineer implementing core content distribution architecture of WebMD.com and all cobranded sites.
• Created multiple high availability database-driven web applications using a proprietary XML-based template language.
• Gathered requirements from content/engineering departments of 4 merging companies.
• Created database abstraction layer using DB2 SQL, an object-relational schema, and XML.
• Created multiple content synchronization applications integrating Medcast News, Reuters, DMK Medical Content and several medical archives.

Java GUI Consultant
EchoStar and DMW Group Worldwide November 1998 - April 1999

• Designed and developed a large (1280×1024) Java GUI using JDK 1.1.7B, StarTeam and Rational Rose.
• Worked directly with EchoStar senior executives designing customer service products, purchasing and promotion GUIs.
• Ensured that all engineering included abstraction of EchoStar-specific logic for further productization.
• Created multiple core GUI architecture components including tables and trees.
• Migrated legacy architecture from AWT to Swing 1.1.
• Worked extensively with Oracle 7 SQL.
• Utilized UML/Rational Rose to document class design and processes.
• Authored multiple technical design documents.
• Productization lifecycle.

Java/CGI/Web Consultant
GE Power Systems, 6 Sigma Executive Quality Team May 1997 - November 1998

• Developed multiple GUI Java applets using JDK 1.0.2 and MS SourceSafe for use in Netscape 3.0x.
• Gathered requirements directly with GE Power Systems senior sales team during design process.
• Utilized 3rd-party GUI widgets from RogueWave, ObjectiveBlend and ProtoView.
• Developed and implemented client to middle-tier database access methodology using C++/NT Service development and C++/Oracle OCI API.
• Developed lightweight architecture components for AWT GUI programming.
• Created client socket-based database access Java classes.
• Developed CGI Database reports in C++ using OCI access, HTML and JavaScript.
• Heavily utilized Oracle 7 SQL.
• Re-engineered several Applets in JDK 1.1.4 for use in Internet Explorer 4.x and Netscape 4.x.
• Continually trained new programmers and analysts in project architecture and code standards.
• August/98  Recognition/Achievement award.
• December/97  Customer Service Award.
• August/97  Achievement award for server development.

Programmer/Analyst Consultant
GE Power Systems February - May 1997

• Interdepartmental contractor for international Power Systems division of General Electric.
• Implemented multiple product inventory applications using Cold Fusion, HTML, JavaScript and MS Access.

Career Highlights

• OWASP Podcast Series, 2008-present Creator, Host and Producer
• OWASP ESAPI, 2008 Featured Speaker and Web Application Security Instructor, Shakacon II, 2008
• SUN Microsystem Innovation Webcast, 2007 Guest participant.
• "Wireless Security Leadership Essentials", 2005 Keynote Address, ISSA Hawaii Chapter's Annual Discover Security Conference.
• Kauai Computer Connection Talk Show Host, 2004 - Present KKCR Community Radio KKCR.org
• "Future of the World-Wide Web: A Next-Generation Web Search Engine," 1997 Fourth Annual Hudson River Undergraduate Mathematic Conference Presentation
• "Introductory Artificial Intelligence with PROLOG" 1996 Third Annual Hudson River Undergraduate Mathematic Conference Presentation