Cryptix Security Research and Consulting

  Welcome to Cryptix Research and Consulting

Cryptix is a security consulting and research firm. I have over 15 years of industry and research experience, in a wide variety of security disciplines.  I have deep and broad knowledge and experience in such areas as Security Architecture, cryptography, compliance (SOX, PCI, etc.), DRM (Digital Rights Management), fraud programs, billing systems, vulnerability research, etc.

At Cryptix, I will be focusing on the areas that I enjoy most – namely, penetration testing, and data leakage detection.  These are the areas for which I have been recently developing tools and techniques. 

In refining my proprietary methods of penetration testing and data leakage detection, I have found startling examples of problems from some websites that are household names.  Many of these issues could be considered material in nature.  I’m not talking about simple things like Cross Site Scripting, which is more of a PR concern for most companies, rather than a serious security problem. 

I am not reaching out to these companies, as I have found in the past that unsolicited security help is typically either ignored, or even angrily received.  There have been a few notable exceptions (thanks for the T-shirts, Google!) -- but they have been few and far between.

Even with my own tools, the work can still be extremely time-consuming to do right.  In the end, it takes meticulous work by a highly motivated and talented professional to find meaningful results. Anything less is a waste of time.  It also helps that I enjoy this work, and consider it an intellectual challenge that I want to win (and is one that I rarely lose).