I've built my career at the intersection of software development and security, combining both disciplines to create more secure applications from the ground up. I’ve built apps, broken apps, and helped teams secure their apps before they ship. Along the way, I’ve stood up application security programs, rolled out vulnerability management programs, and run plenty of manual security testing to catch the stuff scanners miss.

I also like helping developers level up their security game—whether through training, code reviews, or just being the person who can explain why an issue actually matters. On the data side, I’ve done a lot with security analytics, digging into trends and helping teams make smarter decisions about risk.

cschooley

Skills & Expertise

• Application Security – Threat modeling, code reviews, OWASP WSTG, ASVS
• Vulnerability Management – Risk analysis, triage, remediation workflows
• Software Development – Python, TypeScript, Rust, Java, Go, Node.js
• Manual Security Testing – Web, mobile, API, SAST, DAST, Burp Suite
• Secure SDLC & Developer Training – Teaching secure coding, guiding teams
• Security Analytics & Monitoring – SIEM, EDR, and anomaly detection
• Infrastructure & Cloud Security – Hybrid cloud security (AWS/GCP/Azure)
• Automation & CI/CD – Integrating security into pipelines (Jenkins, GitHub Actions)
• Malware Analysis – Static and Dynamic analysis of malware samples to aid defense and remediation

Certifications

• Certified Information Systems Security Professional (CISSP)
• GIAC Web Application Penetration Tester (GWAPT)
• GIAC Cloud Security Essentials (GCLD)