Profiles search
Brice Williams
Cybersecurity Practice Lead at SysLogic, Inc.
Los Angeles, CA, United States
Details
Experience:
Information security consultant providing expertise to clients looking to improve their software security posture. Industries include industrial control, healthcare, financial, retail, technology, and government.
As Practice Lead, I guide a team of cybersecurity experts who provide a variety of application security services for small non-profits up to global Fortune 500 organizations. With the help of this team I define and implement software security programs using best practices from OWASP, ISO, NIST, BSIMM, and others. This includes developing policies and standards, security requirements, secure coding practices, architectural analysis guidelines, and incident response plans.
We specialize in custom application security training programs and delivering content designed to proactively mitigate the most common security weaknesses in software development. I have personally traveled around the world to train thousands of engineering team members, and am a regular speaker at local events and industry conferences.
My team and I also stay very busy performing software product and IoT device penetration testing. We go deep using a wide variety of analysis techniques to identify weaknesses in systems using any programming languages, frameworks, or environments. Our number one goal is to produce actionable results that development teams can take and remediate any discovered vulnerabilities, sometimes with our help working alongside them.
We provide security architectural guidance and development for large cloud-based systems to small embedded/IoT devices. I design custom security platforms and security controls based on industry standards such as SAML, OAuth 2, Open ID Connect, XACML, UMA, etc. Functions include identity management, customer management, single sign-on, identity federation, API authentication, central authorization management, application registry, cryptography, data encryption, data isolation, and privacy.
2010 : Present
SysLogic, Inc.
Cybersecurity Practice Lead
Founding partner of Cyberspect, a startup in the application security space that provides tools to empower development teams to deliver more secure code. I lead the technology direction, product design and development efforts, and technical customer support.
2015 :
Cyberspect
Chief Engineer
Application security platform – Designed and oversaw development of a central authentication and authorization system used by all web based line of business applications. Provided seamless single sign-on and role based access control using Active Directory based user accounts and groups.
Windward project – One of two software architects who oversaw the entire technical architecture for phase 1 (a duration of over two years). This $50+ million project involved a purchased software system from another firm, an overseas development vendor, outsourced project management, and 100+ team members. Responsibilities included product review/selection, technical interviews, project definition and estimates, architectural documentation, development standards, technical design reviews, and assisting with complex development projects.
SharePoint Administration – Designed and implemented the SharePoint sites used by the enterprise for team collaboration, document management, project management, vendor relationships, and general content management. Managed authentication, authorization, and integration with corporate Active Directory for both intranet and extranet sites. Employed heavy use of custom lists for a wide variety of data storage needs with collaborative data entry.
Internal System Integration – Performed on-going architecture and integration at the enterprise level to provide connectivity to the various software systems used. These systems included IVR, reporting, credentialing, correspondence, document repository, off site internet facing web portals, Oracle Financials, scanners and document intake, outsourced OCR, outsourced printing and mailing, various EDI processes in both industry and client specific formats. Helped to ensure consistency across the enterprise and increase efficiency with existing processes.
2006 : 2010
DentaQuest
Solutions Architect
Both preliminary and detailed estimating. Technical designs and documentation. Product prototypes. Technology research. Development and unit testing. Integration testing with other developers/teams. Rollout documentation. Worked with QA team on functional and performance testing requirements. Support of production systems including off hours emergency guidance.
Member of an enterprise architecture team responsible for common systems and controls used by the various development teams.
Interviewed new Delphi and C# candidates. Led small teams of developers as technical lead for a project. Mentored new developers.
StarTeam Administrator
2002 : 2006
Marshall & Swift / Boeckh
Senior Software Engineer
Enterprise CRM - Designed and built on the AppFrame framework and provided the ability to build complex queries against a large customer database using simple drag and drop visual designer. Features included address mapping, bulk email submission, full address history, custom user statuses, customer relationships, secure customer journal, and customer photo management.
AppFrame application framework – Designed a smart-client framework for rich client desktop applications that were self-updating and discoverable to the entire enterprise. Developed using Delphi and MS SQL Server 7. The n-tier architecture provided large performance gains compared to the existing BDE client/server systems, with much simpler installation requirements.
Event registration management – Rewrote a large legacy Paradox application in Delphi to provide event definition and scheduling tools, process attendee registrations, perform real time customer matching against 20 year old membership data, print event badges, summary and financial reports.
1998 : 2002
Non Profit Organization
Developer
As Practice Lead, I guide a team of cybersecurity experts who provide a variety of application security services for small non-profits up to global Fortune 500 organizations. With the help of this team I define and implement software security programs using best practices from OWASP, ISO, NIST, BSIMM, and others. This includes developing policies and standards, security requirements, secure coding practices, architectural analysis guidelines, and incident response plans.
We specialize in custom application security training programs and delivering content designed to proactively mitigate the most common security weaknesses in software development. I have personally traveled around the world to train thousands of engineering team members, and am a regular speaker at local events and industry conferences.
My team and I also stay very busy performing software product and IoT device penetration testing. We go deep using a wide variety of analysis techniques to identify weaknesses in systems using any programming languages, frameworks, or environments. Our number one goal is to produce actionable results that development teams can take and remediate any discovered vulnerabilities, sometimes with our help working alongside them.
We provide security architectural guidance and development for large cloud-based systems to small embedded/IoT devices. I design custom security platforms and security controls based on industry standards such as SAML, OAuth 2, Open ID Connect, XACML, UMA, etc. Functions include identity management, customer management, single sign-on, identity federation, API authentication, central authorization management, application registry, cryptography, data encryption, data isolation, and privacy.
2010 : Present
SysLogic, Inc.
Cybersecurity Practice Lead
Founding partner of Cyberspect, a startup in the application security space that provides tools to empower development teams to deliver more secure code. I lead the technology direction, product design and development efforts, and technical customer support.
2015 :
Cyberspect
Chief Engineer
Application security platform – Designed and oversaw development of a central authentication and authorization system used by all web based line of business applications. Provided seamless single sign-on and role based access control using Active Directory based user accounts and groups.
Windward project – One of two software architects who oversaw the entire technical architecture for phase 1 (a duration of over two years). This $50+ million project involved a purchased software system from another firm, an overseas development vendor, outsourced project management, and 100+ team members. Responsibilities included product review/selection, technical interviews, project definition and estimates, architectural documentation, development standards, technical design reviews, and assisting with complex development projects.
SharePoint Administration – Designed and implemented the SharePoint sites used by the enterprise for team collaboration, document management, project management, vendor relationships, and general content management. Managed authentication, authorization, and integration with corporate Active Directory for both intranet and extranet sites. Employed heavy use of custom lists for a wide variety of data storage needs with collaborative data entry.
Internal System Integration – Performed on-going architecture and integration at the enterprise level to provide connectivity to the various software systems used. These systems included IVR, reporting, credentialing, correspondence, document repository, off site internet facing web portals, Oracle Financials, scanners and document intake, outsourced OCR, outsourced printing and mailing, various EDI processes in both industry and client specific formats. Helped to ensure consistency across the enterprise and increase efficiency with existing processes.
2006 : 2010
DentaQuest
Solutions Architect
Both preliminary and detailed estimating. Technical designs and documentation. Product prototypes. Technology research. Development and unit testing. Integration testing with other developers/teams. Rollout documentation. Worked with QA team on functional and performance testing requirements. Support of production systems including off hours emergency guidance.
Member of an enterprise architecture team responsible for common systems and controls used by the various development teams.
Interviewed new Delphi and C# candidates. Led small teams of developers as technical lead for a project. Mentored new developers.
StarTeam Administrator
2002 : 2006
Marshall & Swift / Boeckh
Senior Software Engineer
Enterprise CRM - Designed and built on the AppFrame framework and provided the ability to build complex queries against a large customer database using simple drag and drop visual designer. Features included address mapping, bulk email submission, full address history, custom user statuses, customer relationships, secure customer journal, and customer photo management.
AppFrame application framework – Designed a smart-client framework for rich client desktop applications that were self-updating and discoverable to the entire enterprise. Developed using Delphi and MS SQL Server 7. The n-tier architecture provided large performance gains compared to the existing BDE client/server systems, with much simpler installation requirements.
Event registration management – Rewrote a large legacy Paradox application in Delphi to provide event definition and scheduling tools, process attendee registrations, perform real time customer matching against 20 year old membership data, print event badges, summary and financial reports.
1998 : 2002
Non Profit Organization
Developer
Company:
SysLogic, Inc.
About
Application security architect with a focus on improving the state of information security within the software development life cycle.
Profile Photo
