Jonathan Carter

Jonathan Carter Email and Phone Number

Director, Information Security @ FalconX
San Francisco, CA, US
Jonathan Carter's Location
San Francisco, California, United States, United States
Jonathan Carter's Contact Details
About Jonathan Carter

Jonathan has been working in the IT industry for the past 20 years. During this time, he has participated in a large number of diverse projects within Canada, the United States, and Australia and posses a broad range of technical and leadership skills.First, he earned a Bachelors of Computer Engineering and a Masters in Computer Science with a major in Artificial Intelligence. Within Artificial Intelligence, he developed models of trust within computer security. He has many patents and publications relating to his research within the field.Since then, Jonathan has participated in many different aspects of application / product security. These include: ethical penetration testing; secure code reviews; seminar development; application framework development; risk management projects, training delivery with clients, defining security roadmaps, etc.Within Fortify, Jonathan posses a deep technical knowledge of Fortify's Source Code Analysis tools. Jonathan has made significant contributions towards the intellectual property surrounding the Fortify 360 product line. Routine engagements involve training, deployment, risk management, and source code auditing (both manual and automated).Market sector experience: Government (State), Commercial, Banking, Finance, and Online Services.Specialties: + Advanced Secure Coding & Design (.NET, VB, VB.NET, C++, C#, C, Java, JavaScript, AJAX, HTML, ASP.NET)+ Secure Framework development+ Application Penetration testing + Security Training+ Extensive Windows Platform security-related development (Layered service providers (LSP’s)), DLL Injection, API Hooking, reverse engineeringFront-end compiler optimization to prevent reverse engineering+ Extensive knowledge of Windows Internals architecture

Jonathan Carter's Current Company Details
FalconX

Falconx

View
Director, Information Security
San Francisco, CA, US
Jonathan Carter Work Experience Details
  • Falconx
    Director, Information Security
    Falconx
    San Francisco, Ca, Us
    View
  • Figma
    Head Of Infrastructure And Corporate Security
    Figma Aug 2023 - Present
    San Francisco, California, Us
    I lead a team of talented Security Engineers that focus on Data Security (Snowflake; AWS RDS; AWS Aurora; AWS Sagemaker; DBT; Dagster) Developer Security (CICD Hardening for Github; BuildKite), AWS Security at Scale, and Workload Security (EKS; ECS; Kubernetes; ECR Hardening) for all of FimgaFigma is a cloud native shop using a wide variety of AWS Services and my team supports ~800 Software Engineers at scale.Major initiatives I currently focus on include: account splitting (migrating to teams-based roles); terraform / spacelift hardening; Opal/Okta AWS Identity Center hardening; Snowflake Hardening; Establishing Data Catalogs / Labeling; Asset Tracking.
    View
  • Square
    Staff Engineer (Solver; Right Hand To The Ciso)
    Square Jan 2023 - Jul 2023
    San Francisco, Ca, Us
    As a solver, I tackle hard, complex security problems and design/implement proof-of-concepts. So far, I’ve built DSL Hunter: a tool that identifies sensitive data that resides within microservices. It combines source code with other useful signals to identify who has access to what and whether those groups/roles/permissions are too complex / poorly managed.
    View
  • Square
    Product Security - Manager
    Square Sep 2021 - Apr 2023
    San Francisco, Ca, Us
    I lead a vertical-aligned org of security engineering leaders (BISOs) responsible for securing Block’s vast suite of business products and emerging technologies. My team managed the security roadmaps, risk assessments, and security strategy of approximately 30 different products within Block. I set the security vision, established scalable security processes, helped prioritize roadmaps for Engineering, and did all of the usual people management functions for a team of 10.
    View
  • Square
    Product Security - Ic - Lead For Many Different Business Units
    Square May 2017 - Sep 2021
    San Francisco, Ca, Us
    I am presented to the rest of Square as a "mini-CISO" acting on behalf of InfoSec for a number of different product teams. I help teams understand and prioritize their security risks, what their security roadmap should look like, and I advise Engineers on their individual projects.I spent my first 1.5 years with the Cash team. Here, I: designed/implemented bitcoin cold storage for all of Square; helped Cash understand their cryptocurrency security risks; and performed many design/architecture reviews of many of their high-risk microservices / new features within the Cash App.I have spent 2 years with the ECOM/Payments teams. Here, I: performed tons of threat modeling; defined their security roadmap for high-impact security initiatives / product features; drove the design of projects within the roadmap; and moonlighted as vendor security and vuln management on behalf of Infosec.
    View
  • Owasp Mobile Top Ten
    Technical Lead
    Owasp Mobile Top Ten Dec 2013 - Sep 2017
    This project represents a well-known industry standard for common mobile vulnerabilities that you should fix after remediation. I lead the project and meet with other security professionals on a regular basis to update the list and its contents.
  • Lending Club
    Senior Application Security Engineer
    Lending Club Aug 2015 - Feb 2017
    San Francisco, California, Us
    Implemented and rolled out Lending Club's application security program from the ground up
    View
  • Owasp
    Executive Board Of Directors
    Owasp Aug 2016 - Jan 2017
    Elected member of the board of directors of OWASP
  • Arxan Technologies
    Technical Director
    Arxan Technologies Jun 2013 - Jul 2015
    San Francisco, California, Us
    Technical Evangelism; Thought Leadership; Strategic Partnership Building
    View
  • Appsecure Pty Ltd
    Application Security Engineer / Managing Partner
    Appsecure Pty Ltd Jun 2012 - Jun 2013
  • Pure Hacking
    Product And Application Security - Principal Security Consultant
    Pure Hacking May 2011 - Jun 2012
    + Manage a small team of Consultants (between 2-9 people)+ Provide advice and consulting directly to clients on projects+ Develop and enhance the deliverables provided to customers on engagements+ Facilitate learning and development activities in the team including training plans for team members, conferences, speaking presentations+ Define and develop the methodology used for conducting work within the organisation+ Assist in developing a marketing strategy and sales program for the team+ Work alongside the Account Management and Sales team in developing and selling new opportunities with existing and new customers+ Help to grow the Pure Hacking brand and deliver high quality work to its customers, and+ Assist in developing Proposals, Tender Responses and Sales tools for client engagements.
    View
  • Commonwealth Bank Of Australia
    Enterprise Security Architect / Designer
    Commonwealth Bank Of Australia Nov 2010 - May 2011
    Sydney, Nsw, Au
    + Provide information security advice to business units and service providers+ Design cost effective and secure services for customers+ Create security services that can be leveraged by customers and can be pulled together into an integrated solution+ Perform security threat assessments on designs enabling mitigation of security risk to acceptable levels+ Provide leadership into security design trends and products+ Assess and evaluate the need for security design policy exemptions. These should detail mitigation strategies and controls, and make appropriate recommendations for acceptance/rejection+ Embed security design in the Group’s project management lifecycle and solution development lifecycle processes+ Participate in thought leadership activities and attend industry events, where required. + Within the context of the role, make authoritative statements to internal and external service providers on the Bank’s IT Security requirements
    View
  • Fortify Software
    Security Researcher (Srg)
    Fortify Software Feb 2009 - Nov 2010
    Houston, Texas, Us
    + Expand the security content of Fortify tools by developing new content in existing areas of analysis+ Follow trends and developments in the field of software security and assess their significance+ Investigate and implement detailed techniques for exploiting software security vulnerabilities+ Determine new methods for automatic identification of vulnerabilities in software systems+ Compare results against known vulnerabilities in order to shape the future direction of the product+ Identify new vulnerabilities by auditing open source projects and customer code using Fortify tools
    View
  • Fortify Software
    Application Security Consultant - Professional Services
    Fortify Software Apr 2008 - Feb 2009
    Houston, Texas, Us
    The role includes installing and customizing Fortify’s application security products, assisting clients with source code analysis using Fortify SCA, managing runtime protection using Fortify Defender, and delivering product training.Key Responsibilities:+ Assess and scope customer requirements for application security needs+ Install and configure Fortify application security products+ Scan customer source code+ Audit results with development and/or security teams and offer plans for remediation of vulnerabilities+ Produce source code audit reports for customers+ Deliver product training to customers and partners+ Customize the implementation of Fortify’s production and test products+ Contribute to the Fortify Knowledge Base and Best Practices+ Interface with Product Management and Engineering to enhance products
    View
  • B-Sec
    Senior Application Security Consultant
    B-Sec Jun 2007 - Apr 2008
    B-Sec Consulting is a world leader in IT security consulting services to a wide and varied customer base, including banks, e-commerce clients, government institutions, and much more.Roles and responsibilities include:Liaising with clients to develop secure application frameworksReviewing source code of client applications with respect to securityTesting application securityDeveloping and conducting seminars on writing secure codeDeveloping Security Assessment strategiesImplementing ASP.NET/C# internal applications for b-sec internal useManaging junior application security consultants
    View
  • Codeworks
    Senior Software Engineer
    Codeworks Aug 2004 - Jun 2007
    Codeworx Technology provides Internet services related to credit-card processing gateways, affiliate management, and gaming systems. Codeworx manages several online casinos (Poker.com).Roles and Responsibilities over time:Senior engineer of Spam-Assist product lineSenior engineer/architect of Poker.com clientSenior manager of deployment, installation, and testing methodologyBranding manager – coordinating internal teams to brand all aspects of client Technical Requirements:Strong background in C++, Java, Win32 API, SWT, COM/ActiveX, Visual Studio / Eclipse Environment, Windows Internals architecture, ANTAdvanced knowledge of Layered Service Providers (LSPs), DLL Proecess Injection, API Interception, Internet Explorer plug-in developmentModerate background in C# required
  • Red Oxygen
    Software Engineer
    Red Oxygen 2003 - 2004
  • Digital Equipment Corporation
    System Administration
    Digital Equipment Corporation 1997 - 1997
    Houston, Texas, Us
    View

Jonathan Carter Skills

Application Security Security Computer Security Penetration Testing Software Development Information Security Security Architecture Design Web Application Security Vulnerability Assessment Network Security Java C++ Reverse Engineering Information Security Management Vulnerability Management .net Pci Dss Owasp C Architecture Web Services Security Training Code Review Mobile Security Internet Security C# Ethical Hacking Sdlc Security Audits Pki Security Research Iso 27001 Application Development Cryptography Java Enterprise Edition Cissp Html Asp.net Vb.net Windows J2ee

Jonathan Carter Education Details

  • University Of New Brunswick
    University Of New Brunswick
    Artificial Intelligence - Multiagent Systems
  • University Of New Brunswick
    University Of New Brunswick
    Software Engineering
  • University Of Waterloo
    University Of Waterloo
    Bachelors Of Computer Engineering

Frequently Asked Questions about Jonathan Carter

What company does Jonathan Carter work for?

Jonathan Carter works for Falconx

What is Jonathan Carter's role at the current company?

Jonathan Carter's current role is Director, Information Security.

What is Jonathan Carter's email address?

Jonathan Carter's email address is jo****@****asp.org

What is Jonathan Carter's direct phone number?

Jonathan Carter's direct phone number is +141563*****

What schools did Jonathan Carter attend?

Jonathan Carter attended University Of New Brunswick, University Of New Brunswick, University Of Waterloo.

What skills is Jonathan Carter known for?

Jonathan Carter has skills like Application Security, Security, Computer Security, Penetration Testing, Software Development, Information Security, Security Architecture Design, Web Application Security, Vulnerability Assessment, Network Security, Java, C++.

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Aero Online

Your AI prospecting assistant

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.