Who is David May? Overview
A concise factual answer block for searchers comparing this professional profile.
David May is listed as Senior Security Engineer at TRM Labs, based in United States. AeroLeads shows a work email signal at plaid.com and a matched LinkedIn profile for David May.
David May previously worked as Product Security Engineer at Plaid and Security Consultant at Bishop Fox. David May holds Bachelor Of Science (B.S.M.E), Mechanical Engineering from University Of Central Florida.
Email format at TRM Labs
This section adds company-level context without repeating David May's masked contact details.
AeroLeads found 1 current-domain work email signal for David May. Compare company email patterns before reaching out.
About David May
David May is a Senior Security Engineer at TRM Labs. He possess expertise in leadership, project management, project planning, research, systems engineering and 2 more skills.
Listed skills include Leadership, Project Management, Project Planning, Research, and 3 others.
David May's current company
Company context helps verify the profile and gives searchers a useful next step.
David May work experience
A career timeline built from the work history available for this profile.
Product Security Engineer
1) Manage Application Penetration Tests- Having been a pentester for two years, I understand what is required for an effective penetration test. I also apply Threat Modeling to identify known gaps in our products and hot spots in code so that pentesters can hit the ground running.- I lean into the business risk side of testing. Using a risk framework, findings are categorized and prioritized to ensure that outstanding risks to the business are kept to an absolute minimum.- Post-patch validation testing and knowledge of advanced bypass techniques help to ensure that fixes are sound before asking for a retest.2) Threat Modeling- Product-team driven threat modeling is the ideal yet difficult to implement in resource-constrained environments.- To counter act this, I developed an AI tool that parses internal documentation and API docs to identify and synthesize threats.- While not perfect by any means, it got us 80% of the way there while only requiring a tenth of the effort. This allowed us to scale and iterate quickly to identify heavy-hitting latent risks that were previously unidentified.3) Automating Data Streams- Created a CVE parsing tool that processes CVE data feeds with AI to determine applicable software and versions because CVE metadata is largely unstructured and notoriously inconsistent.- The output of this tool can be cross-referenced with SBOMs and asset inventories to determine CVE applicability and apply automated triaging where appropriate.- Parsing code repos and identity source of truth data to determine who owns specific pieces of code to assist with triaging vulnerabilities
Security Consultant
I provide security consultation services to some of the most prominent companies on the planet. Consultation responsibilities include:- Conducting code reviews and analyzing code both from a static (SAST) and dynamic (DAST) perspective- Performing application penetration tests and uncovering hard to find business-logic type vulnerabilities, including cross-service trust issues- Reviewing cloud architectures (AWS and GCP) to ensure a security-first design- Perform testing on network-connected devices, ranging from IoT to security products, to ensure security gaps are not present- Conduct internal and external network penetration testing to identify weaknesses in the perimeter or in internal systems that could lead to domain compromise or loss of business IP- Design and implement automated test cases for identified vulnerabilities so that findings can be routinely tested as part of CI/CD pipelines
Senior Penetration Tester
• Assess the security of domains, networks, web applications/APIs, mobile applications, and people within organizations, oftentimes as part of FedRAMP or PCI assessments• Research new TTPs and the latest advancements in this field and develop new exploitation tools and frameworks• Develop and deploy unique phishing campaigns• Prepare reports and presentations at different technical levels in order to effectively communicate the business risk associated with identified vulnerabilities in people, processes, and technologies
Security Engineer
Security Engineering responsibilities at SemanticBits include Penetration Testing, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Vulnerability Assessment/Scanning, Malicious Software Analysis, Cloud Security, and DevOps Security. I was responsible for owning the security posture of entire programs that were in pursuit of FedRAMP and HIPAA compliance.Utilizing a thorough understanding of the OWASP Top Ten and the CWE Top 25, I exploit and then help remediate application-level vulnerabilities. Higher-level programming languages, such as python, are regularly used to automate and streamline the Security Engineering process, especially in the Cloud.
Information Systems Security Officer
At Northrop Grumman, I provide oversight for the day-to-day cyber security operations on a global network. I maintain Information Assurance-related documentation and ensure the system maintains compliance to applicable Risk-Managed controls (NIST 800-53). I coordinate incident response activities and collect and disseminate cyber threat intelligence to ensure the network is protected against the latest threats.
Cyber Systems Engineer
At Northrop Grumman, I am responsible for assessing, testing, and implementing secure systems. As part of the information security team, I am responsible for establishing and maintaining a security posture that is Risk-Management Framework (RMF) compliant.Daily tasks include vulnerability research and assessment to determine operational impacts, developing patches to different operating systems, developing scripts, maintaining RMF documentation, setting up test environments for security testing, and working with system administrators to secure systems.
Systems Engineer
At Northrop Grumman, I provide Systems Engineering leadership for a range of Cyber Security and Software driven projects. Daily tasks include synthesizing customer contractual needs and requirements into system requirements and providing solutions that meet customer expectations as well as the technical, schedule, and cost constraints of the program. Activities include developing and directing the preparation and execution of comprehensive plans, procedures and schedules for completing systems; reviewing and evaluating system and software requirements to insure completeness; performing technical analysis of complete systems and preparing comprehensive system level evaluations; supporting testing analysis and verification of products and services in development or delivered; and participating in team efforts for special projects identified by management.
Systems Engineer
Provide engineering review and analysis of ground-support pressure vessels and systems that are critical to the successful launch of space vehicles under the CSSC II Contract.I carry out ASME Section VIII Division 1, Division 2, and FFS calculations to confirm compliance to ASME, API, and NBIC codes. These calculations involve stress analysis, relief valve sizing, and fatigue life determination.
Undergraduate Research Assistant
Conduct Mechanical Engineering Research in the areas of Creep Modeling and Mechanical Test Frame Design.Developed a reduced-order Kachanov-Rabotnov creep model that would reduce the computational resources necessary to simulate creep.Developed a novel method for determining material constants for the Norton-Bailey creep model using statistics.
David May education
-
University Of Central Florida
Frequently asked questions about David May
Quick answers generated from the profile data available on this page.
What company does David May work for?
David May works for TRM Labs.
What is David May's role at TRM Labs?
David May is listed as Senior Security Engineer at TRM Labs.
What is David May's email address?
AeroLeads has found 1 work email signal at @plaid.com for David May at TRM Labs.
Where is David May based?
David May is based in United States while working with TRM Labs.
What companies has David May worked for?
David May has worked for Trm Labs, Plaid, Bishop Fox, Schellman & Company, Llc, and Semanticbits.
How can I contact David May?
You can use AeroLeads to view verified contact signals for David May at TRM Labs, including work email, phone, and LinkedIn data when available.
What schools did David May attend?
David May holds Bachelor Of Science (B.S.M.E), Mechanical Engineering from University Of Central Florida.
What skills is David May known for?
David May is listed with skills including Leadership, Project Management, Project Planning, Research, Systems Engineering, Cyber Security, and Pentesting.
Search by job title, company, industry, location, and seniority. Export verified B2B contact data when you need it.
Start free trial