Marcus Hodges Email & Phone Number

Menlo Park, CA, US

• Deputy CISO for Meta's Augmented Reality organizations. Directly responsible for security of our AR glasses hardware, software, experiences, and services supporting approximately 3000 people.
• Developed the security roadmap, maturity criteria, and methodologies for managing product security risks.
• Led the cross-functional effort and authored Meta's security standards for biometric auth on AR/VR devices. Partnered with system and silicon architects to design of our secure coprocessors and AI accelerators.
• Collaborated with experts in adversarial AI and Presentation Attack Detection (PAD) to establish baselines for biometric ML accuracy (FAR), resilience, and avoid bias, for novel biometric modalities.
• Designed the cryptography, infrastructure hardening, and physical security for a fleet of custom 18 wheeler petabyte-scale data centers on wheels.
• Co-designed the hardware privacy features for AR devices, that gives users hardware control over sensors, with the lead silicon architect and electrical engineers. Led a large XFN effort to align more than 15.

Costa Mesa, California, US

* Member of the Board of Directors of the ioXt Alliance* Partnered with leaders from Google, Amazon, Comcast, Legrand, Silicon Labs, Resideo, Zigbee, and others to set standards for the security of the security of the Internet of Things (IoT) * Established and chaired the IoT Privacy Extension working group to extend the IoT security vision with.

Wilmington, MA, US

• Bootstrapped a research organization to incubate new security techniques, expand corporate abilities, advance the state-of-the art, and cultivate employee skills
• Mentored over 20 research projects including netfilter modules, advanced fuzzing, symbolic execution, embedded device security, and blockchain
• Established a practice of providing application security expertise to open source projects to raise the security bar for core industry software
• Fostered a culture of knowledge sharing that produced over 50 internal tech talks
• Collaborated with the University of Washington to mentor and train student CTF and CCDC teams
• Built a hardware hacking lab and expanded our IoT and embedded device research and pentesting

Wilmington, MA, US

• Managed a team of 10 developers to design, develop, test, deploy, and maintain a custom, highly secure, Ubuntu-based, Linux distribution for the U.S. Federal Judiciary with over 700 production systems in 231 locations
• Managed people, project priorities, deadlines, and deliverables
• Defined complete system architecture including functional and security requirements
• Developed Linux kernel modules, application sandboxing, system hardening, and enterprise management tools
• Developed customized fork of Firefox including enterprise policy configuration extensions, domain access controls, and specialized domain specific UI
• Responsible for client relationships, product management, development process, UX, and product vision

Wilmington, MA, US

• Recruited and interviewed technical candidates to grow the security engineering team by over 50 engineers
• Performed a PCI gap analysis for a Level 1 Service Provider and designed solution to completely isolate CDE with one-way-doors
• Assessed the security of government enterprise Java EE / Perl applications with millions of active users; discovered and remediated numerous critical vulns including RCE, EoP, and complete auth bypass
• Provided security guidance for the secure design of SSO, MFA, web services, and password reset systems
• Advised on the security of cryptography, network protocols, native code, memory corruption, secure libraries, API design, and infra
• Established industry leading Threat Modeling methodology that redefined our professional services offerings

Wilmington, MA, US

• Developed an asynchronous Python TCP/IP network library with coroutines and Epoll for brute force, discovery, and automated web service testing
• Reverse engineering and dynamic analysis with IDA Pro, GDB, strace, PIN, and Capstone
• Analyzed security of embedded Linux devices for secure boot, system image integrity, key management, hardware attacks, SPI flash, JTAG/UART, and DMA attacks
• Hardened Linux systems with AppArmor, seccomp, capabilities, iptables, and secure configurations
• Linux system developer (Python, C, Qt/QML, GTK/glade, D-Bus, udev rules, cgroups, IPC, system)
• Customized several open source applications including Firefox, Evince, and XFCE to improve security

Wilmington, MA, US

* Focused on application security code reviews, penetration testing, and threat modeling* Implemented an ActiveX fuzzer with automated API discovery and core dump exploit analysis* Improved reporting templates and authored articles for Java security for eLearning coursework * Web application testing with Burp for XSS, SQLi, CSRF, command injection, and.

* Streamlined return management department for online retailer* Statistical analysis of business process to optimize throughput* RMA ticket tracking website in C#