Joe Leon, Developer in Washington, DC, United States
Joe is available for hire
Hire Joe

Joe Leon

Verified Expert  in Engineering

Software Developer

Location
Washington, DC, United States
Toptal Member Since
May 18, 2022

Joe currently oversees application security assessments for a small offensive security firm and manages product development and DevOps for a new cybersecurity tool his organization is about to release. In addition, Joe has provided security training and talks at several major cybersecurity conferences, most notably at Black Hat USA. As a technical problem solver with outstanding communication skills, he is passionate about bridging technical and non-technical audiences.

Web SecurityInformation SecurityPython 3GitSecurityFlaskDjangoLinuxMacOSBashGitHubCustomer Relationship Management (CRM)Sublime TextDevOpsCelery

Portfolio

FortyNorth Security
Burp Suite, Kali Linux, Web Security, Web Applications, Application Security...
LeadWash
Python 3, Flask, Web Applications, Application Security, Heroku, Git, GitHub

Experience

Python 3 - 6 yearsPenetration Testing - 4 yearsInformation Security - 4 yearsWeb Security - 4 yearsApplication Security - 4 yearsCybersecurity - 4 yearsFlask - 3 yearsDjango - 1 year

Availability

Part-time

Preferred Environment

Slack, Python 3, Web Security, Linux, MacOS, Sublime Text, Bash, GitHub

The most amazing...

...thing I've achieved was founding a SaaS company and selling it. Also, I've delivered training at some of the largest InfoSec conferences throughout the world.

Work Experience

Lead Application Security Engineer

2019 - PRESENT
FortyNorth Security
  • Led product development for a new cybersecurity SaaS product. Oversaw a team of three engineers and external consultants while designing the application's architecture and DevOps processes.
  • Managed application security assessments and worked on various penetration tests, including red team assessments, social engineering campaigns, and network penetration tests.
  • Developed offensive security training courses and delivered content at security conferences like Black Hat USA/Asia and Wild West Hackin' Fest.
Technologies: Burp Suite, Kali Linux, Web Security, Web Applications, Application Security, Python 3, IT Security, Security

CTO

2016 - 2018
LeadWash
  • Developed and built a Flask-based SaaS business designed to clean CRM data.
  • Managed all aspects of product design, development, and marketing.
  • Grew the business and gained sufficient market share to demonstrate product value, leading to a successful exit.
Technologies: Python 3, Flask, Web Applications, Application Security, Heroku, Git, GitHub

LeadWash

I led a Python Flask-based data cleansing SaaS product's product design, engineering, and marketing. After building the product and gaining market share, I sold the business with my partners in 2018.

Conference Talks and Training Sessions

I delivered the following training and talks at information security conferences.

x33fcon, May 2021: What the F#?
GrayHat Con, October 2020: A Practical Introduction to Bypassing Application Whitelisting
Black Hat Asia, September 2020: Intrusion Operations
Wild West Hackin' Cast, September 2020: Offensive MalDocs in 2020
DERPCON, May 2020: Bypassing Application Whitelisting
Pancakes Con, March 2020: Living Off the Land with a Side of Bubble Tea
WW Wild West Hackin' Fest, March 2020: An Introduction to Developing Phishing Malware
Black Hat USA, August 2019: Intrusion Operations

Delivered Cybersecurity Training at Black Hat USA

I taught a course about gaining initial access to a target network (e.g., phishing, business email compromise, etc.) at Black Hat USA in 2021. I helped create the learning materials and then delivered the training to two groups of students.

Built Graduate-level Course on Social Engineering and IT Security

Developed a graduate-level course about social engineering and IT security during my master’s program.

Course Thesis:

All organizations confront social engineering, and most major cyberattacks start with a social engineering infection vector. Any serious cybersecurity professional must understand how social engineering works (on a psychological and technological level) and its fundamental role in network security.

Principle Learning Objectives:

Explore the role of trust in society and how social engineers deceive that trust.

Identify how the nature of the internet has enabled social engineering to flourish.

Describe what “human vulnerabilities” allow for social engineering attacks to succeed.

Identify the fundamental psychological principles used by attackers.

Learn how to design effective social engineering campaigns.

Study the major social engineering use cases (financial, national security, and political).

Explore how automatic detection of social engineering works.

Identify ways to defend against social engineering (both active and passive).

Predict future social engineering trends.

Tools

Slack, GitHub, Git, Sublime Text, Celery

Paradigms

Penetration Testing, DevOps

Other

Web Security, Application Security, International Affairs, Networking, Information Security, Privacy, Static Application Security Testing (SAST), Customer Relationship Management (CRM), Web Applications, Curriculum Development & Delivery, Social Engineering, Public Speaking

Languages

Python 3, Bash, JavaScript

Frameworks

Django, Flask

Platforms

Linux, MacOS, Burp Suite, Kali Linux, Heroku

Industry Expertise

Cybersecurity, IT Security, Security, Network Security

Libraries/APIs

SQLAlchemy

2020 - 2021

Master's Degree in Information Security

New York University - New York, NY

2008 - 2012

Bachelor's Degree in International Relations

Georgetown University - Washington, DC

APRIL 2021 - APRIL 2024

PenTest+

CompTIA

APRIL 2021 - PRESENT

Offensive Security Experienced Penetration Tester

Offensive Security

NOVEMBER 2020 - PRESENT

Certified Ethical Hacker

EC-Council

JUNE 2019 - PRESENT

Offensive Security Certified Professional

Offensive Security

JULY 2018 - JULY 2024

Security+

CompTIA