Jeremiah Blatz
159 Madison Ave. #2A
New York, NY 10016
Education: Carnegie Mellon University, 1997
B.S. in Human-Computer Interaction (Self-Defined)
Minor in Computer Science
Programming Languages: Expert (several years' experience, several large projects)
PHP, Python, Oracle PL/SQL, JavaScript (incl. AJAX), HTML
Experienced (about a year's experience, medium projects)
C, C#/ASP.NET, XML/SOAP, Java, Pascal, ASP/Visual Basic/VB Script, CSS, XML, HyperTalk, Perl
Working Knowledge (small projects)
C++, Microsoft T-SQL, sh, discrete electronics, PIC assembler, SM/NJ, COBOL
Applications: Expert
HTTP, Photoshop, Illustrator, Oracle, CVS, MS Access, After Effects, Premier
Apache, BURP Suite, Ethereal/Wireshark, MS Visual Studio, TCP/IP, Macromedia Director, MS Visual SourceSafe, ipchains, Word, Excel
Working Knowledge
DNS, MS SQL Server, SMTP, Ethernet, Lotus Notes, Cyrus
Project/Relationship Management:
Durations up to 6 months
Budgets in the millions of dollars
Teams of 4-10 people
At Foundstone and Matasano, I oversaw delivery teams and relationships for our largest customers. Delivery teams were typically 4-10 people staffed to continuous short-duration (days to weeks) projects.
I managed the design and development of a tax data collection application at Interpublic. The project team was myself, two contract junior developers, and a contract designer. I was responsible for most client interaction, architecture and design, and personnel management and assignments. I also developed the database and back-end components.
I supervised the development of the integration at Community Connect, including timelines, resource allocation and management, specification development, and technical coordination with the team. The project took over 6 months (delivered on time), and I was responsible for the management of three other people at Community Connect. I also made a significant development contribution to the project.
At MAYA, I was in charge of overall management of the Muybridge 360 project. Although this a short-term project, it was very complex. We had a tight, hard deadline and an ambitious deliverable with lots of interacting pieces. The team of 8 people worked all day, every day to get it done, and we were working up to the last hours. I was in charge of the overall project and component integration. In this role, I allowed each project member to focus very narrowly on their individual part, while I filled in any gaps in the project team, working on serial communications, optics, and software aspects of the system.
Computer Security: Web Application Penetration Testing (SQL/HTML/Script Injection, Request Forgery, Authentication Bypass, Session Hijacking, etc.), Architecture and System Design Review, Protocol Design and Analysis, Authentication System Design and Analysis, Code Reviews, Firewalls and Networks, Intrusion Detection and Forensics
UI Evaluation Skills: User Testing, Heuristic Analysis, Interviews, Contextual Analysis, Surveys, GOMS
Operating Systems: Unix
Use since 1992 (Linux, Darwin, Solaris, HP/UX, AIX)
Administration since 1995 (Linux, darwin)
Use since 1986
Administration since 1991 (Versions 6.x - 10.4)
Use since 1993 (DOS, 3.1/3.1.1, 95/98, NT, 2000, XP)
Administration since 1996 (DOS, 3.1.1, NT, 2000)
Small Portfolio:
Work Experience: September 2011 - Present – Matasano, NCC Group
Senior Consultant, Matasano New York Practice Manager
I am a security consultant for Matasano Security, a part of the NCC Group. In this role, I am responsible for supervising and mentoring consultants, managing customer relationships, overseeing several aspects of group integration, hiring, managing projects, performing security architecture reviews, and performing security assessments on a variety of applications.
Primary Responsibilities
Supervisor of 7-10 consultants
Co-managing integration of Matasano, iSEC, and Intrepidus with respect to project management, recruiting, and reporting
Overseeing the Matasano recruiting process
Managing and co-managing relationships with our largest customer accounts
Significant Contributions
Managing 2-5 person delivery teams on complex or challenging projects
Performing architecture reviews for customers
Performing security assessments/penetration tests for customers, including web applications, thick-clients, mobile apps, networks, and hardware and firmware products.
April 2007 - September 2011 – Foundstone
Managing Consultant
I was a security consultant for Foundstone Professional Services, a Division of McAfee (now a part of Intel). In this role, I was responsible for managing project engagements, teaching web security courses, and performing security assessments, primarily on web and thick-client applications and networks.
Primary Responsibilities
Web application and thick client penetration tests
Project management
Teaching and enhancing/revamping Ultimate Hacking: Web
Technical lead on the web application assessment service line
Significant Contributions
Citrix assessments
Mentoring new employees
External network penetration testing
December 2006 - April 2007 – Symantec
Principal Security Consultant
I was employed as a security consultant for the advisory services group of Symantec. In this role, I was responsible for discovering vulnerabilities in clients’ applications and networks, and advising in their remediation. I worked remotely and on client sites for a variety of large and small clients.
Primary Responsibilities
Web penetration tests
Code reviews
Network penetration tests
Significant Contributions
Security process and architecture review
Advising clients on remediation
Security software development
Secure framework development
January 2005 - December 2006 – Interpublic Group of Companies, Inc
Senior Programmer Analyst
The Interpublic Group of Companies is a collection of advertising agencies. I was a member of the 6-person team that developed and maintained Interpublic’s intranet and public web site. The intranet serves tens of thousands of Interpublic employees worldwide, and provides support for cross-agency information sharing and corporate initiatives and procedures.
Primary Responsibilities
Application and database architecture
Front and back-end development in PHP, PL/SQL, and Perl
Data design in Oracle
Significant Contributions
Requirements gathering and documentation
Overall system architecture
Interfacing with clients and outside service providers
Web design
Other Responsibilities
Project planning
Small-team project management
September 2003 - January 2005 – Community Connect, Inc
Tech Lead, Senior Developer
Community Connect (CCI) creates and maintains online communities for US ethnic audiences. These sites, Black Planet, Asian Avenue, and MiGente are some of the most popular internet destinations for ethnic communities. As Technology Lead for the diversity recruiting (DR) department, I designed the software architecture for DR projects, and ensured that the DR developers produce high-quality code. I also performed the duties of a senior developer, estimated development effort for DR projects, and interfaced with clients and third party partners. Additionally, I contributed to strategic company-wide development initiatives, and was repeatedly praised for my attention to business goals.
Primary Responsibilities
Application and database architecture
Front and back-end development in PHP, PL/SQL, and Perl
Mentoring DR developers
HTML, JavaScript, and ActionScript development
Data design in Oracle
Significant Contributions
Project brainstorming and definition
Interface design
Project scoping and management
Other Responsibilities
Leading code reviews for DR and other departments
Technical presentations to CCI development team
January 2003 - September 2003 – Ilios Partners, LLC
Programmer / Analyst
Ilios specializes in extremely accurate stock surveillance. In order to compete effectively with their larger peers, they decided to move to a more full-featured IR package. Their product, IRNavigator, allows IR professionals to manage their shareholder relationships, view information on investors, and view the ownership information of their and other companies’ stock. I was the primary frontend developer for irNavigator.
Primary Responsibilities
Front-end development
Application security
Significant Contributions
Visual and information design
Project management
Other Responsibilities
Middleware architecture
Database design
Network architecture
T-SQL Development
Network and Infrastructure Security
In developing IRNavigator, I was asked to pay careful attention to perceived application performance. Ilios wanted its site to feel significantly faster than its competitors' sites. This posed significant difficulties, given the design of the ASP.NET framework. I designed and implemented many solutions to increase application interactivity, using low-level details of ASP.NET, existing browsers, and TCP/IP. The site is built with C#/ASP.NET against MS SQL Server and a proprietary DB cache backend.
June 2002 - present – Freelance Work
Heuristic Evaluation of a hosted application for ProductSoft
Electronic and mechanical design for a computer input device (client confidential)
Designed and built web site for Smith-Thompson
Client was unhappy with its current web site, as it was hard for users to navigate and hard to maintain. The company that provided Smith-Thompson’s inventory/accounting software provides an e-commerce framework that ties in with the software, but Smith-Thompson was dissatisfied with the web sites that were provided with the framework. I worked with Smith-Thompson to create a web site that projected the image that the owners wanted, and that made shopping an easy and pleasant experience for their customers. I then built the site, enhancing the functionality and security that the framework provided. The site is built using "classic" ASP. Currently I am providing some support services for and small enhancements to the site. A small case study available at
November 1997-July 2002 – MAYA Design Group
Interaction Designer/Systems Engineer
MAYA is a consulting firm that does both commercial product design and government-sponsored research. Notable projects included:
Wrote a database indexer
Under a DARPA contract, MAYA has been developing an object database that overcomes many of the problems traditionally associated with object databases. I architected and built an indexer for this database. The indexer allows fast lookups on fine-grained data structures, and features fast updating when the indexed data changes. I developed the indexer using Python on Linux and Solaris.
Office Security Expert
Designed and implemented authentication systems for web applications. Audited security measures in existing systems, and suggested fixes. Steered the development of DARPA-funded distributed information systems so that they could be made to function in a hostile environment. Upgraded company's network and host security measures.
Managed internal automation projects
Managed projects to move internal records online. Designed and built online applications for timesheets and labor forecasting. Lots of data modeling. Hired, trained, and managed an employee to do routine maintenance and implementation. Used a variety of tools and platforms, including Perl, Python, and VB on Linux, NT, and Solaris.
Led the award winning "Muybridge 360" project
Managed a high-pressure, short-deadline, resource-tight project to create a smashingly successful exhibit piece for a Pittsburgh film event. The installation consisted of a circular room surrounded by $20, Barbie-branded digital cameras. The device would photograph the participant, then produce a Matrix-style flipbook for them. The digital cameras were connected through custom-designed electronics to a Linux box (chosen for rapid development speed) for processing, then the images were sent to a Windows machine to be printed. I took the project from idea to on-site installation in one month. The project had architectural, electronics, software, and optics components, and loads of systems integration. In addition to managing and coordinating, I was responsible for most of the integration, designed the optics system, broke though show-stopping barriers in the electronics design, worked on the software, and generally filled in any gaps. This project involved the use of VB, Python, and electronics, among others. MAYA's web page about the project is available at:
Other responsibilities included:
Design and prototyping for public and internet web sites, kiosks, and stand-alone applications
Project management on commercial and government projects
Production coding for public and intranet web sites (HTML and CGI)
Determining project requirements with clients
Documenting software systems
User testing and other interface evaluation
1997 – Carnegie Mellon University Department of Design
Systems Administrator
Maintained hardware and software for 50 Macintoshes and 5 Windows NT machines. Installed LAN for 20 machine design studio.
1995-1997 – Carnegie Mellon University Institute for Complex Engineered Systems
Designed and implemented wearable computing system with a team of designers and software engineers.
Honors etc: US Patent 6907300: User interface for fire detection system
Muybridge 360 – ID Magazine Annual Design Review 2002 Bronze Medal
Certified in Axent/Symantec NetProwler
Africa Stik – 1996 Interval Research Corp. "Most Appropriate Use of Technology"
Efficacy of a Predictive Display, Steering Device, and Vehicle Body Representation in the Operation of a Lunar Vehicle – CHI '96