Justin Massey

Justin Massey

Software Security Engineer

Contact Me

About Me

Hello - I'm Justin Massey, a security engineer who constantly tries to find the medium ground in between security and usability. Easier said than done. Currently, I am employed at Datadog as a Product Security Engineer and I work in between the product security and engineering teams to ensure our customers are delivered a secure product. I enjoy traveling, running, skiing, and watching soccer.

Blog Posts

Projects

Automated Security for Web Applications Open Source

I built this project to introduce application security departments and penetration testers to pytest, a python testing framework. This project contains some sample pytest scripts to run against a Mutillidae 1 web server, an intentionally vulnerable web application for learning the OWASP top 10. You can use these scripts to become familiar with the pytest framework and help you visualize some different ways to test for vulnerabilities which you may have found in your application in the past and ensure they aren't reintroduced into the code base.

Work Experience

Product Security Engineer - Datadog (2018 - Current)

Site Reliability Engineer - Ionic Security (2017 - 2018)

As a Site Reliability Engineer, I packaged our custom software for the AWS Marketplace with continuous deployment technologies such as Jenkins, Ansible and Packer. I also provided support to our Production Operations team to debug issues with our hosted solution.

Penetration Tester - Ionic Security (2015 - 2017)

I worked on the application security team and my original role was to conduct penetration tests on Ionic's key management as a service platform. This included writing custom tooling to test our patented key exchange. For every vulnerability I identified, I wrote a test case which could be run in a continuous integration pipeline. In addition to conducting penetration tests, I sat on the Enterprise Architecture Board to provide input from the security department on new architecture designs and changes.

Junior Penetration Tester - Coalfire Labs (2014 - 2015)

As a junior penetration tester, I was required to conduct 1-2 week internal/external network, web application and physical penetration tests. These tests were conducted for clients wanting best practice pentests as well as PCI and other compliance tests.

Technical Operations Manager - Atlanta Network and Computer Help (2013 - 2014)

At Atlanta Networking and Computer Help (ANCH), I managed the technical operations of the managed service provider. This included managing our help desk technicians and contractors. Additionally, I was tasked to manage the customer relations and provide assistance in the sales process.

Windows and Linux Server Administrator - Atlanta Network and Computer Help (2011 - 2013)

After working as a Help Desk Technician for some time, I transitioned to providing server support. I administered a wide range of our client servers including: Windows Active Directory, Windows IIS + ASP.NET, Windows application servers, Microsoft SQL servers, Ubuntu web servers, MySQL servers, and more. ANCH also offered a web hosting solution and I administered multiple instances of our Plesk web servers.

Help Desk Technician - Atlanta Network and Computer Help (2010 - 2011)

I began my first job as a Helpdesk Technician and provided support to our customers remotely and on site. Some tasks involved with the job were: malware removal, diagnosis network issues, configuring LANs and WLANs.