Ian Gallagher is a Senior Application Security Engineer with 16+ years of hands-on experience in offensive security, large-scale infrastructure hardening, and enterprise security engineering. He founded the long-running hacker community Neg9, where he’s organized CTFs and DEF CON competition infrastructure, demonstrating a deep commitment to community mentorship and practical skill-building. Ian has led red team operations and technical strategy at Dropbox and now leads offensive work for Arc XP at The Washington Post, blending penetration testing, vulnerability research, and production systems security for cloud platforms. He’s comfortable across Linux/BSD stacks and has improved real-world open-source security tooling—e.g., hardening the popular EyeWitness project to prevent XSS and malicious signature injection. Known for quickly learning complex systems, he pairs technical findings with clear mitigation guidance and process improvements to reduce organizational risk. Outside work he volunteers technical support for first responders and emergency communications, applying his security and systems expertise to community resilience.
16 years of coding experience
19 years of employment as a software developer
AS, Computer Science, Psychology, AS, Computer Science, Psychology at North Seattle College
A Firefox extension that demonstrates HTTP session hijacking attacks.
Role in this project:
Full-stack Developer
Contributions:16 commits in 5 months
Contributions summary:Ian primarily contributed to the development of handlers for various websites, including Amazon, Google, and Yelp, within the context of a Firefox extension for HTTP session hijacking. They implemented code to identify and extract user information (e.g., usernames and avatars) from the target websites. The user also added support for new sites, such as Flickr and CNET, expanding the extension's capabilities.
Contributions summary:Ian focused on improving the security of the EyeWitness tool. Their contributions included adding HTML entity encoding to prevent XSS vulnerabilities in the web request information and default credentials displayed in the report. They also addressed the potential for malicious code injection from the signatures file by encoding credentials. Furthermore, the user improved the handling of HTTPS hosts discovered through Nmap scans.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Ian Gallagher - Senior Application Security Engineer