Justin Collins is a Principal AI Security Researcher and seasoned application security leader with 17 years of experience building and scaling security programs and tooling. He founded and maintained Brakeman, a widely used static analysis scanner for Ruby on Rails, and led its commercial evolution through Brakeman Pro and acquisition by Synopsys. At Gusto he expanded product security into a multi-discipline function (Product Security, Identity, Privacy Engineering and more), and now focuses on AI security research. A hands-on engineer and open-source contributor, his commits span backend analysis, UI fixes, and database driver robustness—demonstrating both deep Ruby expertise and practical product-minded fixes. Based in Edmonton, he combines academic rigor from UCLA with entrepreneurial experience and a knack for turning static-analysis research into production-ready tools. An underappreciated thread through his career is consistently improving developer ergonomics for security tooling, not just detection accuracy.
17 years of coding experience
18 years of employment as a software developer
Bachelor of Science Computer Science, Bachelor of Science Computer Science at Seattle University
A static analysis security vulnerability scanner for Ruby on Rails applications
Role in this project:
Back-end Developer
Contributions:72 releases, 33 reviews, 3068 commits in 12 years 7 months
Contributions summary:Justin primarily contributed to enhancing the Brakeman security scanner for Ruby on Rails applications. They worked on adding and improving tests, and implemented features to handle block arguments and address potential vulnerabilities. The commits focused on incorporating improvements for enhanced security analysis, and included refactoring parts of the codebase related to code processing and route handling.
A vulnerable version of Rails that follows the OWASP Top 10
Role in this project:
Full-stack Developer
Contributions:9 commits, 5 PRs, 3 comments in 7 years
Contributions summary:Justin primarily focused on improving the user interface and addressing vulnerabilities within the Rails application. Their commits involved fixing alert box styling, removing unused dashboard links, and centralizing elements on login and password reset pages. The user also addressed security concerns, specifically by implementing encryption fixes, stripping whitespace from email input, and correcting code related to decryption procedures.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Justin Collins - Principal AI Security Researcher at DryRun Security