Ken Johnson

Co-Founder & CTO at DryRun Security

Gainesville, Virginia, United States
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

👤
Senior
Ken Johnson is a security-focused technologist and co-founder currently serving as CTO of DryRun Security, with over 15 years delivering application and cloud security across startups and enterprises. He blends hands-on full-stack development with deep offense/defense expertise from roles at GitHub, nVisium, and LivingSocial, and has a particular knack for translating vulnerability research into usable developer-facing tooling. Ken has contributed to notable open-source projects like OWASP RailsGoat—improving tutorials, UI, and fixing XSS—and built core security logic for WeirdAAL, an AWS attack library that demonstrates practical cloud threat modeling. Based in Gainesville, VA, he combines executive leadership with day-to-day engineering, often surfacing non-obvious risks (like credential and config misuse) through automated, reproducible checks.
code15 years of coding experience
job11 years of employment as a software developer
github-logo-circle

Github Skills (15)

html10
ruby10
it-security10
ruby-rails10
vulnerabilities10
javascript10
rails10
boto10
aws10
python10
xss10
ruby-on-rails10
security10
argument-parsing9
css9

Programming languages (7)

C#JavaCSSJavaScriptHTMLRubyPython

Github contributions (5)

github-logo-circle
OWASP/railsgoat

Jun 2013 - Aug 2022

A vulnerable version of Rails that follows the OWASP Top 10
Role in this project:
userFull-stack Developer
Contributions:3 releases, 4 reviews, 277 commits in 9 years 4 months
Contributions summary:Ken primarily focused on front-end development and UI improvements for the RailsGoat application. Their contributions included modifying the home page, implementing a tutorial guide with "builder" and "breaker" categories, and dynamically loading tutorial content. They also worked on fixing XSS vulnerabilities, cleaning up view code, and making modifications to CSS and javascript files. The user integrated a visit tutorial button and made changes to the login and signup pages.
ruby-on-railsvulnerablerailssecurityvulnerabilities
carnal0wnage/weirdAAL

Sep 2017 - Feb 2019

WeirdAAL (AWS Attack Library)
Role in this project:
userBack-end Developer & Security Engineer
Contributions:84 commits, 11 PRs, 15 pushes in 1 year 4 months
Contributions summary:Ken primarily focused on developing the foundational components of the AWS Attack Library (WeirdAAL), starting with basic setup and import testing. They implemented argument parsing and a step-based execution flow, incorporating the use of environment variables and config files. The user also added security-focused logic, including checks for AWS access keys and initial account access validation, demonstrating an understanding of AWS security best practices.
securitypentest-toolpython3awsattack
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Ken Johnson - Co-Founder & CTO at DryRun Security