Lewis Ardern

Staff Security Researcher at Semgrep

Los Angeles, California, United States
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Lewis Ardern is a Staff Security Researcher with 13 years’ experience specializing in modern web and JavaScript ecosystem security, currently helping scale Semgrep’s detection capabilities. He combines hands-on rule development for high-profile open-source projects like semgrep-rules with systems-level work—building vulnerable VM environments and CI-friendly tooling—to bridge research and engineering. Previously he led security uplift initiatives at Salesforce, automating cryptographic export-control analysis and cutting manual review time with static-analysis rules. As an instructor and consultant at Synopsys he authored defensive-library guidance and ran JavaScript security training and threat modeling for large clients. Based in Los Angeles, he’s active in the community (OWASP, meetups) and co-hosts security-focused talks, bringing a rare mix of developer empathy, offensive testing experience, and production-grade defensive engineering.
code13 years of coding experience
job9 years of employment as a software developer
bookGCSE, GCSE at Whitley Abbey Community School
bookBTEC National Diploma for Computer Security & Networking, Merit Merit Pass, BTEC National Diploma for Computer Security & Networking, Merit Merit Pass at City College Coventry
bookBachelor's Degree, Computer Security & Ethical Hacking, 85, Bachelor's Degree, Computer Security & Ethical Hacking, 85 at Leeds Metropolitan University
github-logo-circle

Github Skills (20)

puppeteer10
javascript10
puppet10
semgrep10
it-security10
configuration-management10
ruby10
security10
virtualization10
vagrant10
devops10
architecture9
static-analysis9
program-analysis9
architectures9

Programming languages (12)

HCLTypeScriptMDXJavaDockerfileOCamlJavaScriptGo

Github contributions (5)

github-logo-circle
semgrep/semgrep-rules

Apr 2022 - Jan 2023

Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.
Role in this project:
userBack-end Developer & Security Engineer
Contributions:169 reviews, 365 commits, 381 PRs in 9 months
Contributions summary:Lewis primarily contributed to security rules within the repository. Their work included adding and modifying rules related to Ruby's RSA implementations, including checks for weak key lengths and hardcoded passphrases. They also added rules related to JavaScript, specifically for express and angular, to detect vulnerabilities. Additionally, they made updates to existing Javascript rules and tests.
securitysemgrepsemgrep-rulessemgrep-registryprogram-analysis
SecGen/SecGen

Mar 2014 - Apr 2019

Generate vulnerable virtual machines on the fly (current team development is taking place in the cliffe/SecGen fork)
Role in this project:
userDevOps Engineer & System Architect
Contributions:30 commits, 1 PR, 7 pushes in 5 years 1 month
Contributions summary:Lewis primarily focuses on configuring and setting up the environment for the project, modifying the Vagrant configuration for virtual machine generation and network settings. They are involved in modifying files and integrating the project with puppet configuration. The user is responsible for ensuring proper building and generating the project, addressing build number issues.
placevulnerablemachinessecurityvirtual-machines
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Lewis Ardern - Staff Security Researcher at Semgrep