Patrick Thomas

Staff Security Engineer at Headway

Redwood City, California, United States
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

👤
Senior
🎓
Top School
Patrick Thomas is a Staff Security Engineer with 14+ years of experience blending offensive and defensive expertise to secure product, platform, and cloud environments. He has led Netflix-wide data protection strategy and partnered with high-risk engineering orgs to build pragmatic, automation-first guardrails rather than bureaucratic gates. A frequent speaker at Black Hat, DEFCON and other conferences, Patrick pairs deep vulnerability research and penetration testing skills (including contributions to the well-known Metasploit framework targeting Node.js) with empathetic leadership and mentoring. He has advised and managed consulting teams at scale, taught network security at UC Berkeley, and now applies that mix of hands-on exploitation know-how and strategic program building at Headway. Notably, he emphasizes collaborative, inclusive security practices as a force multiplier for engineering velocity and resilience.
code14 years of coding experience
job14 years of employment as a software developer
bookCalifornia Polytechnic State University, San Luis Obispo
stackoverflow-logo

Stackoverflow

Stats
1,233reputation
65kreached
25answers
0questions
github-logo-circle

Github Skills (20)

javascript10
penetration-testing10
vulnerability10
command-injection10
exploit10
security-vulnerability10
vulnerabilities10
nodejs10
metasploit10
debug9
network-programming9
pygame6
powercli6
esx6
sql6

Programming languages (6)

JavaC++CoffeeScriptPerlRubyPython

Github contributions (5)

github-logo-circle
rapid7/metasploit-framework

Aug 2017 - Sep 2017

Metasploit Framework
Role in this project:
userSecurity Engineer
Contributions:8 commits, 2 PRs, 7 comments in 29 days
Contributions summary:Patrick primarily focused on enhancing the Metasploit Framework's capabilities in exploiting NodeJS applications. Their work involved modifying payloads to address compatibility issues with newer NodeJS versions, particularly around the `util.pump` function. They also developed and refined an exploit module for NodeJS debugger command injection, allowing for arbitrary JavaScript execution. This included refining the exploit's message formatting and fixing reviewer comments, demonstrating a focus on security testing and penetration testing techniques.
metasploitmetasploit-framework
coffeetocode/bioinfoscripts

Jul 2013 - Aug 2016

Contributions:23 commits, 16 pushes, 7 comments in 3 years 1 month
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Patrick Thomas - Staff Security Engineer at Headway