Rick M

Software Engineering Tech Lead at Checkmarx

Ottawa, Ontario, Canada
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
award
Top expert inComprehensive Cybersecurity and DevSecOps Practices
Rick M is a Software Engineering Tech Lead with 12+ years of hands-on cybersecurity and application security experience, now leading engineering at Checkmarx and co-leading the OWASP ZAP project. He combines deep vulnerability assessment and penetration testing expertise with pragmatic engineering—contributing backend code, active scan rules, and integrations to ZAP while also improving build/deployment automation and documentation across OWASP projects. Previously a Senior Cyber Security Advisor for the Canadian House of Commons and senior roles at Bell, he has discovered unpublished zero-days and driven remediation and risk processes for government and enterprise systems. Known in the community as an OWASP co-lead and zaproxy maintainer, he brings both public open-source stewardship and enterprise security leadership to bear. A detail-oriented INTJ who even cares about Oxford commas, he blends rigorous technical analysis with a knack for making security tooling more usable.
code12 years of coding experience
job8 years of employment as a software developer
bookBusiness Administration - Information Systems, Business Administration - Information Systems at St. Lawrence College
bookSouth Carleton HS
languagesEnglish, French
github-logo-circle

Github Skills (32)

markdown10
sql-injection10
userscripts10
github-ci10
javascript10
apidoc10
scripting10
web-application-security10
it-security10
bash10
cicd10
java10
security10
javas10
security-testing10

Programming languages (21)

PowerShellC#JavaCSSCTeXVueGo

Github contributions (5)

github-logo-circle
OWASP/wstg

Aug 2018 - Jan 2023

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Role in this project:
userDevOps Engineer
Contributions:1 release, 641 reviews, 249 commits in 4 years 5 months
Contributions summary:Rick primarily focused on enhancing the build and deployment processes within the repository. Their contributions involved restructuring workflow configurations, scripts, and assets, relocating them to organized directories. They also updated and optimized the JSON checklist workflow, including adjustments for generating links using the latest OWASP resources. This work appears targeted at improving the automation and efficiency of project builds and deployments within a security-focused context.
web-applicationssecurity-toolsapplication-securitybugbountysecurity
zaproxy/community-scripts

Jan 2015 - Jan 2023

A collection of ZAP scripts and tips provided by the community - pull requests very welcome!
Role in this project:
userSecurity Engineer
Contributions:253 reviews, 115 commits, 145 PRs in 8 years
Contributions summary:Rick primarily contributed to the security testing and scripting aspects of the ZAP community scripts repository. Their work involved developing and refining scripts for detecting vulnerabilities like HTML comment information leaks, internal IP exposure via F5 BigIP cookies, and file content disclosure (CVE-2019-5418). Furthermore, the user enhanced the existing scripts for identifying and exploiting security issues such as Apache path traversal (CVE-2021-41773), and also improved the functionality and usability of the scripting environment by adding debug logging capabilities.
sarifpull-requestswelcomezapstatic-analysis
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Rick M - Software Engineering Tech Lead at Checkmarx