Top expert inComprehensive Cybersecurity and DevSecOps Practices
Rick M is a Software Engineering Tech Lead with 12+ years of hands-on cybersecurity and application security experience, now leading engineering at Checkmarx and co-leading the OWASP ZAP project. He combines deep vulnerability assessment and penetration testing expertise with pragmatic engineering—contributing backend code, active scan rules, and integrations to ZAP while also improving build/deployment automation and documentation across OWASP projects. Previously a Senior Cyber Security Advisor for the Canadian House of Commons and senior roles at Bell, he has discovered unpublished zero-days and driven remediation and risk processes for government and enterprise systems. Known in the community as an OWASP co-lead and zaproxy maintainer, he brings both public open-source stewardship and enterprise security leadership to bear. A detail-oriented INTJ who even cares about Oxford commas, he blends rigorous technical analysis with a knack for making security tooling more usable.
12 years of coding experience
8 years of employment as a software developer
Business Administration - Information Systems, Business Administration - Information Systems at St. Lawrence College
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Role in this project:
DevOps Engineer
Contributions:1 release, 641 reviews, 249 commits in 4 years 5 months
Contributions summary:Rick primarily focused on enhancing the build and deployment processes within the repository. Their contributions involved restructuring workflow configurations, scripts, and assets, relocating them to organized directories. They also updated and optimized the JSON checklist workflow, including adjustments for generating links using the latest OWASP resources. This work appears targeted at improving the automation and efficiency of project builds and deployments within a security-focused context.
A collection of ZAP scripts and tips provided by the community - pull requests very welcome!
Role in this project:
Security Engineer
Contributions:253 reviews, 115 commits, 145 PRs in 8 years
Contributions summary:Rick primarily contributed to the security testing and scripting aspects of the ZAP community scripts repository. Their work involved developing and refining scripts for detecting vulnerabilities like HTML comment information leaks, internal IP exposure via F5 BigIP cookies, and file content disclosure (CVE-2019-5418). Furthermore, the user enhanced the existing scripts for identifying and exploiting security issues such as Apache path traversal (CVE-2021-41773), and also improved the functionality and usability of the scripting environment by adding debug logging capabilities.
sarifpull-requestswelcomezapstatic-analysis
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Rick M - Software Engineering Tech Lead at Checkmarx