Scott Shinn is a founder and CTO with over 20 years of hands-on experience building security-focused companies and products, currently leading Atomicorp and helping steer the OSSEC open-source HIDS project. He blends entrepreneurial leadership—co-founding Plesk/Parallels and multiple startups—with deep operational security expertise gained in government and enterprise roles. A pragmatic engineer, he contributes code and security fixes to major open-source projects like Wazuh and OSSEC, notably adding GeoIP alerting and hardening database and format-string vulnerabilities. Based in Washington, D.C., Scott pairs product vision with low-level technical work, from packaging and release management to bug fixes and CI improvements. His career reveals a pattern of creating infrastructure-level security tools and moving between founding roles and sustained open-source stewardship.
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Role in this project:
Back-end & Security Engineer
Contributions:22 releases, 373 commits, 329 PRs in 7 years 4 months
Contributions summary:Scott primarily contributed to the OSSEC HIDS project by addressing security-related issues and enhancing database integration, specifically fixing MySQL/Postgres insert conditions and adding features for GeoIP support in alerts. They also implemented format string security fixes in the email sending module and added functionality to the JSON output, including support for archives.log and agent control information. Further enhancements included adding TLD fields to the database schema.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Role in this project:
Security Engineer
Contributions:15 commits in 1 year
Contributions summary:Scott contributed to the Wazuh security platform by implementing GeoIP support for alerts, adding a group field to JSON output, and fixing issues in the MySQL/Postgres insert condition. They also addressed issues with ossec-authd and made several bug fixes related to Travis CI and format string security vulnerabilities, indicating involvement in code maintenance and security improvements. Furthermore, the user integrated GeoIP data into alert logs and made changes to handle non-Geo conditions, enhancing alert functionality.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.