Willis Vandevanter is a Senior Penetration Tester with 14 years of hands-on offensive security experience, currently based in New York and leading assessments at Terra Security. He has a strong research pedigree—authoring SAP vulnerability advisories, presenting at Black Hat and DEF CON, and building exploit tooling—balanced with practical SecDevOps work like Zero Trust, container scanning, and observability. Willis has led and founded consulting practices with high client retention, delivered red team engagements for Fortune 20 customers, and recently focused on AI security at Trail of Bits. An active open-source contributor, he’s enhanced Serpico’s reporting and plugin system and developed XXE embedding tools that reflect deep protocol- and file-format-level expertise. His background combines a joint Math/CS degree from McGill and a master’s in secure software engineering with a rare mix of research, tool development, and operational security delivery.
14 years of coding experience
17 years of employment as a software developer
Masters, Secure Software Engineering, Masters, Secure Software Engineering at James Madison University
Bachelor of Science, Joint Degree in Mathematics and Computer Science, Bachelor of Science, Joint Degree in Mathematics and Computer Science at McGill University
Contributions:15 releases, 447 commits, 140 PRs in 7 years 3 months
Contributions summary:Willis primarily focused on enhancing the Serpico project's functionality by implementing new features and refactoring existing code. Their work included adding support for customizable report templates, including CVSS3 and NIST800 templates. The user also addressed bugs related to image insertion and added functionality to add hyperlinks. Furthermore, the user introduced a plugin system, enabling users to extend the project's capabilities through custom plugins.
A tool for embedding XXE/XML exploits into different filetypes
Role in this project:
Back-end Developer & Security Engineer
Contributions:2 reviews, 81 commits, 26 PRs in 6 years 1 month
Contributions summary:Willis primarily worked on a tool for embedding XXE/XML exploits into different file types. Their contributions centered around defining and implementing various XXE payloads within the Ruby code. They developed methods to insert these payloads into different file formats, including PDF, GIF, and images and added string replacement functionalities. Furthermore, the user refactored menus and address issues.
xxeopenvasxmlexploitsembedding
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.