Phil specializes in application security, mobile, network penetration testing, infrastructure security, and technical standards for various OS platforms.
Phil has led over 150 technical assessment projects, consisting of network penetration testing, web application and mobile assessments, and network architecture review.
Phil currently leads SRA’s AppSec and Mobile Practice, including managing teams on technical assessment projects, white box and design/architecture review, and helping clients build security into their SDLC.
Phil also co-authored the ISACA publication Security, Audit and Control Features Oracle Database, 3rd Edition.
- White box testing for consumer and enterprise products with custom crypto, authentication and authorization, and APIs across web, mobile, and proprietary platforms
- Large web application assessment for a financial services firm, consisting of Grey and Black Box testing for 40 applications
- Advanced threat assessment for a large telecommunications company, with focus on testing effectiveness of security tool detection across endpoint, network and perimeter services
- Network architecture review and grey box testing for a healthcare member portal
- Led cybersecurity strategy development for a pharma company