Scribd
Upload
90 views2 pages

Security Engineer's Career Highlights

April King is an information security engineer with over 15 years of experience in fields such as TLS, PKI, web security, and single sign-on systems. She is currently a staff security engineer at Twitter where she leads security reviews and previously held senior security roles at Mozilla and Wells Fargo developing security tools and standards. She has a bachelor's degree in psychology and is a GIAC certified penetration tester with skills in cryptography, HTTPS, and several programming languages and server software.

Uploaded by

thekingkunal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
90 views2 pages

Security Engineer's Career Highlights

April King is an information security engineer with over 15 years of experience in fields such as TLS, PKI, web security, and single sign-on systems. She is currently a staff security engineer at Twitter where she leads security reviews and previously held senior security roles at Mozilla and Wells Fargo developing security tools and standards. She has a bachelor's degree in psychology and is a GIAC certified penetration tester with skills in cryptography, HTTPS, and several programming languages and server software.

Uploaded by

thekingkunal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

APRIL KING (SHE/HER)

https://pokeinthe.io PROFILE
april@pokeinthe.io Information security engineer who is passionate about making the internet a
safer place. Strong experience in TLS and PKI, as well as web security
github.com/april standards and single sign-on systems. Rarely updates her résumé.
twitter.com/CubicleApril EXPERIENCE
Staff Security Engineer, Twitter — 2020-Present
Saint Paul, MN, 55104
• Lead engineer on the Information Security Consulting team, providing
leadership and mentoring across organization
• Directly responsible for all security review across Twitter Spaces, Twitter
Blue, and Twitter Communities features
• Rewrote and redesigned Twitter security intake process
Sr. Staff Security Engineer, Mozilla Corporation — 2015-2020
• Developed the Mozilla Observatory, a site security testing tool with over
3,000,000 users and 20,000,000 website scans
• Wrote Mozilla’s widely referenced Server Side TLS Guidelines, and the
corresponding SSL Configuration Generator
• Redesigned and expanded Firefox’s legacy certificate viewer
• Rewrote Mozilla web security guidelines, and corresponding tooling
• Coordinated the deprecation of the RC4 cipher
• Speaker at multiple conferences, including USENIX Security and the EFF
• Ongoing development of intentionally broken websites such as
badssl.com and misbehaving.site
• Operated Mozilla’s web bounty program
• Designed Mozilla’s AWS single sign-on solution (maws)

Sr. Information Security Engineer, Wells Fargo — 2002-2015


• Technical team lead for single sign-on (Siteminder) system containing
over 100+ servers, 400+ applications, 15+ user directories, and 3000+
web servers, serving over 350,000 users and handling over 6,000,000
authentications and 15,000,000 authorizations per day
• Project and technical lead for bank branch server encryption project,
successfully deploying full disk encryption to over 12,000 existing
servers across over 6,000 bank branches spread across the US
• Penetration testing of Siteminder agents and policy servers, Vormetric
key servers, and Equifax Anakam TFA. Discovered multiple CVEs.
APRIL KING (SHE/HER)

https://pokeinthe.io EDUCATION
april@pokeinthe.io • University of Minnesota, Twin Cities — BA, Psychology
• SANS GIAC Penetration Tester
github.com/april
SKILLS
twitter.com/CubicleApril
• Security: transport layer security (TLS), public key infrastructure (PKI),
cryptography, HTTPS, web security (content security policy, subresource
Saint Paul, MN, 55104
integrity, etc.) and mail security (DMARC, DKIM, SPF, etc.)
• Development languages: Python 2.x and 3.x and JavaScript
• Server software: Apache, nginx, PostgreSQL, OpenSSL, CA SiteMinder,
Vormetric
• Operating systems: Windows (client and server), macOS, Debian,
Ubuntu, CentOS
• Cloud platforms: AWS (S3, DynamoDB, EC2, CloudFront)
• Miscellaneous: WebExtensions, CA SiteMinder, Vormetric, Webpack,
Bootstrap, Mustache

PUBLIC SPEAKING
• USENIX Security Symposium: Measuring HTTPS Adoption on the web
• Paris Web: History of Web Security
• nginx.conf: The Rise of Let’s Encrypt
• University of Minnesota, Tech People Present: Subresource Integrity
• Shop Talk Show: Web Security
• EFF Privacy Lab & CONNECT: Introduction to Let’s Encrypt
• PubConf Minneapolis: 20 Acronyms that Keep you Safe

ACTIVITIES
• scryfall.com: world’s most popular Magic The Gathering search engine
• badssl.com & misbehaving.site: bad TLS, certificate, and site
configurations
• PicoCA: miniature certificate authority, intended for small systems and
educational purposes

You might also like