Articles on AppSec, CloudSec, and security automation. Deep dives and experiments.
Security Advisor & Software Architect
I'm Phil Thomas, and my career has come full circle. I started in InfoSec, then pivoted to become a software developer for half a decade because I wanted to build, not just break. Eventually, I returned to security—but never stopped coding, serving as a developer and architect for a long-term client for over a decade.
This unique path gives me a perspective most don't have. I don't just find vulnerabilities; I understand the engineering constraints that created them. I don't just recommend fixes; I can architect and build them. Today, I split my time between security assessments (web, API, mobile) and software architecture, with a focus on helping teams build security in from the start.
Projects
Intercepting proxy for macOS, focused on workflow automation and great UX.
AI-assisted creation and sharing of Burp Suite BChecks with validation safeguards.
Contact
I'm always interested in connecting with engineering leaders tackling interesting security challenges. Whether you want to discuss ideas, explore potential collaboration, or just talk shop—reach out. Based in the U.S., working globally.