Benjamin Winston's Email Addresses & Phone Numbers

Director of Product Security @ Electric Coin Company Senior Security Engineer @ Fitbit From March 2015 to June 2016 (1 year 4 months) San FranciscoManaging Consultant @ NCC Group From June 2013 to June 2014 (1 year 1 month) UKSenior Penetration Tester @ Portcullis Penetration testing and security consultancy for clients. From 2007 to 2007 (less than...

Director of Product Security @ Electric Coin Company Senior Security Engineer @ Fitbit From March 2015 to June 2016 (1 year 4 months) San FranciscoManaging Consultant @ NCC Group From June 2013 to June 2014 (1 year 1 month) UKSenior Penetration Tester @ Portcullis Penetration testing and security consultancy for clients. From 2007 to 2007 (less than a year) Pinner & London, UKDirector of Security @ Electric Coin Company I have been supporting the historic work of the core team of expert security and cryptographic engineers at ECC by ensuring that;• appropriate security standards for software development and cryptographic proofs are set and followed as cutting-edge cryptographic systems are developed, • appropriate security is driven into all the supporting components (mobile, middleware) and support is given to strategic partners and projectsand• all our other systems never become a distraction from our task and mission.All while managing our significant security spend and keeping our executive team informed and happy with our balance of investment and security strategy.The Electric Coin Company (formerly Zcash Company) is on a mission to provide economic freedom and opportunity through the use of cutting edge cryptographic software. It is funded by a portion of the block rewards from the Zcash network - a network designed to instantly, untraceably and irrevocably transport unlimited amounts of wealth to any location in the globe at low cost. At time of writing ZEC has a market cap of over 600 million dollars. As a result, ECC’s threat landscape is significant for such a small company. Principal Security Engineer @ Fitbit At the request of the CEO and CTO, and with assistance from the rest of the security team, I drove security into their product line, spearheading an initiative to integrate strong mutual TLS in the embedded devices, through a combination of hands-on technical security analysis work, negotiation with manufacturers, engineers, managers, directors and VPs to adopt robust cryptography to protect customer data, brand and revenue.I joined Fitbit as as a senior security engineer - their first - while they were growing into a so-called Unicorn company of the Bay Area. On the rationale that a central compromise affects all customer data, my initial security challenges were around uplifting the security of their web stack and supporting infrastructure. As I helped the security team take shape I moved to collaborating on embedded device security. From June 2016 to June 2018 (2 years 1 month) San FranciscoPrincipal Security Engineer @ iSEC Partners My brief time at iSEC was spent engaging in an advanced radio project for a client when no other assessor with that skillset was available to work on it, and commuting to the south bay to work on a fascinating network virtualization product. Both assessments were excellent fun but in a short while I was made a significant offer that I could not turn down and also involved far less bay area traffic. ;) From December 2014 to March 2015 (4 months) San FranciscoPrincipal Consultant @ NCC Group As part of the acquisition process of a large European mobile phone provider by a large US software manufacturer, I lead a small international team (drawn from the various NCC group companies) assessing the security of the kernel and system services of the existing product line for the new owner.I worked as the 'fixer' of security assessment work that had fallen through the cracks of our sales and execution process. A rare occurrence, but a large enough team that I got work that was interesting. I would: • bring the work back on track, • deliver high quality security assessments, • retain the clientand, where appropriate, feed back any improvements that we needed to make into our internal process to prevent re-occurrences of the same situations.Primarily the work was to illustrate and communicate technical security risks. I worked with development leadership, engineering and risk management functions of many of NCC's clients.I was fed interesting work by never being too shy to engage new technology that was unfamiliar to the team in order to devise new attack methodology from existing patterns. From June 2014 to December 2014 (7 months) UKDirector @ C&T information security limited Illustrated business and technical security risks to clients in finance primarily, as the sole director of my own company. From 2009 to June 2013 (4 years) LondonProduct Security Researcher @ BlackBerry Attacked components of the blackberry platform for the global product security team, highlighting the technical risk from security flaws in bespoke blackberry software. From 2008 to 2008 (less than a year) Slough, United KingdomPenetration Tester @ ABN AMRO Bank N.V. I illustrated technical risk to the bank's sophisticated risk assessment function of security flaws in applications as diverse as trading, asset management and door access protocols. From 2006 to 2007 (1 year) Information Security Specialist @ QinetiQ I illustrated technical security risks to diverse clients in finance, retail, telecoms, defense contracting and elsewhere. From 2004 to 2006 (2 years) Malvern, UK