Christopher A. Schmidt
abo42y@r.postjobfree.com
voice: 720-***-****
Twitter LinkedIn Blog
Summary of Qualifications
Five years experience in professional software development and application security using
Java, Tomcat, and Apache. Over 10 years experience in Desktop Support, Network
Administration, Linux and Windows. Familiar with software development methodologies such
as Agile and XP. Experience with Java frameworks and libraries including Apache Commons,
Apache Lucene, Spring, Hibernate, JMX, JMS, Coherence, Compass, OWASP ESAPI, Jersey, XML-
RPC, and many others.
Professional Experience
ServiceMagic, IncSr. Java Developer - August 2005 - Present
Responsible for managing, designing, and implementing projects and meeting strict
deadlines. As a Java Developer at ServiceMagic, I am also responsible for seeing large and
small projects through the entire development lifecycle and coordinating a team consisting
of a Product Manager, HTML Developer, Database Developer, Quality Assurance Analyst, and
Configuration Manager to ensure that projects were delivered that met strict deadlines and
were bug free. In addition, I am also responsible for auditing applications and code
submitted by Jr. developers for security vulnerabilities and inadequate security controls.
Notable Projects
Designed and implemented a management solution for a large distributed cluster of Tomcat
Application Servers using JMX. Wrote an annotation based library for the development team
to quickly create Mbeans for application components that needed to be managed.
Designed and implemented a search solution using Apache Lucene and Spring that spanned
across several applications and server clusters.
Developed RESTful API's using Jersey and Lucene for partners such as Google, MSN,
CitySearch, and AOL to access our directory of 60,000 pre-screened licensed contractors
and provide their users with local search results and profile information.
Computer Printer Services, Inc. / Printer Dudes, Inc.
Sr. Field Service Engineer - April 1998 - August 2005
Responsible for maintaining customer systems, printers, and peripherals; managing the
corporate LAN/WAN and websites.
Notable Projects
Developed a corporate internet presence and PHP based web application for customer
equipment management.
Setup a corporate network and WAN between 3 offices in Colorado, Utah, and California.
Quark, Inc.
Sr. Desktop Support Technician - June 1997 - April 1998
Responsible for maintaining a large corporate network for 800+ employees in Denver and
Wyoming.
Notable Projects
Responsible for setting up a new shipping recieving plant with new workstations, bar-code
scanners, and printers.
Assisted in maintaining the corporate AS-400 system and network servers.
Assisted in migrating the Quickmail E-mail system to a Microsoft Exchange system.
Assisted in setting up and developing the new shipping and recieving IVR system
Java PHP Javascript SOAP Appsec jQuery REST SEO J2EE CVS ESAPI C++ .Net OO Design Secure
Coding Training Lucene SVN JMX Coherence MySQL JDBC Spring Oracle
More about Chris
Community Involvement
Education
Interests and Activities
Associations
Featured Blog Posts
Open Web Application Security Program Contributer
OSS Contributions for YUI, jManage, Lucene, ESAPI
Active Weblogger specializing in Secure Coding
Boy Scouts Webelos Den Leader
Certificate for Computer Service Technician
T.H. Pickens Technical Institute, Aurora, CO
Graduated: 06/1997
Grade Point Average: 3.8 (on a scale of 4.0)
Bachelor of Science in Computer Science
Metropolitan State College of Denver, Denver, CO
Anticipated Graduation: 06/2012
Professional Activities
Core Contributer for OWASP Enterprise Security API for Java
Project Owner OWASP Enterprise Security API for Javascript
Mentoring and security education
Secure Coding and Application Assessment Consultant
Contributed to several Open Source projects
Personal Activities
Playing with my two sons
Writing and producing music
Open Web Application Security Program
Web Application Security Consortium
Boy Scouts of America
No Fluff Just Stuff Software Symposium
While I encourage viewers to read up on any of my blog postings, here are a few that I
consider to be some of my most important contributions to the community.
A new type of security testing...
Is Role-Based Access Control Dead
More on Context Based Access Control
What is the ESAPI?
ESAPI4JS - The new hotness