me-shotGreetings!  My name is Milton Smith and welcome to securitycurmudgeon.com my web site and pet project.  If your on my About page then you probably want a little more information on me or my web site.  Thanks for checking out my site!

Connecting with Me
LinkedIn | Twitter @spoofzu GitHub spoofzu | 
Keybase spoofzu | My business, AppSec Alchemy

Following are some projects and areas I like to invest myself.  It’s not entirely comprehensive but presents some of my more noteworthy accomplishments.  For detailed information about my professional background check out my LinkedIn profile.


OWASP DeepViolet TLS/SSL Scanner[Project Wiki] DeepViolet is a TLS/SSL DAST tool.  DeepViolet binaries come packaged for use on the command line, as a desktop application, or alternatively as an API to include within your own projects.  What can you do with DeepViolet?  Scan your web server for information regarding TLS/SSL connection characteristics like: weak cipher suites, weak signature algorithms, certificates about to expire, examine certificates and certificate chains, download certificates for offline review, and more.  DeepViolet is used within the ZAP DAST project to support TLS/SSL scanning.  ZAP is one of the largest open source web application security scanning tools and a OWASP flagship project.  I am a project leader for DeepViolet and developed the original code

Iron-Clad Java: Building Secure Web Applications, [Book] book project on web application security I did with friends, available on Amazon

OWASP Security Logging Project, [Project Wiki] software project that extends popular SLF4J compliant loggers like log4j and logback to include features helpful for security and auditing.  I am a project leader and code contributor with two others


OWASP Board Election Interviews, 2017 [Post w/Audio], 2016 [Post w/Audio], 2015 [Audio],  interviewed as a candidate for the OWASP board

Oracle Podcast: Java Spotlight Episode 142: Milton Smith on the JavaOne Security Track [Audio], Advance to around 4:30, interview by Roger Brinkley regarding security improvements in Java and work on JavaOne.  Introduce the addition of the Security Track at JavaOne, discuss new security features, insights on security remediation progress

DEVOXX Interview:  Interview on Java Security by Yolande [Video], interview regarding security improvements in Java

Java User Group Leaders Call [Audio], and related viral press InfoWorld, ComputerWorld, San Jose Mercury News,  Application Development Trends, PC Magazine, The Register, IT News, and more.  I didn’t provide any remarkable news on the call but the call came at a time when public desired a response from Oracle around a series of high profile vulnerabilities

Article for Java Advent 2018, Java Data Protection Recommendations.  Erik Costlow and I briefly cover a few common Java cryptography challenges encountered by developers on their projects.


Black Hat 2013 Conference Featured Presentation, Oracle: On Java Security, [Web] invited to present by BH leadership candidly on Java security under Non-Disclosure Agreement to top world technology leaders.  Featured presenter of three which included, Alex Stamos [Yahoo CSO], and General Alexander [16th Director of the National Security Agency].  An honor and amazing opportunity

Black Hat 2018 USA, DeepViolet TLS/SSL Scanner, upcoming event, more on this soon.

Black Hat 2016 Europe, DeepViolet TLS/SSL Scanner, [Web] presenting November 2016 in London.  My slide deck [Slides].

OWASP 2015 AppSec USA Conference Committee, [Web] conference organizer, review researcher submissions

Java 8 Security Highlights [Video], presentation describing new security features for the JRE.  More of a marketing video than deep detail but it was fun to participate

JavaOne Conference Security Track/Content Lead, 2013, 2014, 2015, 2017, security track founder/leader, conference organizer, review researcher submissions.  Made security a priority at JavaOne by adding it as a full track.  Track leader for a few years.  Presented several opening track sessions[Video] describing progress on Java security for attendees.  Oracle cannibalizes their previous years conference web site to create the new site so I’m not sure where older content is located

OWASP AppSec USA/EU Presenter, presented in the past at both OWASP AppSec USA[Video] in New York City and AppSec EU in Hamburg Germany [Slides].  Also presented at AppSecEU 2016 in Rome on the OWASP Security Logging Project [Slides]

All Day DevOps Track Leader, world-wide free virtual event hosted by Sonatype.  I hosted the DevSecOps track

ISC^2 East Bay Chapter, 2017, presentation on security career survival.

Personal Interests

Racing drones, you may have seen drones on the news or on the net before but many still don’t know about racing drones.  Racing drones are super fast, 200mph/321kph.  I started a project to build a racing drone a few years ago.  My YouTube channel has some videos of my flights that I have recorded.  Always interested to fly with anyone in the SF Bay Area or help answer any questions about security or drones you may have.  Fantastic technology.

Victorian science, I have listened to many prevailing theories science has to offer around the mechanics of the universe and find them wholly unsatisfactory, Big Bang Theory, Dark Matter/Energy, etc.  To understand where this wellspring of incoherent theories originated, I decided to go back to the science of old, the Victorian age.  I thought understanding the foundations for modern theories would provide me better insight into the basis for prevailing theories.  Did I learn anything new?  Absolutely!  Perhaps I will share more someday.  The mix of history and science is both fascinating and rewarding.