I'm currently working on business software in the cloud at NetSuite.
From 2003 to 2012 I was chief scientist at Fortify Software where I worked on solving software security problems. Fortify was aquired by Hewlett Packard in September 2010. Back in 2008 I wrote a book on software security: Secure Programming with Static Analysis. (I've created an errata page for the book here.)
Back in grad school, I spent my time investigating the application of extended static checking to the problem of finding security defects. I've written up some notes on Eau Claire, my extended static checker for C.
In a former life I worked on integrated circuit design and manufacturing problems. I was a graduate student in the SCTest group. I worked on fault simulation, ATPG, and diagnosis in the Nemesis system.