About Me

I have been working with computers personally and professionally for over 30 years. Lately (the last 15 years or so) I have been working as a security engineer with a focus on Public Key Infrastructure (PKI). This includes designing Certification Authority (CA) hiearchies and certificate profiles to address general usages or a specific use case.

Throughout my journey I have used software engineering to solve problems where the existing solutions were inadequate or non-existent. Typically I have used software development to create tools that assist in my primary role of security engineering.

One of my hobbies is building and maintaining my home lab which I use to self host various services and projects. A large part of this home lab is the underlying network designed to support various use cases. All services are secured with certificates issued from an on-site PKI running Step CA.


Latest Hobby Projects

- ocsp client: a command line tool (written in Golang) to generate and send OCSP requests (GET/POST) to an OCSP responder. Flags can be used to customize the request (GET, POST, base64-only encoding, specified serial number, issuer hashing algorithm, etc.) with an option to save both the request and response to disk. Great tool for tesitng and troubleshooting OCSP responders.

- ocsp responder: an OCSP responder that can leverage a CRL file or database (step-ca) for certificate status (written in Golang).

- ct log monitor: a web service for monitoring target domain names in static Certificate Transparency (CT) logs (written in Golang).


Journey

Southern California Edison

(2025 - current)

- Consolidate Hardware Security Module (HSM) management and operations under a single team
- Design and implement physical controls for high value assets to enable auditing and tracking
- Design, deploy and operate multiple PKIs at various trust levels
- Deploy certificate automation tools to provide certificate lifecycle management


Apple

(2012 - 2025)

- Ported a cascading bloom filters solution from Rust to Swift
- Ran the Apple Public Root CA Program for managing risk to the users
- Worked with external security researchers and internal engineers as a member of Product Security
- Ran the server side component of Apple's revocation checking solution
- Developed signing application leveraging HSMs for signatures to support ApplePay
- Developed and conducted signing ceremony for Apple Root CAs
- Designed, deployed and operated multiple PKIs


Booz Allen Hamilton

(2008 - 2012)

- Technical lead for the DoD Public Key Enablement program


Maden Tech

(2001 - 2008)

- PKI engineer for a test and evaluation lab
- Helpdesk engineer supporting smart card deployments


Contact Info

Email: curt@curttech.com