About Me
I have been working with computers personally and professionally for over 30 years. Lately (the last 15 years or so) I have been working as a security engineer with a focus on Public Key Infrastructure (PKI). This includes designing Certification Authority (CA) hiearchies and certificate profiles to address general usages or a specific use case.
Throughout my journey I have used software engineering to solve problems where the existing solutions were inadequate or non-existent. Typically I have used software development to create tools that assist in my primary role of security engineering.
One of my hobbies is building and maintaining my home lab which I use to self host various services and projects. A large part of this home lab is the underlying network designed to support various use cases. All services are secured with certificates issued from an on-site PKI running Step CA.
Latest Hobby Projects
- ocsp client: a command line tool (written in Golang) to generate and send OCSP requests (GET/POST) to an OCSP responder. Flags can be used to customize the request (GET, POST, base64-only encoding, specified serial number, issuer hashing algorithm, etc.) with an option to save both the request and response to disk. Great tool for tesitng and troubleshooting OCSP responders.
- ocsp responder: an OCSP responder that can leverage a CRL file or database (step-ca) for certificate status (written in Golang).
- ct log monitor: a web service for monitoring target domain names in static Certificate Transparency (CT) logs (written in Golang).
Journey
Southern California Edison
(2025 - current)
- Consolidate Hardware Security Module (HSM) management and operations under a single team
- Design and implement physical controls for high value assets to enable auditing and tracking
- Design, deploy and operate multiple PKIs at various trust levels
- Deploy certificate automation tools to provide certificate lifecycle management
Apple
(2012 - 2025)
- Ported a cascading bloom filters solution from Rust to Swift
- Ran the Apple Public Root CA Program for managing risk to the users
- Worked with external security researchers and internal engineers as a member of Product Security
- Ran the server side component of Apple's revocation checking solution
- Developed signing application leveraging HSMs for signatures to support ApplePay
- Developed and conducted signing ceremony for Apple Root CAs
- Designed, deployed and operated multiple PKIs
Booz Allen Hamilton
(2008 - 2012)
- Technical lead for the DoD Public Key Enablement program
Maden Tech
(2001 - 2008)
- PKI engineer for a test and evaluation lab
- Helpdesk engineer supporting smart card deployments
Contact Info
Email: curt@curttech.com