%2008%2014%202025%20(4).png?width=1200&height=400&name=Copy%20of%20%20T%2B%20Logo%20Webpage%20Header%20(500X170)%2008%2014%202025%20(4).png "managed appsec testing logo for true positives")
From @stake to True Positives: A Security Founder’s Journey
It was a windy New England fall in 1999 when my information security career began at a Boston-based startup called @stake, Inc. I had been chosen to serve as their marketing ambassador for the Northwestern United States. What felt like a fortunate twist of fate at the time would turn into a defining chapter—both for me and the industry I was stepping into. It followed a decade spent driving innovation—launching the first tool to convert Word documents into HTML, enabling Microsoft web technologies to run across other operating systems, and pioneering the first reverse auction website for IT equipment. That work taught me something foundational: security underpins every breakthrough.
.png?width=650&height=450&name=Untitled%20(650%20x%20450%20px).png "Untitled (650 x 450 px)")
@stake offered something novel to the tech world, perfectly aligning with my passion for uncovering and promoting innovation. I was suddenly part of a firm powered by the renowned MIT hacker collective, L0pht. This exposure brought me face-to-face with some of the brightest security minds and placed me at the forefront of an emerging sector. Together, we were helping define what modern application security would become.
⬅️ Wired Magazine | Jun 2, 2019
Much @Stake: The Band of Hackers That Defined an Era
Back then, security was racing to keep up with technology—and often losing. The industry needed to evolve. In 2002, Microsoft launched its Trustworthy Computing Initiative, thrusting security into the mainstream. From that point on, trust and resilience became non-negotiable for businesses large and small.
I found myself navigating these shifts from conference rooms in Fortune 500 headquarters to the innovation hubs of companies like Microsoft. I stood alongside industry pioneers—individuals who would go on to shape the cybersecurity landscape. Even so, I often paused, asking myself, “How did I get here?”
My focus sharpened on application security. Two innovators, in particular, fueled this interest: Chris Wysopal, co-founder and CTO of Veracode, who led the charge on cloud-based application security testing, and Dan Kuykendall, whose work on NTOSpider advanced automated dynamic application security testing (DAST). Their work crystallized my belief in the power of automation to scale security testing and optimize outcomes—an insight that resonates even more deeply today as teams confront relentless release cycles and growing vulnerability backlogs.
That belief is what led me to True Positives, the firm I founded to address the enduring gaps between security needs and practical, effective solutions. Our team is built from the same kind of expertise and spirit that I first encountered at @stake—practitioners who know that precision and efficiency are key to protecting what matters most
