Brett Crawley

“Still developing, one day I’ll be grown up.” I’m a principal application security engineer originally from the UK, now living in Como, Italy near the border with Switzerland. (Poor guy, right?) I predominantly program in Python and Java, but have a number of other interests in the software world.

For me programming is like an enormous book of puzzles that always gives new challenges. To stay ahead of the technology wave you have to study continuously. Those who are really passionate about what they do manage but they are few and far between.

What is my background?

At school I started studying fine art and for some reason switched to computers, stroke of luck I guess. As a student I worked as a paint sprayer and as a mechanic repairing pneumatic drills and vibrators—no not that kind, but the ones for removing the air from concrete. Seriously, though, I started out my IT career at Microsoft developing internal web applications in ASP. On finishing my degree I went to Philips where my first project was to develop a WiFi touchscreen tablet similar to the iPad. Which, given that it was in 1998, was quite ahead of its time and had a WiFi basestation attached to ISDN that used a caching proxy to make browsing immediate and the downloads were at a cheap rate.

I then went on to work as a consultant for a couple of years in the UK on a series of diverse projects, some involving embedded systems and reverse engineering network protocols (legally), others involved parsers. Then I moved out to Italy where I worked for a number of years developing PDF libraries, parsers, spiders, and web scrapers—including a search engine for the electronics industry. I then received a post at the European Commission Joint Research Centre working as a researcher on OSINT software, specifically desktop text mining for law enforcement. Dynamically creating weighted graphs of the relationships between entities recognized in public documents cross language and cross script. Worked in Switzerland for a company that offer a BPMN platform / RAD tool for developing BPMN solutions as well as a Client On Boarding solution for the finance and insurance industries, developing the integration (SOAP, REST, JMS etc.), data and security plugins as well as some core parts of the platform specifically related to integration and security (Kerberos, SAML, SSL).

What am I currently working on?

Recently I have been working for Mimecast as a Principal Application Security Engineer involved in developing tooling to enable our team to better support the engineering organization, practicing security by design and shifting left as much as possible. I recently became a Certfied Information Systems Security Professional CISSP

What are my other interests and passions?

Apart from good food, beer, and wine, my other interests include classic Mini Cooper S cars, (you know the minis that were actually small), running when I can, cooking (BBQ, deserts, all the healthy stuff really) and photography. I use a digital camera but old school: manual focus fixed focal length lenses usually with the body in manual mode as well—gives you more flexibility to be creative.

Why did I start writing a blog?

I’ve written papers, documentation, internal architecture, and research documents for work—but not necessarily on topics that were of particular interest to me. I have worked on such a varied selection of projects over the years, most of which were covered by NDAs, so for a long time I have been—what I believe is now referred to as—a ghost programmer. I’d like to share some of the knowledge and experience I have gained over the years by writing about projects and technologies that interest me and that I believe others would also enjoy reading. Having a bit more visibility at the same time isn’t a bad thing either.

My home page is and you can connected with me on LinkedIn, follow me on Twitter, and check out my photography on Flickr.