Joshua Maddux started out as a software engineer. After a few years, having introduced his share of bugs to the world, he started hunting for vulnerabilities in his own code and elsewhere. At PKC Security he gained additional experience in software development and white-box penetration testing, and gave his first ever conference talk at Blackhat USA on a series of systemic SSRF vulnerabilities in sites supporting Apple Pay. Now on the Appsec team at Latacora, he helps advise startups in building secure products. Aside from work for clients, Joshua is also active in the bug bounty world. His past research has led to security updates in Java, Netflix, Gitlab, United Airlines, Zapier, and others. @joshmdx