Paul is the Head of Research at Safety (safetycli.com) and a DevSecOps OG. He loves software supply chain research and delivering supply chain offensive security training and engagements. He's spent the last two years deep-diving into npm and has made several discoveries about the ecosystem. Paul founded multiple startups starting in the '90s, with UtahConnect, SecureStack in 2017, and SourceCodeRED in 2023. Paul has worked for NASA, Boeing, Blue Cross/Blue Shield, John Deere, the US military, the Australian government and several startups over the last 30 years. Paul is a frequent open-source contributor and author of several DevSecOps, software supply chain and threat modelling projects. He’s currently writing a book entitled “Hacking NPM”, and when he’s not doing that, he’s snowboarding with his wife and 3 amazing kids.