Actively Considering Opportunities
Roles like… Technical Team Leader, Security Researcher, Security Architect
Targeting areas like… Security tool development, AI/ML security, Java Virtual Machine runtime monitoring/analysis, Java application observability, TLS protocol analysis, industry facing contributions/projects, open source development
Work locations like… Remote, Hybrid
You found my projects/contributions page. Thanks for stopping by.
Black Hat USA 2013 — Executive Summit
I was invited by Black Hat leadership to present candidly on Java security at the Black Hat USA Executive Summit — one of three featured presenters, sharing the stage with the world’s foremost security leaders, under NDA, before an audience of top global technology executives.
That same year, Milton founded and led the JavaOne Security Track — establishing the first full security track at a major software development conference, a role he held from 2013 through 2017. As Java Platform security leader at Oracle, he shaped the security direction of one of the world’s most widely deployed software platforms and served as a public-facing representative during critical periods of Java’s security credibility.
His work and public statements have been covered by InfoWorld, The Register, ComputerWorld, PC Magazine, San Jose Mercury News, IT News, and others — most notably following a 2014 Java User Group Leaders Call that triggered widespread industry press at a pivotal moment in platform security. It wasn’t all roses but Java emerged successful, stronger, and community trust was restored.
Active Projects
JVMXRay monitors Java applications in real-time via bytecode injection, detecting vulnerabilities and suspicious activity without code changes. 19 modular sensors track file access, network connections, SQL queries, cryptographic operations, authentication, process execution, and more — generating structured, machine-readable security events with automatic cross-sensor correlation.
JVMXRay addresses a gap that SAST and DAST tools cannot fill: runtime behavioral visibility into production Java systems. As AI-accelerated development compresses the distance between code generation and deployment, runtime assurance becomes a critical layer.
A TLS/SSL analysis API for building Java-based security tools. DeepViolet powers TLS analysis within ZAP, one of the largest open-source security scanners on the internet — selected by the ZAP project as the foundation for its TLS analysis capability.
~9.5 million ZAP runs / monthCompanion tooling built on the DeepViolet API — a CLI for scripting and scheduling, and a TLS Workbench for desktop-based scanning. Both serve as reference implementations and production-ready tools for security practitioners.
Manning Publications — Currently serving as Technical Editor on an innovative book project. More on that in the future.
Inactive Projects
A software project extending popular SLF4J-compliant loggers like Log4j and Logback with security and auditing features. Many of the ideas originated while helping Jim and August with their book, Iron-Clad Java. The security logging team later presented the project at OWASP AppSec Rome 2016.
Publications & Media
Conferences & Presentations
| Year | Event | Role |
|---|---|---|
| 2013 | Black Hat USA — Executive Summit FEATURED | Presenter |
| 2013 | OWASP AppSec USA, New York | Presenter |
| 2015 | OWASP AppSec USA | Committee / Organizer |
| 2016 | Black Hat Europe — Arsenal ARSENAL | Presenter · DeepViolet |
| 2016 | OWASP AppSec EU, Rome | Presenter · Security Logging |
| 2018 | Black Hat USA — Arsenal ARSENAL | Presenter · DeepViolet |
| 2020 | Black Hat USA — Arsenal ARSENAL | Presenter · JVMXRay |
JavaOne Security Track Lead — 2013, 2014, 2015, 2017 ·
Founded and led the first full security track at a major software development conference.
OWASP AppSec EU, Hamburg — Presenter ·
All Day DevOps — DevSecOps Track Leader ·
ISC2 East Bay Chapter, 2017 — Presenter
