Thomas’ main activities are penetration testing, and architecture and design reviews, where he focuses on web and mobile applications. Furthermore, he has a special interest in security aspects in the software development lifecycle and security automation. He also does security trainings for software developers.
Thomas’ research interests are the secure development of web and mobile applications, the web browser as a security platform, applied cryptography, security automation and security in the software development lifecycle.
Thomas received a master’s degree in Information Security at the St. Pölten University of Applied Sciences. His first bachelor thesis was about SSL security, and the second thesis examined SQL Injection techniques for Oracle databases. In the course of his master thesis, he developed an Android application for locating Wi-Fi access points in indoor environments.
He frequently speaks at conferences and Meetups about software security, and he is one of the founders of the sec4dev Conference & Bootcamp which is a security conference especially for software developers.
He owns Certified Information Systems Security Professional (CISSP), Certified Secure Software Development Lifecycle Professional (CSSLP), and Offensive Security Certified Professional (OSCP) certifications.