About
Hi, I’m Mike Andrews, a Principal at Foundstone, an application security specialist, web developer, ex-professor, and some-time roadie 
For those that are interested, here’s a some background to that strange mix of previous jobs, and how I got there. If not (and I don’t blame you), just go back to the main page or find out how to contact me.
Born in Greenwich, London, I grew up interested in technology and engineering from an early age. My parents recount stories of me taking things apart to find out how they work, only to put them back together “more efficiently” (pieces left over), which must have been disconcerting to a dad that arrived home from work only to find the innards one of the first VCR’s scattered over the living room floor! My first computer was a ZX Spectrum, which apart from playing lots of Manic Miner/Jet-Set Willy, myself and some friends engaged in some basic hacking (when you are young, who knew that “random poke-ing” could have a different meaning :P), but unbeknownst to us at the time we ended up learning programming and reverse engineering in a fun way.
During school I developed an interest in backstage theatre, working at the Geoffrey Whitworth and part-time crew at The Orchard. This continued when I left college to work for TASCO/Starlite Technology (now defunct as a lighting company unfortunately, but continues in another guise) on large-scale productions in London’s West-End, across Europe, and even as far as Japan.
However, one of the things with touring is that it doesn’t give you much of a “home” life, and I couldn’t see myself doing it as a long-term career. I applied to the University of Kent to study Computer Science, and although I was missing some of the pre-requisites for the course (I did a BTEC after school rather than the usual ‘A’ Levels), Ian Utting (the administrations tutor at the time) decided to take a risk and let me on the course. I hope that he doesn’t regret this now 
I very much enjoyed my undergrad at UKC - not only were the classes a good grounding in the subject, but (the vast majority of) the lecturers and staff really cared about the students and teaching. There’s far too many to mention here, but Sally Fincher, David Barnes, Miles Banbery, Darren Chapman and Pam Hardiman, certainly deserve a mention. When I had the opportunity to continue with a fully funded PhD on a topic of my choice that has interested me since I started to learn programming (and continues to interest me now - why programmers create “bugs”, the psychology of programmers, and tools that help create quality software) I jumped at the chance.
Throughout both my undergrad and postgrad I took on work as a freelance developer to help pay bills. Most of these projects were web-based, although a few were C/C++/VB client-server systems. Some highlights were writing a “work-in-progress” tracking/accounting system for a client that was later used in the London Underground Jubilee Line extension, being brought in to complete the back-end system(s) for EIU.com, and debugging some of the British Airways on-line booking system, not to mention the *many* application I developed for various departments at the university, of which I’ve been told are still in use and some still use my old login!
I’ve been fortunate to have some great mentors, and during my research I was introduced by Les Hatton, one of my research advisors, to James Whittaker at a Microsoft conference at their Cambridge research lab. There’s a longer story behind this, but James invited me over as a post-doc to his Center for Software Engineering Research at Florida Tech. Between the time that I said I was interested, that had become a researcher position, to a full faculty position, much is the way of James (who BTW is now at Microsoft himself).
I really look fondly at the time I spent at FIT - not only were good friends made there, but the work we were doing was cutting-edge and before it’s time (and not unusually, didn’t get the attention it deserved). Out of that group, not only did we setup and spin off a successful security company (split in two now), but there’s a lot of technology both in the industry in general, and at Microsoft (carried there by some of our graduate students) that could have come from our lab (one never can be sure, as similar ideas spring up all the time from disparate groups).
I left academia in 2005 to take a job in industry with Foundstone, who I knew about through Mark Curphey as I was working on a magazine issue and we had met via OWASP. I love that get to work with a wide range of clients, helping with their security needs, and have learnt so much more about security in the real world, not to mention how much further we have to go.
So that leaves us at this blog. I plan to talk about software, engineering, security and the industry in general often with a slant towards the web as that’s where I spend most of my time. Obviously I can’t post much about the clients I work with, but I’ll post up any of the educational/outreach activities I do. I’m going to try to keep the content as non-technical as I can because RSnake and PDP (of which I’m going to be linking to a-plenty) cover this audience really well. There will be some personal things on the blog, like trips, travel, or other “interesting” things I’m up to (although this is clear subjective ;)), but I’ll try and keep them in balance.
I currently live just outside of Los Angeles, California with my wife Tara.
Anyway, I hope you enjoy, and if you feel like it, by all means get in contact.
