Credit to Jeza SinMas

Who I Am

Infrastructure Security Engineer @ Asana

My name is Max Wolfe and I am very passionate about building tools and frameworks that enable users to develop secure by design software without a traditional security background. I continually strive to build great software, utilizing security principles to create software which is not only secure, but robust.

Throughout my career I have worked mostly on automotive security, specifically on autonomous vehicles. As you may be able to tell though these aren't my only interests within security so some of my work naturally falls outside the automotive space.

In all of my roles, the most enjoyable part of my job has been building security libraries, microservices, and frameworks which abstract critical security features. I am proud that the tools and infrastructure I build helps enable other engineers to develop secure services without a barrier to entry.

My Interests

Security is an incredibly broad field, and although I have interest in many areas, I don't have interest or expertise in all of them. There are also several areas of Computer Science I am passionate about that have nothing to do with Security at all. Below are a list of some of the areas of Computer Science and Security which I enjoy the most.

  • Applied Cryptography
  • Binary Exploitation
  • Autonomous Vehicle Security
  • Infrastructure Security
  • Software Security
  • Software Design

Selected Open-Source Software

Most of the time when I am building software outside of work it is because I am using the opportunity to learn something new. Because of this, I don't put much pressure on myself to finish these side-projects, and I only let very few see the light of day. Below are a few of those projects that managed to be complete enough that I am comfortable sharing, hopefully you find them helpful!

AutoCSR

I initially built AutoCSR as a library to generalize CSR creation from arbitrary key material, whether that key be in a file on the filesystem or proprietary HSM. I was frustrated that the libraries currently available in Python did not give me the flexibility to utilize keys from arbitrary locations, so I built in the functionality myself. The AutoCSR tool as it exists is the implementation of CSR generation on top of the library I wrote to solve the aforementioned problem.

  • AutoCSR is a command-line tool and library for automatically generating Certificate Signing Requests from basic user input and easy to define templates.
  • AutoCSR was developed to empower non-security professionals to quickly and easily generate their own simple Certificate Signing Requests with minimal security knowledge required.
  • AutoCSR also provides security professionals with the ability to define complex Certificate Signing Requests with templates that can be easily shared with non-security professionals to generate complex Certificate Signing Requests without the need for detailed instructions or handholding.

My FastAPI Boilerplate

I use FastAPI a lot for building microservices, and most of the time I end up regurgitating the same boilerplate code to get my microservice running. I ended up building a CookieCutter template to automate setting up the directory structure I like to utilize when writing FastAPI microservices and pre-enable the set of features I generally use in all of my microservices. This template was written with myself in mind, but hopefully others are also able to find it helpful.

How to Reach Me

In almost every instance email will be the best way to reach me. If you have a preference to communicate with me in a format other than email, please start with an email anyway and we can go from there. I look forward to hearing from you!

max@securitywolfe.com

Max Wolfe