David has extensive experience in several areas of information security.
Beginning his career as a Network Security Analyst, David monitored perimeter firewalls and intrusion detection systems to identify and neutralize threats in real time.
After moving to the world of penetration testing, David led the security assessment and software development teams at Redspin as its CTO & VP of Professional Services through the company's acquisition in 2015.
From 2015 until 2025, David was AppFolio's Chief Information Security Officer, serving as a trusted advisor on technical risk.
David is currently the Chief Risk & Security Officer, combining the roles of Chief Risk Officer and CISO.
David has particular interests in complex threat modeling and unconventional attack vectors, and has presented research at ToorCon, LayerOne, DEF CON, NolaCon, THOTCON, BSides Las Vegas, BSides Los Angeles, and BSides Seattle.