Colin Morrell, BS is a Software Security Consultant with over 5 years of experience specializing in application security through static and dynamic analysis. He uses his background in offensive security testing to help improve software and IT security based on industry best practices. His security consulting experience has focused on some of the largest Fortune 100 healthcare and financial institutions in the world.
Since joining the Quandary Peak team, Colin has focused on securing patient data in EHR software through continuous security auditing, using applicable standards such as HIPAA, NIST, OWASP, and ISO27001. This includes dynamic application testing, as well as static analysis of software vulnerabilities on the code level to integrate in-depth, proactive security practices throughout the Software Development Life Cycle (SDLC.)
Python, Java, C, C++, Javascript, COBOL
BurpSuite, Metasploit, Kali Linux, Nmap, Splunk, Wireshark
Linux, Windows, macOS, UNIX
TCP/IP, UDP, DNS, SSH, HTTP/S, FTP/S, DHCP, SMTP, ICMP, Kerberos, SMB, Telnet, Git, Active
Directory
OWASP, NIST, HIPAA, PCI-DSS, GDPR
Andrew Holm-Hansen has worked in Health IT for 15 years as a Health IT Solutions Architect. He led several development teams during his career at Vanderbilt University Medical Center.
Anna Goujon has expertise in organizing and supporting EHR software quality, regulatory, and patient safety audits. She has a background in scientific research from Purdue University.
Daniel P. Bullington has an impressive technology career spanning over 20+ years. Daniel quickly grew into a leader and architect, having earned the trust of business stakeholders and technical experts alike. His deep and wide experience in highly regulated industries such as healthcare and finance gives Daniel a unique perspective on business…
Brad Ulrich has a diverse career as a computer scientist, software engineer, technology manager, and entrepreneur. His experience spans software design, programming, patent management, healthcare, mobile devices, startups, technology licensing, regulatory compliance, and risk management.
