Josh is a Principal Security Lead at Microsoft on their Secure Development Lifecycle team, where he orchestrates cross company efforts around the security analysis of Microsoft's products and services, leads a team of security researchers and detection authors, and contributes feedback and advice on security-relevant public policy for Microsoft.

Prior to this role, Josh was a Trustworthy Computing advisor for Windows, Azure, SQL Server, Windows Phone (RIP), and Windows Embedded; a product security architect at the payroll company ADP; a security analyst for FedEx; and in the distant past, a developer on several now long dead technologies.

Josh is also a contributor to SAFECode, with authorship to the SAFECode Security Fundamentals and SAFECode Threat Modeling guidance.