Peter Steffey

I started OYCS as a consulting and software company to help others like myself that don't want to be so dependent on big tech or outside companies in general that we would lose everything if our cloud accounts were deleted. OYCS is ushering in a future where everything is decentralized and self-hosted, bringing privacy and security by default.

Take Root is an "Evangelism and Discipleship" app that allows those in ministry to catalog the people they serve and their interactions with those people. It also allows sharing those records with others, which is useful for outreach organizations and ministries with teams responsible for reaching people.

atemOSC is an OSC server for controlling BlackMagic video switchers. It allows users to use apps such as TouchOSC and Lemur to design custom interfaces for controlling their video switcher by mapping a wide range of OSC commands to BlackMagic SDK commands. Combined with software such as OSCulator, it allows midi panel control of switchers for a fraction of the price that BlackMagic would charge you for their proprietary controllers. I started as the primary developer on the open-source project in 2018, and have since re-written it and moved it to a closed-source licensed project after failing to find anyone else who was willing to maintain it as an open-source project.

Converted APESF's admin interface and public forms from PHP to NextJS while adding a number of new features at the same time.

A SaaS app to connect Virtuous donations to BlackBaud's Financial Edge accounting software. Allows the user to configure mappings from Virtuous project to Financial Edge accounts and setup automatic one-way sync.

While working on my React Native apps I was in need of a solid popover component, so I forked the inactive react-native-popover into react-native-popover-view, rewriting a lot of the core logic, migrating to TypeScript, and adding various features. I also created react-native-popover-view-test-app, which can be used by others to check out the features and see if it will work for them. The project has been growing in popularity, now with over 400 stars on GitHub, and has been integrated into many other react native libraries and applications, which is encouraging to see.

I built this, my personal website, using Next.js backed by SQL, all hosted from my home server.

At Anedot I worked as a front-end React/TypeScript developer, releasing features that were selling points for new customers to sign on and fixing critical bugs that were costing the company money.

I created a custom website for my own wedding, with multiple registration forms and a registry powered by Stripe.

For my final project at Trellix, my team was tasked to bring over a machine-learning based malware identification platform from another company that we were splitting from. This required modernizing it to work with our tech stack, so I created a new build and deployment pipeline using CDK and SaltStack to deploy a variety of AWS services, EKS micro-services, and databases.

As my second project for Trellix, I co-led a project to rebuild a legacy UI for a security orchestrator into the Helix XDR platform.

As my first project at FireEye (now Trellix), I re-architected the host security appliance StoryTime plugin to substantially increase its usefulness while making it more performant and maintainable.

My final project for DirectDefense was creating a new interface to help penetration testers deliver professional reports more quickly with a high degree of data integrity and customizability. This was a big win for the consultants, as is was customized to their workflow and unlocked greater efficiency along with new possibilities for inter-project tracking.

My first project while working at DirectDefense was to maintain their ThreatAdvisor B2B SaaS application, which is used by DirectDefense consultants and clients to collaborate and improve the client's security posture. I worked full-stack, including front-end, back-end, database, and self-hosted highly available infrastructure. I took lead on several important features, including our risk register and compliance workbench. It was a really fun project where I was able to increase my relational database skills and contribute with my JavaScript experience and design work.

The RevealFM radio app allows listeners to stream the Cumberland, PA based station to their iOS or Android devices anywhere in the world, as well as browse the list of regular teachings that are aired on the station. I love the message of hope that this station proclaims through its worship music and teachings, and can't wait to see how God uses this app for His glory.

After years of struggling with training for cyber-security compeitions, for my capstone project I pitched an idea for a blue-team training platform that provides for defenders what Hack-the-Box provided for attackers. 5 other computer science majors joined my cause, and we created a great platform for creating and running blue-team training simulations in the cloud. We created custom Linux and Windows scoring agents (learning from my experience with LWASP), and integrated them tightly with the rest of the system that we built fully serverless on AWS. At the time of project completion, VMDefender could run simulations on-demand in the cloud and provide hands-on training experience to cyber defenders at all level, with nothing more than a browser, OpenVPN, and SSH/RDP clients.

The CC Orlando App is a cross-platform church app with a past sermon browser, event system, and bible reader built in. I've baked a lot of cool features into this Firebase-backed project, and way more goes on behind the scenes than anyone would guess. You can download it from the App Store and Google Play Store.

I developed a cross-platform mobile application and backend API to manage various reporting and tracking functions for use by employees in the field. I integrated the app with a Mobile Device Management platform for automated install and management on company devices.

I led a team to build the Keyper password manager as a school project for UCF. I'd been using password managers for a while and was intrigued to re-engineer their security features to gain a better understanding of how they work. This was a very fun challenge, because we wanted to make a password manager that required no user trust in us as development team. To that end, we open-sourced all of the code and used client-side encryption, so all password entries were encrypted on the client side with the user's password using AES-256. With both a website and an Android app, we had to write equivalent client-side serialization and encryption functions in JavaScript and Java to ensure interoperability. I designed the website to be more simple to use than any password manager I've tried so far, with type-anywhere-to-search, shortcuts to copy any field and launch the site, a front-page password generator, and dynamic tags for grouping password entries.

I developed a working attack for the POODLE attack against SSLv3, which was discovered in 2014 and is now almost fully mitigated. The exploit code was accompanied by a presentation and report given in the Intro to Cryptography class that I took in Fall 2018. This project was really valuable to my own learning, and required me to dig deep into SSL/TLS Wireshark analysis, NFQueue through IPTables, raw packet manipulation, practical padding oracle attacks,and CORS request usage with cookies.

I led a team to develop the Salu contact manager in a few weeks from scratch. This was a great opportunity for me to be exposed to building custom web apps using a modified MEAN stack, getting more familiar with JWTs, and coordinating with a team over Git & Discord. I really enjoyed the simplicity of Vue and the great developer tools, and appreciated the continuity of using JavaScript for the entire stack.

The OSC Scene Controller listens for OSC commands in the form of '/scene/key' and then sends out a predefined list of OSC commands to the appropriate endpoints, allowing for 1-tap transitions in lights, video, and sound for show control. It is very flexible and extensible, allowing for mapping, list resolutions, varied delays on sends, MIDI triggers, and other powerful features. I also adding routing capabilities, so that it can send messages that start with prefixes other than `scene` to their appropriate destinations, so that front-end interfaces can send all messages to this scene controller. It is cross-platform and lightweight that it can be run in parallel with other show-critical software. It works great with atemOSC, DMXIS, D-Pro, OSCulator, and any other software that talks over OSC.

As a part of the bible view of the CC Orlando App, I wanted the book switcher to gently vibrate the device when scrubbing. At the time, React Native didn't support any granularity in vibrations, and the default was too jarring. So, I made this library to trigger one special vibration type on iOS. This has been archived in favor of react-native-haptic-feedback, where I contributed to make their library just as performant as mine was for my specific use case.

This was created while I was the Chief Petty Officer of a local Sea Cadet unit. I noticed that keeping attendance on Paper was tedious and did not adapt to changing circumstances, and manually calculating PRT scores was even worse, so I created an app automate and simplify the tasks. NSCC Manager was actually a fairly comprehensive app, allowing for configurable attendance taking with parameter injection and PDF Report generation; quick and easy PRT score entry, immediate score calculation, and score tracking over time; and cadet information tracking, including rank, age, and contact information. NSCC Manager was a one-stop shop for day-to-day unit administration, and even had a web portal that allowed for viewing of attendance records and PRT scores. Unfortunately, lack of traction in the unit and at NHQ forced me to abandon this project. However, it was an amazing introduction to AWS, including DynamoDB, IAM, and other services, as well as advanced iOS user interface design. It also introduced me to the world of software documentation and business, as I wrote up documents and proposals to send to NSCC National Headquarters.

While volunteering on the production team at Calvary Chapel Orlando, I created a full-screen OSC-controlled timer so that the teacher could see the current time in large font projected onto the back wall. Instead of pulling up a time app on the projection computer and then having to format it correctly and update the routing to only show on the back projector, we installed my python script on a raspberry pi that stays on and stays attached to the back projector, so that we could easily switch the projector input when the teaching started. Then, we could use a custom control interface on an iPad to send OSC messages to start and stop the countdown or switch to clock mode, depending on the teacher's preference.

The website at unity18.ccorl.com was built for Calvary Chapel Orlando's annual True Youth Conference, which took place in August 2018. The website allowed attendees to quickly see all of the important details, learn more about the three speakers, register for the conference, and contact the organizers. I built this using the Hugo static website generated with a heavily modified blog-based theme, and then set up registration through the Firebase back-end for the CC Orlando App using Stripe for processing payments.

The Linux Watchful Adaptive Security Compliance is a scoring engine for Debian-based Linux images, designed to help cyber security students improve their skills by scoring points for fixing vulnerabilities. LWASP has a simple graphical interface that allows instructors to quickly set up vulnerable images. The active scoring report is reminiscent of that used by the CyberPatriot program, and is especially helpful for students training for the CyberPatriot competitions. I made the code modular, so that open-source contributors could easily extend the framework for their own needs.

At Northrup Grumman I worked on an internal R&D project related to their combat simulations. I created unit and system tests which were also used to demonstrate the capabilities of the system.

The Web Information Modular Management Portal (WIMMP) is a web server based on RethinkDB and Horizon, that allows for easy personalization of a template interface for sharing files, links, and information with viewers. I created it for use at a CyperPatriot summer camp I was staffing, and that was the only time it was used. It accomplished the task of being an information portal for the cadets to use during that week. It was also my first time using React, which would prove critical to my later career.

This was created while I was an officer of the National Honor Society in High School. Wanting a way to track members, contact information, shirt sizes, meeting attendance, and community service hours, all while allowing for all officers to be able to administer the club, I created this Groups Manager. It accomplished all I was hoping for, allowing for administration through the mobile app by multiple officers simultaneously. I only made it on iOS, and ran out of time to create the Android equivalent or a web site, and so ended up not moving forward with this project. The project was another great learning experience, and I won my district's Congressional App Challenge that year for my submission.

As an Intern at Black & Veatch I learned about security compliance & incident response and conducted a mock penetration test, which included both the technical skills and presenting the findings to the "client".

The project's goal was to automate a normal telescope using relatively cheap off-the-shelf hardware and simple-to-produce mechanical parts, so that a network of DIY enthusiasts could track astronomical entities automatically. During the 2 years that I worked on the project during High School, I created a re-vamped interface that was responsive, aesthetically pleasing, and easier to navigate. I added joystick control to the telescope and overhauled large portions of the code to make it more readable and efficient.

My passion for the Zendrum drove me to create this configurable, multi-touch drum app for iOS devices. It worked well, allowing for near-instantaneous sound playback with intensity-based triggers and various modes, but the lack of interest and amount of work still needed to produce a finished product forced me to move on to other projects. However, this project taught me iOS development with Swift, advanced touch handling, and precise resource allocation, in addition to improving my skills in user interface and graphic design.

For the final project of my AP Calculus BC class, I created a simple iOS app that demonstrated various calculus concepts in an interactive way. The built-in concepts are Derivative/Integral graphs, Rolle's Theorem, Intermediate Value Theorem, Mean Value Theorem, Theorem of the Mean Value, and Reiman Sums. Each concept states the relevant theorem and allows the user to interact with a graph that demonstrates it visually.