Accredited for finding numerous vulnerabilities for IBM Internet Security Systems; while working on their team code named XFORCE. He is now a Google Engineer.
Examples of vulnerabilities worked on: (either by himself or with his group):
Found Heap based buffer overflow of Common Management Agent
ClamAV Library Remote Heap Overflows Security Advisory
Multiple Remote Vulnerabilities in BIND4 and BIND8
Most famous for his skills with Reverse Engineering, finding the Heartbleed bug and binary source code auditing.