I’m Spencer. This is my site. You probably came to this site either looking for an answer to a question or looking for me. If you are looking for an answer I hope you find one. If you are looking for me I’m not here right now, leave a message:

Meanderings About Me


I’m Spencer Shimko. I enjoy brewing beer, music, power tools, golf, disc golf, gadgets, games, politics, Android development, computers, home automation, craft brewed beer, wine, cooking, destroying and re-creating things (eg walls in my house), reading, and hanging out with family and friends. I enjoy debating about pretty much anything. I’m not always right. I’m color blind (Deuteranopia or strong Deuteranomalia). I love being challenged intellectually. What really surprises me is how little I know about the things I know the most about. I’m interested in pretty much all aspects of computer security and that spills over into my job.

I was pretty much raised in Catonsville, Maryland, outside of Baltimore City. I went to high school at Mount Saint Joe in Baltimore. I spent five years in North Carolina. I now live and work in Columbia, Maryland. My job has taken me all over the place. Internationally I’ve been to Australia three times, the UK four times, and Canada. For pure pleasure I’ve been to Spain, Morocco, Jamaica, and the Bahamas. I’ve been all over the US visiting every major region, but I haven’t been everywhere. Last count I was up to around 30 states or something.


I started learning DOS when I was old enough to type back in the early 80s. When I was four I knew all of the cool stuff ended in .exe, .com, or .bat. I spent hours tweaking config.sys and autoexec.bat to squeeze out every bit of memory so I could play games.

I got my first UNIX shell account on one of JHU’s SunOS servers in the early 1990s. I quickly learned the details of shadow files, wiping login and log artifacts, and other basics. Back in 1994 or 1995 I downloaded and installed Slackware (remember when Slack disk sets were actually floppy disks?!) and I’ve been using Linux in one way or another ever since. Got into the normal script kiddie stuff, security scanning, IRC bots, etc. Took my first programming classes in high school, BASIC and Pascal were taught back then. My C experience was self-taught at that point. Went to college. Continued building on security experience. Graduated college. Got a job in computer security field.

I worked in the IT field for awhile at CCBC. I learned a good bit there regarding the “real world” from admin and user’s perspectives. This knowledge continues to be valuable today. Then came Tresys.

I had the pleasure of working with Tresys Technology for eight years. Tresys contributes to the open source security community, does some (light) research and (heavy) development, is are deeply involved in the development of SELinux, and have a few products that developed along the way.

Tresys was amazing. So amazing it gave three of us the desire to do it again, on our own. In January 2013 I started Quark Security Inc with two of my best friends. I am now CEO of a computer security company.

Working in a small companies, and now owning one, offers great role flexibility and has exposed me to amazing variety of tasks. On any given day I could be working on business strategy, business development, marketing, security architecture development, research, coding, proposals, technical writing, security consulting, and security analysis and assessments.

I’ve done a good bit of security architecture design. I contribute to the development of requirements and design of security architectures. Then I also get to lead the technical team implementing the design and I work the QA team ensuring the requirements are met. This is also true of the other non-security architecture projects I’ve worked on, such as compilers and tool sets.

I’ve discovered one of my passions, in addition to security, is the build and integration process. There are numerous reasons for this. I like seeing everything come together. I think well thought out build and integration systems reduce the burden on developers, testers, and all involved. And I think designing and creating an elegant build and integration system that works for many contributing developers is incredibly challenging.

My knowledge is often leveraged for other security issues such as basic best practices and tips-n-tricks I’ve learned along the way.

While not everything I’ve worked on has been or will be made public here are some things I’ve been done along the way: