Jun 2024 – Jul 2025 · 1 yr 1 mo · Remote

• Building and leading the company’s first dedicated security program, aligning security with the business and establishing executive risk visibility. Responsible for enterprise risk management, security operations, application security, and compliance initiatives, including ISO 27001. Driving improvements in threat detection, vulnerability management, and overall security governance.

Jan 2022 – May 2024 · 2 yrs 4 mos

• In my time at Bluebeam, I have implemented a robust NIST-based security program, integrating policies, risk management, and maturity models. I established and chair an executive Risk Committee, driving data-driven security decisions. I successfully guided the organization through SOC 2 Type I and Type II audits within my first 18 months, and I also created an ISO 27701-aligned Privacy program in collaboration with Legal, maturing our approach to GDPR, CCPA, and other frameworks. I actively supported our sales teams in our business transition to SaaS and subscription models through contract negotiations, customer webinars, and direct customer interactions, while pioneering application and cloud security programs emphasizing shift-left practices.

Jan 2021 – Jan 2022 · 1 yr

• Grew security team from 4 to 8 engineers including building out an Application Security team dedicated to working with development teams to implement DevSecOps principles and tooling (SAST, DAST, SCA, and secure coding training). Implemented threat intelligence program with automated workflows driving IOCs into security tools, lowering Mean Time to Detect and improving perimeter defenses. Developed program to incorporate security in the sales process to improve customer experience, increase revenue, and lower operational cost of responding to customer security questionnaires.

Sep 2019 – Jan 2021 · 1 yr 4 mos

• Led a team of four InfoSec Analysts and Engineers in all functions of Information Security, including vulnerability management; threat detection and intelligence; incident response; and network, application, and infrastructure security architecture. Managed the security component of multiple major business acquisitions and resulting security team and tool integrations. Spearheaded multiple initiatives including transition to next-gen firewalls (Palo Alto), implementation of a software-defined perimeter for remote access, and organization wide implementation of a modern endpoint protection strategy.

Mar 2019 – Sep 2019 · 6 mos

• Managed two InfoSec Analysts and led major InfoSec projects and initiatives, including implementation of a SIEM and development of an application security framework with product and development executives. This included formalization of a scoring matrix, metrics and reporting, and an organization-wide pentesting program.

Jun 2018 – Mar 2019 · 9 mos

• Led several cross-functional security projects including implementation of a WAF to protect public SaaS applications and architecting IDS/IPS in production networks. Managed technical incident response and internal forensic analysis and built an internal CSIRT toolkit.
• Developed a dynamic application security testing (DAST) program and implemented it across multiple web applications. Performed manual penetration testing of web applications to identify vulnerabilities.

Feb 2017 – May 2018 · 1 yr 3 mos · Greater Boston Area

• Managed IT security for network, servers, and endpoints utilizing Carbon Black and Alert Logic SIEM and vulnerability management. Wrote IT security policies and ensured protection of company scientific data through auditing, reporting, and resilient data storage strategies. Assisted organization in implementation of SOC 2 and developed automations for IT controls.
• Administered full stack of IT infrastructure including NetApp storage, Cisco switches, Palo Alto firewalls, VMware ESXI hosts, Windows and Linux servers, and AWS cloud services

Apr 2015 – Feb 2017 · 1 yr 10 mos · Milton, MA

• Provided systems administration support for VMWare virtualized Windows, CentOS, and Ubuntu systems including server updates, user administration and creation, and availability and performance monitoring. Automated desktop support and helpdesk processes with Powershell and Symantec Altiris.

Jan 2014 – Feb 2015 · 1 yr 1 mo

• Developed and improved external relationships with local emergency managers, fire departments, and NGOs in nine counties. Managed all aspects of disaster services cycle for Red Cross in nine counties. Trained, supervised, and led volunteers in response to disasters ranging from single family house fires to floods and wildfires

Jul 2013 – Oct 2013 · 3 mos · Littleton, MA

May 2010 – May 2013 · 3 yrs

• Assisted faculty, staff, students, and visitors of Kenyon College with technology issues and requests through phone, chat, email, remote desktop viewing, and face-to-face support.

Aug 2009 – May 2013 · 3 yrs 9 mos · Gambier, OH

• Responded to fire, rescue, and medical emergencies as a ALS provider, while training and managing junior members of the fire department