Jun 2025 – Present · 9 mos

Mar 2025 – Present · 1 yr

• Working with the open source community to advance the security of Agentic AI and GenAI generally by Contributing and authoring White papers.

Jun 2024 – Jul 2025 · 1 yr 1 mo

• Pioneered the development of comprehensive GenAI security best practices and standards for Amazon's flagship products (Amazon Q and Bedrock), including guardrails, prompt-injection protections, compute isolation, and session management, and implemented mechanisms to enforce them across the organization.
• Accelerated GenAI feature integration, reducing launch timelines from 3 weeks to less than 1 week by creating efficient, security-compliant Golden Paths for various integrations.
• Enhanced security for key features like Amazon QuickSight's Natural Language to SQL editor, reinforcing data protection and query integrity.
• Led security assessments for AI model integrations across the AWS ecosystem, ensuring strict adherence to security standards, and spearheaded developer training initiatives, improving team-wide awareness and expertise in secure AI integration.

Dec 2022 – Jun 2025 · 2 yrs 6 mos

• Conducted threat modeling, design reviews, and security testing for over 150 new feature launches, continuously raising the security standards for AWS Analytics and Big Data Services within the Hadoop/Spark ecosystem, including Athena, EMR, and Lake Formation.
• Led security reviews for major AWS Spark launches, including Native Fine-Grained Access Control, HBase Write-Ahead Logs, Native LDAP Integration within Spark, Remote Shuffle Protocol, Multi-Dialect (Trino, Spark, SQL) Views, and Predicate Pushdown security.
• Core Security Contributor to Membrane: A Secure was to do FGAC in Native Spark
• Helped Securely launch many SQL products which are being used in GovCloud and ADC regions for mission-critical workloads.

Nov 2021 – Dec 2022 · 1 yr 1 mo

• 1. Threat model core AWS databases cloud architecture like RDS (Relational Database Service), EMR (Elastic MapReduce) and Managed blockchain and help the service and product remediate security findings.
• 2. Conduct threat modeling, design reviews, testing of new infrastructure and raise the security bar for product and service team.
• 3. Design and build tools to help eliminate attack vectors, harden the platform, and enhance monitoring of services and decrease developer frustrations by moving left in the software development lifecycle.
• 4. Find and analyze vulnerabilities, rate their severity, and drive resolution to them. Work with testing team to help validate the fixes.
• 5. Support SecOps with incident response in collaboration with products teams to remediate issues within SLA.

Aug 2021 – Nov 2021 · 3 mos · Seattle, Washington, United States

• Integrate Security tools like static code analysis, dynamic code analysis, secret detection into the CI/CD pipeline.
• Automate some aspects of threat modeling, design, security, and architecture reviews and build a system to ensure applications are compliant after the review stage.

Nov 2020 – Feb 2021 · 3 mos · Seattle, Washington, United States

• 1) Improve Business Continuity and Disaster Recovery solutions at Nordstrom by creating an infrastructure-as-code solution for data protection and data loss.
• 2) Enhance protection against permanent data loss, corruption, seizure, or ransom by Isolating and reducing permissions surface area on both short-term and long-term storage.
• 3) Configure and deploy object lock policies to enable WORM protection with legal and compliance requirements in mind.
• 4) Implement least-privilege permissions controls to manage backups and configuration.

May 2020 – Aug 2021 · 1 yr 3 mos · Seattle, Washington, United States

• 1. Architected and built the Threat Intelligence platform from scratch using open-source tools like MISP.
• 2. Supported and performed a deep-dive analysis of TTP’s of both internal and external threats as well as performed threat modeling for applications to defend Nordstrom’s infrastructure, to improve the ability to defend vulnerabilities, and make Security-in-depth a default concept during SDLC.
• 3. Reverse engineered malware, triaged threat intelligence, researched attacker infrastructure to curate previously unknown Indicators of Compromise, and created actionable results and remediation plans for internal stakeholders to proactively improve the security posture and maturity.
• 4. Conduct Design Reviews, Security assessments and threat modeling for new applications as well as ad hoc automated and manual penetration testing.

Feb 2021 – Oct 2021 · 8 mos · Las Vegas, Nevada, United States

• Lead Instructor teaching Cybersecurity courses through @HackerUSA at UNLV.

Sep 2019 – Aug 2020 · 11 mos · Seattle, Washington, United States

• 1. Taught over 100 students in various classes including Introduction to programming, Design for personal heal as well as Data and privacy ethics.
• 2. Conducted lab section meetings, prepared and graded assignments, and maintained grading records.
• 3. Held regular office hours, tutor students, manage and respond to course-related e-mail.

Jun 2019 – Aug 2019 · 2 mos · Greater Seattle Area

• 1. Identified vulnerabilities by simulating external and internal attacks, which exercise and validate Nordstrom’s ability to prevent, detect, respond, and recover to cyber risks.
• 2. Developed a security toolset that increased the Red Team’s ability to find and exploit network, Active directory operating system, application, and datacenter vulnerabilities.
• 3. Researched and analyzed known hacker methodology, system exploits, and vulnerabilities to support Red team assessment activities and created written reports, detailing assessment findings and recommendations.

Dec 2017 – Jun 2019 · 1 yr 6 mos · Greater Seattle Area

• 1. Developed custom Plugins and Macros in ImageJ (JAVA) to remove bottlenecks, improved analysis time from hours to seconds, and automated multiple processes using Python and Macros.
• 2. Used Statistical methods to analyze large MRI Datasets to produce create descriptive visualizations in order to derive insights about the multiple diseases including Cancer and Muscular Dystrophy