Aug 2023 – Present · 2 yrs 7 mos · On-site

• Own the compliance/GRC program (under internal security) end-to-end—turning policy into practice across Engineering, IT, Legal, and GTM. Build the operating rhythm for audits, risk, incident response, and privacy so Semgrep ships fast and stays compliant.
• Lead SOC 2 Type II readiness and annual audits; maintain the control library mapped to ISO 27001, GDPR/CCPA, and internal policies; coordinate evidence across teams.
• Run the GRC cadence: quarterly risk reviews, control testing, policy lifecycle, and security steering with execs; track OKRs/KPIs.
• Stand up incident response: severity matrix, playbooks, on-call/war room routines, post-incident RCAs, and tabletop exercises.
• Drive threat & vulnerability management: set SLAs, partner with Eng/TechOps on patching, SAST/secrets scanning in CI/CD, and misconfig monitoring.
• Establish vendor risk + privacy workflows: intake/security reviews, DPAs/TIAs, data mapping, DPIAs, and record of processing.
• Ship security awareness: onboarding/training
• Support customer trust: security questionnaires, due-diligence calls, and curated artifacts (policy set, pen test, architecture overviews).

Jun 2023 – Aug 2023 · 2 mos · On-site

• Conduct research and analysis to ensure GDPR compliance, focusing on user data accessibility and deletion processes.
• Innovatively design and implement a data deletion service, ensuring effective and secure erasure of customer data.
• Explore and evaluate various cookie consent solutions, considering their impact on user experience and third-party tools, with a user-centric approach and minimal imposition.

Jan 2023 – Jul 2023 · 6 mos · Berkeley, California, United States · On-site

• Conducted research, developed multimedia assets, and written content for social media and other digital platforms.
• Executed marketing materials for UC Berkeley Student Affairs social media accounts on various platforms, including TikTok, Instagram, Discord, and other social media platforms.
• Helped garner over 395K views on IG alone with 7 videos that I directed, created, produced, and edited.

Jan 2022 – Dec 2022 · 11 mos · Berkeley, California, United States · On-site

• Participated in fraternity-wide decision-making, including strategic planning, budgeting, and event planning.
• Created a new seven-week pre-law curriculum to educate first-generation college students on J.D. career paths.
• Coordinated and facilitated weekly Legal Events & Planning panels to cultivate professionalism among fraternity members and educate them about the legal industry.

Aug 2020 – Aug 2023 · 3 yrs · Remote

• Developed and executed goals for the cybersecurity webcast, including increasing awareness, promoting career opportunities, providing resources, educating and inspiring, increasing competition participation, building a network, and creating job growth.
• Managed the project's allocation from the National Security Agency (NSA) to ensure compliance with their guidelines and requirements.
• Gathered weekly project updates from the entire team. Implemented and enhanced project management tools. Produced and edited content for viewers about K–12 cybersecurity.
• H98230-20-l-0292 (CAE-C -C)
• Solicitation CAE-C -C-001-2020
• CFDA # 12.905.
• Establishment of a National K-12 Cybersecurity Pipeline

Jun 2019 – Aug 2019 · 2 mos · Irvine, California, United States · On-site

• Made projections in the technology sector, such as by examining the model of the Alphabet Inc. subsidiary, Project Loon (Loon LLC), and suggesting creative applications.
• Communicated findings and recommendations to senior management and external stakeholders through presentations, reports, and other mediums.