Jul 2024 – Present · 1 yr 8 mos · Remote

• Lead & manage Android and Devices Security Engineering, including Android's Red Team, exploit research, and product security engineering functions.

Jun 2021 – Jul 2024 · 3 yrs 1 mo · Remote

• Lead & manage a PMO and security engineering function within Android Security dedicated to Android's vulnerability management, vulnerability reward programs, release/bulletin, security review, and incident response programs.

Jan 2019 – Jun 2021 · 2 yrs 5 mos · Remote

• Lead & manage the "App Safety" PMO within Android Security, dedicated to scalable detection and prevention of malware.
• Found and lead 3P Android Appsec function, empowering app developers to find and fix vulnerabilities.
• Lead program management of Privacy Sandbox on Android.

May 2016 – Dec 2018 · 2 yrs 7 mos · San Francisco Bay Area

• Lead technical service delivery for HackerOne, including building and managing our team of Technical Account Managers, as well as Security Analysts that perform frontline triage for our customers.
• Run the Internet Bug Bounty program (https://hackerone.com/internet-bug-bounty), Disclosure Assistance (https://hackerone.com/da), and other efforts to help organizations start and run successful bug bounty programs, help hackers succeed, and generally drive the creation of bounties in order to help make the Internet a little bit safer.

Apr 2015 – Apr 2016 · 1 yr · Venice, CA

• Initiate, plan, execute, and close information security projects across various areas (application security, spam & abuse, identity management, platform hardening, wireless security, vulnerability management, bug bounty, red team, and detection/response).
• Develop and lead infosec training for new hires every week, and regularly teach a Project Management 101 course to help enable individuals across the org to lead initiatives within their respective teams by managing without authority. Mentoring others on career development, and mentoring TLs on how to mentor their team members.
• Regularly work to bridge the gap between security team and the rest of the software engineering org, as well as IT, leading projects that provided security benefits to production and internal infrastructure, as well as the app itself.

Jun 2011 – Mar 2015 · 3 yrs 9 mos · Mountain View, CA

• Keep Google's assets, users, and employees safe, from the perspective of information security. Ensuring security vulnerabilities were squashed in a timely manner, as well as working on ways to analyze the current state of security and identify systemic issues in an attempt to treat root causes, instead of symptoms.
• I worked on the Vulnerability Management team, helped run Google's Vulnerability Reward Program, helped run the internal pentesting program, and led a variety of projects related to detection and response.
• I also taught Foundations of Project Management (PM basics), and facilitated EDGE (Google's 2-day offsite leadership training program), helping foster project management and leadership skills across hundreds of Googlers.

Dec 2007 – May 2011 · 3 yrs 5 mos · Greater Minneapolis-St. Paul Area

• Senior Security Consultant
• Lead and conduct external and internal network penetration tests, web application penetration tests; designed and implemented social engineering service offerings, defined methodology and authored templates
• Consult with SMB to Fortune 50 clients to review assessment results and facilitate remediation efforts between infosec, IT, and development teams
• Work with directors and C-level management to establish efficient, scalable workflow and technical processes
• Project Manager
• Co-designed project management workflow for NetSPI; standardized processes and created templates across all service offerings for reuse throughout organization
• Manage 1-5 technical staff to efficiently and effectively complete projects
• Identify goals, assign responsibility and deadlines for tasks, motivate staff to accomplish tasks and enable them by eliminating blocks to progress, ensure goals have been met; iterate again for any incomplete areas
• Plan, organize, lead, and control client-facing and internal projects
• http://www.netspi.com

Jun 2007 – Nov 2007 · 5 mos

• Performed network penetration tests, documented results, and communicated directly with clients to resolve potential risk
• Effectively implemented social engineering and email phishing attacks, and discovered and exploited existing network and software vulnerabilities
• Improved work processes through consistent automation and revision

Sep 2006 – May 2007 · 8 mos · Greater Minneapolis-St. Paul Area

• Assisted students in furthering their knowledge of C++
• Organized and led lab sessions of 30-40 students
• Coordinated with professor and other TAs to ensure quality of coursework

Aug 1999 – Sep 2007 · 8 yrs 1 mo · Minnesota

• Extensive experience interacting with thousands of patrons
• Improvisational acting in group and individual settings
• Performed live for audiences of 150+