Jan 2025 – Present · 1 yr 2 mos

• Serving as vCISO for a high-growth AI web3 company. Advising executive leadership on cloud security, incident response, and compliance strategy, and helping scale a security program that balances speed, automation, and regulatory rigor.

Jan 2019 – Apr 2025 · 6 yrs 3 mos

• I thrived on tackling the unique challenges posed by the cryptocurrency industry, where the frequency and intensity of cyber threats are unparalleled. In this role, I oversaw diverse teams specializing in Incident Response, Security Operations, Security Research, Threat Intelligence, Insider Threat, Hardware Security, Vulnerability Management, Cloud Security, Red Team, Penetration Testing, Blue Team, IT Support, Productivity Platforms, IAM, and Application Security.
• Established a Red Team that utilizes frameworks like MITRE ATT&CK to emulate real-world adversaries, identifying complex, multi-stage vulnerabilities.
• Developed a 24/7/365 Blue Team dedicated to detecting and responding to threats across global services and products, ensuring continuous protection.
• Founded Kraken Security Labs, leading to the discovery of zero-day vulnerabilities in products from major vendors, including Google, Verizon, Zoom, Ledger, and Trezor.
• Built a Cloud Security team that implements CIS best practice benchmarks across tens of thousands of resources in a multi-cloud environment, enhancing our cloud infrastructure's security posture.
• Led the IAM team in enforcing least privilege principles, significantly reducing risk and achieving a 0% phishing incident rate through targeted initiatives.
• Established a Threat Intelligence function responsible for identifying and dismantling hundreds of phishing domains and social media impersonators monthly, protecting our brand and users.

Apr 2018 – Dec 2018 · 8 mos · Chicago, IL

• I stepped up to lead a larger consulting team with bigger financial responsibilities and PCI, HIPAA, FedRAMP, and SOC2 testing requirements.
• Led a multi-million dollar practice and directly managed a team of 10+ security consultants performing penetration test engagements, including to support PCI and FedRAMP assessments
• Overhauled service offerings, reporting processes and sales templates

Jan 2015 – Mar 2018 · 3 yrs 2 mos · Chicago, IL

• I led a multi-million dollar penetration testing practice from pre-sales through delivery.
• Managed, coached and trained a team of security consultants that perform internal testing, external testing, hardware testing, red teaming, web application testing, mobile testing, social engineering and vulnerability scanning
• Oversaw all aspects of the service line, including methodology, scheduling, personnel and quality assurance
• Led engagements to meet compliance requirements, including the PCI DSS, and advised on compliant remediation and retesting activities

Jul 2013 – Jan 2015 · 1 yr 6 mos · Chicago, IL

• I took my technical mastery to a growing professional services firm, where I continued to hone my expertise in network, application, and social engineering testing.

Dec 2011 – Jun 2013 · 1 yr 6 mos

• I joined one of the most elite hacking teams in the world at the time, Trustwave SpiderLabs. I learned how to be a customer-service focused consultant and a team lead for Fortune 500 client engagements.
• Independently performed over 100 internal, external, and wireless penetration tests for clients ranging from Fortune 500s to small businesses
• Collaborated with team members to deliver multinational security assessments
• Educated C-level executives through technical IT staff on defensive strategies to mitigate exploited attack vectors

Dec 2008 – Dec 2011 · 3 yrs

• I started off at the IT helpdesk but quickly took on systems and security administration responsibilities at a mid-sized engineering and design firm.
• Crafted an Electronic Communications Plan for all classified and unclassified U.S. DOD contracts
• Implemented Linux, Active Directory, firewall, networking, and virtualization for unclassified and classified projects
• Performed security audits, presented findings, and implemented security controls to mitigate vulnerabilities