Nov 2024 – Present · 1 yr 6 mos · Global · Remote

• Founding Co-lead for the Agentic Security Initiative (ASI) of the OWASP Gen AI Security Project. The Initiative explores the emerging security implications of agentic systems.
• In addition to the security risks posed by Classical AI (Pre-Generative AI) and Generative AI systems, such as those identified in the OWASP Top 10 for Large Language Model Applications, Agentic AI systems present unique security risks due to their Planning, Reflection, Refinement, Long-Term Memory Access, and Tool access capabilities.
• The group will focus on producing practical and actionable guidance to help developers and engineers secure Agentic AI implementation in the enterprise.

Jul 2021 – Mar 2023 · 1 yr 8 mos · Santa Clara, California, United States

• Senior Security Architect and Team Lead for the US Product Security Architecture Group responsible for defining security requirements, executing secure design reviews, and threat modeling of products under the Network Security (NGFW), Secure Access Service Edge (SASE), Cloud-Delivered Security Services (CDSS), Cloud Management Platform (CMP), Attack Surface Management (ASM), and Cyber Threat Intelligence product portfolio.
• Responsibilities:
• Threat Modeling Service Co-Lead for Palo Alto Networks products and services.
• Trusted Machine Learning (ML) Research Initiative Lead for secure design, development, deployment, and governance of ML Models.
• Partner with cross-functional teams to deliver widely impactful security initiatives.
• Mentor and guide fellow security architects on effectively facilitating, communicating, and executing impactful security initiatives.

Oct 2011 – Oct 2017 · 6 yrs · San Ramon, California

• I was Five9's first hire Security Engineer who progressed through the ranks. I reported to the CISO and later on to the VP of Cloud Ops leading the Global SaaS Platform Vulnerability Management Program,
• Product and Application Security, Cloud Legal & Compliance (PCI-DSS, HIPAA, FTC, CPNI, CALEA), and Cloud Security Research & Innovation (Cloud Security Alliance (CSA) Research Participation)

Apr 2006 – May 2007 · 1 yr 1 mo · Five9 Inc. Philippines

• Network Assessment Specialist and VoIP Engineer.
• Responsibilities:
• Design, implement, troubleshoot and maintain secure and High Availability (HA) Voice-over-IP (VoIP) networks for Five9 customers based in North America.
• Conduct remote and on-site VoIP pre-deployment network assessment and troubleshooting for enterprise customers.
• Manage VoIP deployment for enterprise and strategic customers.
• Evangelize best practices in VoIP performance monitoring, optimization and security.
• Softphone troubleshooting and debugging using Wireshark Protocol Analyzer and other tools.
• Technology Stack: TCP-IP, Counterpath/XTEN, SIP over TLS, RTP/SRTP. Java RMI, JBoss, AudioCodes

Jan 2007 – Jan 2011 · 4 yrs · San Francisco Bay Area

• Security Consultant engaged in annual penetration testing and social engineering of manufacturing and material research companies based in Silicon Valley and North America.
• Toolkit:
• NMAP, Nikto, OWASP Zap, Metasploit Open Source Framework, Armitage, Cobalt Strike, Nessus, Binwalk and Python.

Apr 2005 – Apr 2006 · 1 yr · Quezon City, Philippines

• SCI Inc. is a Business Process Outsourcing (BPO) that pioneered the deployment of cloud-based Call Centers in the Philippines using Five9 Virtual Contact Center (VCC) Software-as-a-Service
• Achievements:
• Design, implement, and maintain secure and High Availability (HA) Voice-over-IP (VoIP) networks for Five9, Inc. including local and international customers and partners. Drastically reduced company Call Center operational costs (OPEX) by implementing SIP Gateways bypassing international Telco Rates and using off-the-shelf network devices and hardware.
• Provide Technical Support and Implementation Guidance to US-based customers in deploying and integrating Five9 VCC with customer CRMs (Salesforce, Netsuite, etc.)
• Customer firewall configurations to support Sessions Initiation Protocol (SIP) and Real-Time Transport Protocol (RTP)

Apr 2001 – Apr 2005 · 4 yrs · Subic Bay, Philippines

• Provided Information Technology Services to local businesses focusing on Local Area Network (LAN) and Windows Systems Administration, Ethernet Cabling, Layer 2 Switching, and OS installation.