Mar 2019 – Jul 2021 · 2 yrs 4 mos

• Senior cyber leader responsible for application security outcomes across a highly regulated global financial institution.
• Led a ~65-person organization securing approximately 2,000 of the bank’s most critical applications across multiple business lines.
• Stabilized a function in crisis, transforming it into a low-friction, high-performing organization with strong internal trust, predictable execution, and a clear succession plan.
• Owned the translation of security standards into actionable engineering requirements and adjudication of outcomes for Change Advisory Board (CAB) approval.
• Designed and implemented a defensible, repeatable exception management process, improving risk clarity and reducing exception volume over time.
• Championed automation to remove humans from low-value, error-prone work, enabling faster and more consistent guidance for engineering teams.
• Created a net-new threat modeling function focused on real change and real risk, rather than static standards.

Sep 2017 – Present · 8 yrs 8 mos

• Serve as an advisor and board member to early- and growth-stage application security and developer tooling companies, providing guidance on product strategy, market positioning, and enterprise adoption.
• Advise founders and leadership teams on scaling security products, navigating regulated enterprise environments, and aligning engineering execution with customer and market realities.
• Actively engaged as an angel investor in the application security ecosystem.
• Contributing editor to industry publications including DevOps.com and SecurityBoulevard, writing on application security, DevSecOps, and software delivery.
• Regular speaker and program committee contributor for industry conferences and communities, including SecureWorld, DevSecCon, and DevNetwork.

Mar 2016 – Mar 2019 · 3 yrs · Burlington, MA

• As Field CTO, served as the face and voice of Veracode through international conference talks, webinars, interviews, and executive briefings.

Aug 2011 – Mar 2016 · 4 yrs 7 mos · Burlington, MA

• Conceived, pressure-tested, and led the largest architectural transformation in Veracode’s history, persuading leadership to halt all other development and delivering a patented platform innovation that became a long-term market differentiator.
• Led engineering transformations from Waterfall → Agile → DevOps → Kanban, shrinking delivery cycles from months to days and dramatically improving predictability and responsiveness.
• Led Project Purina, using Veracode to secure its own product—creating a repeatable, real-world AppSec implementation template that powered customer and prospect conversations and delivered the platform’s first customer-facing integrations.
• Frequently engaged with Veracode’s largest and most operationally challenged enterprise customers to diagnose complex issues, provide root-cause clarity, and reframe isolated failures within overall program outcomes.

Aug 2006 – Aug 2011 · 5 yrs · Burlington, MA

• I joined Veracode in 2006 as a platform developer and was instrumental in delivering the first version of Veracode’s service to customers. I built key aspects of the Veracode service including policy management and reporting that are still cornerstones of the value to customers.

Jul 2004 – Aug 2006 · 2 yrs 1 mo

Feb 1996 – Jul 2004 · 8 yrs 5 mos

• Acquired by Sun Microsystems in April 2001.

Feb 1994 – Feb 1996 · 2 yrs

Jun 1991 – Feb 1994 · 2 yrs 8 mos