Jul 2025 – Present · 9 mos · https://linktr.ee/coffeechaosprodsec · Remote

• 🎙️ Coffee, Chaos & ProdSec is a weekly cybersecurity podcast where caffeine meets controlled chaos. Together with my co-host Kurt, I explore the wild intersections of Product Security, AppSec, and DevSecOps — from leaked keys and broken pipelines to the frameworks and people fixing them.
• Each episode blends technical depth with honest, conversational insight. We interview security leaders, discuss real incidents, and break down complex topics like supply-chain integrity, AI in security, and secure-by-design practices in a way that’s accessible, informative, and occasionally caffeinated-to-the-max.
• Highlights & Impact
• ● Produce and host weekly episodes exploring the evolving world of Product Security — from building secure products and pipelines to navigating the challenges of modern AppSec and DevSecOps.
• ● Built and scaled brand identity, content calendar, and community engagement strategy across LinkedIn, Spotify, and YouTube.
• ● Partnered with industry experts and OWASP project leads to bring credible, practical insights to thousands of listeners.
• ● Established the show as a learning resource for professionals seeking real-world ProdSec experience and career guidance.
• ☕ “Where cybersecurity meets caffeine-fueled chaos — and strong coffee leads to even stronger opinions.”

Jan 2025 – Present · 1 yr 3 mos · Austin, Texas, United States · On-site

• 🚨 Calling All Cyber Enthusiasts! 🚨
• 🍕 Welcome to CYBERLUNCH! 🍕
• 🎉 One special Friday a month, we come together to:
• ✅ Munch on delicious pizza
• ✅ Sip on your favorite drink
• ✅ Geek out over all things cybersecurity
• Whether you're a seasoned pro, a curious learner, or just love pizza 🍕, there's a spot for YOU at our table!
• 💻 Let's share ideas, swap stories, and build a stronger cyber community together.
• Don’t miss out on the fun—join us and let’s make Fridays the highlight of your week
• ➡️ Check it out at ➡️ https://www.meetup.com/cyberlunch/ ⬅️

Feb 2024 – Present · 2 yrs 2 mos · https://github.com/OWASP/www-project-spvs

• Co-Leader of OWASP Project SPVS (Secure Pipeline Verification Standard).
• The Secure Pipeline Verification Standard (SPVS) is a comprehensive, security-focused framework designed to assess, enhance, and standardize the security maturity of software delivery pipelines across the full lifecycle: Plan, Develop, Integrate, Release, and Operate.
• SPVS delivers structured, actionable controls to help manage and mitigate risks tied to code, artifacts, and operational environments, embedding security from inception through continuous operations. It promotes a proactive, security-first culture that aligns with compliance requirements, ensures artifact integrity, and reinforces operational resilience within modern DevSecOps ecosystems.
• Built on a multi-tiered maturity model, SPVS allows teams to start with baseline security practices and progress toward advanced, secure-by-design pipelines. It is both scalable and adaptable, supporting diverse cloud, hybrid, and on-premises environments and aligning with methodologies like Agile, DevOps, and Engineering.
• By embedding security at every phase and continuously validating controls, SPVS transforms traditional software pipelines into secure, resilient, and compliant systems. It provides a standardized, measurable approach for organizations to design, implement, and sustain secure pipelines, serving as a critical enabler of long-term DevSecOps success.

Mar 2022 – Apr 2022 · 1 mo · Remote

• Tech Stack: Veracode (SAST & DAST), WhiteSource (SCA), Snyk (IaC & Container), BurpSuite, GitLab
• Language Stack: C++, C#, JavaScript, Python, Go, Java
• ● Built the Application Security program from the ground up, integrating SAST, DAST, SCA, developer education, and policies to strengthen security across the organization.
• ● Led integration and management of Veracode (SAST, DAST) and WhiteSource (SCA) across all production CI/CD pipelines, improving security automation.
• ● Integrated Snyk's IaC and Container Security into CI/CD pipelines in under a month, strengthening infrastructure security across the board.
• ● Streamlined Application Security tooling integration, cutting setup time from hours to 20 minutes through centralized template scanning.
• ● Led a project to analyze and fix root causes of slow application scan times, identifying key bottlenecks and inefficiencies.
• ● Cut scan times for a large monolithic application by 97%, significantly improving security operations efficiency.
• ● Reduced security vulnerabilities in a monolithic repository by 95% in one quarter through focused vulnerability management.
• ● Provided Application Security expertise during multiple M&A processes, assessing security risks and helping leadership make informed decisions.
• ● Worked directly with developer teams on security tooling findings, making it easier to fix issues quickly and effectively.
• ● Helped replicate and fix vulnerabilities found by customers and pentests, improving product security and customer trust.

Jun 2021 – Mar 2022 · 9 mos · Remote

Sep 2020 – May 2021 · 8 mos

• Tech Stack: Tines.io (SOAR), Synopsys Polaris (SAST), OWASP Dependency Track (SCA), Acunetix (DAST), Jenkins, Groovy, AWS, EDR/EPP, Splunk (SIEM), Tenable.io, Secure Code Warrior
• ● Built the Application Security pipeline using Synopsys Polaris, Jenkins CI/CD Groovy Pipeline Library, and OWASP Dependency Track in AWS, improving security automation and compliance.
• ● Used SOAR to automate AppSec processes, triggering Jenkins automation on Bitbucket repository commits and pushes to streamline security checks.
• ● Onboarded Bitbucket repositories into the AppSec Jenkins CI/CD Groovy Pipeline Library, improving integration and security scanning processes.
• ● Partnered on a pentest audit of the authorization process, focusing on user account login via OAuth and OIDC, and identifying critical security improvements.
• ● Conducted a pentest on a mobile application using Android Studio and BurpSuite, assessing OAuth and OIDC flows to strengthen mobile application security.
• ● Worked with developer teams to fix AppSec detections, making sure vulnerabilities were addressed quickly and effectively.
• ● Helped run developer security awareness training with Secure Code Warrior, improving security knowledge and practices across the development team.

Nov 2019 – Sep 2020 · 10 mos

Oct 2017 – Nov 2019 · 2 yrs 1 mo · Orange County, California, United States · Hybrid

• Tech Stack: PowerShell, Python, Backlog, Jira, Windows Client/Server, Visual Studio Code
• ● Developed test plans and procedures to validate software requirements against customer specs, making sure everything aligned with what clients actually needed.
• ● Built a testing lab and unit farm using desktops and laptops for regression testing, significantly improving testing capabilities.
• ● Created automated test scripts that cut the test cycle from 1 month to 5 days, drastically improving efficiency.
• ● Integrated data analytics into automation to create a trackable history for better test analysis and reliability.
• ● Ran manual test cases and handled ongoing maintenance and bug fixes to keep software quality high.
• ● Analyzed and reported test results, documenting bugs with clear replication steps to help teams fix issues faster.
• ● Worked directly with developers to verify results, troubleshoot, and fix bugs found through automation testing.
• ● Replicated customer-reported bugs and debugged issues in the testing lab with developers to improve product reliability.
• ● Tracked bugs reported by partner companies using JIRA, keeping communication clear and organized.
• ● Set up and managed the company's bug tracking system with Backlog, streamlining how we tracked and resolved issues.
• ● Managed the company's software penetration test with a third-party vendor to ensure product security and compliance.

Jul 2016 – Oct 2017 · 1 yr 3 mos · Yorba Linda, California · On-site

• Tech Stack: C/C++, CSS, HTML, JavaScript, Jenkins, Git, JIRA, Eclipse IDE, Visual Studio Code
• ● Worked on the Tools & Infrastructure and Operating System teams, focusing on developing quality embedded software and improving core system functionality.
• ● Overhauled nightly regression testing into web-based reports with Jenkins, making it easier for the development team to access and understand results.
• ● Developed a plugin to integrate a third-party requirements management tool into JIRA, improving project management and requirement tracking.
• ● Built a dynamic manual page system in the ventilator's operating system that generated real-time manuals for each command using pointers and templates in C/C++, significantly improving system documentation and user support.