Aug 2011 – Aug 2013 · 2 yrs · New York, NY

• Responsible for the ideation and prototype implementation of next generation technologies related to mobile platforms, interactive television, and social media, including development of enterprise iOS apps to support television ratings analysis and distribution.

Oct 2008 – Jul 2011 · 2 yrs 9 mos

• My role as senior architect in CA's IT Security department has given me access to a wide array of projects and activities in the security space. Some of my more notable contributions are as follows:
• Accepted to the Global Future Leaders Development Program
• Responsible for Security Architecture within the Enterprise Architecture group
• Co-led the development of a company-wide software security assurance program
• Served on the "Council for Technical Excellence" (technical thought leadership organization)
• Guided the "Engineering Excellence" committee on implementation of software security assurance program
• Designed and presented an SSL certificate management solution to C-level executive management
• Led security architecture within CA's internal IT area, supporting 500,000 customers and employees
• Reviewed and re-architected the Identity & Access Management technology program
• Launched the "Brown Bag Technical Sessions" program (internal "tech talks" and invention farming)
• Represented CA at an industry review panel of NIST's "Supply Chain Risk Management" recommendation

May 2008 – Oct 2008 · 5 mos

• At Cigital, I was fortunate to work with some incredibly smart, talented folks, securing our customers' critical business assets. In my role as a Senior Security Consultant, I led a number of security assessments of high-profile web-based applications. These assessments included penetration testing, but were also focused on identifying and helping to mitigate business risk.
• As part of a smaller project, I reverse engineered and wrote a brute-force password cracker for a full-disk encryption product. I also wrote a series of technical security standards for Java and .NET technologies, and performed remediation on some insecure C# and ASP.NET code.

Jun 2005 – May 2008 · 2 yrs 11 mos

• Reported directly to the Chief Information Security Officer
• Conducted targeted, in-depth risk assessments against enterprise systems and processes
• Designed and developed static analysis tool (Yasca), leveraging FOSS components
• Taught "Lunch & Learn" events on various topics related to information and application security
• Evaluated commercial and FOSS black-box and static analysis security testing tools
• Conducted dozens of penetration tests against applications and hardware components
• Served as thought leader in areas of application security and cryptography
• Advised architects and project implementation teams on matters of software security and secure design
• Investigated security-related incidents (including forensics) and reported software vulnerabilities
• Authored two chapters of OWASP's "A Guide to Building Secure Web Applications and Web Services"

Jun 2002 – Jun 2005 · 3 yrs

• Served as member of the Web-Services Expert Panel at J-Boss World 2005.
• Contributed regularly to security mailing lists (including webappsec and bugtraq)
• Served as subject matter expert for secure software development
• Led the technical design of an enterprise-wide contract management system

Jan 2001 – Dec 2001 · 11 mos

• Taught students weekly at supplementary section
• Conceived and implemented "Honors" section