Jul 2025 – Present · 9 mos · Remote

• Short form ideas shared to encourage thinking.

Jun 2024 – Feb 2026 · 1 yr 8 mos · Remote

Nov 2022 – Jun 2024 · 1 yr 7 mos

• Participating in Responsible AI Red Team assessments on GitHub Advanced Security Artificial Intelligence (AI) capabilities, such as the “Autofix” functionality that was launched in private beta to customers in January of 2024.
• Guiding businesses on the adoption of DevSecOps practices at scale with the GitHub Advanced Security product suite across various industry verticals, including Technology, FinTech, Insurance, Financial, Healthcare, Automotive, and Systems Integration companies.

Nov 2021 – Nov 2022 · 1 yr

• Developed novel CodeQL queries to identify exploitable vulnerabilities in customer’s native code.
• Customized and Remediated issues within public CodeQL queries in support of open source static analysis at scale.
• Acted as a subject matter expert on the practices of Static Analysis, DevSecOps, and Application Security during internal meetings with Product Management and Engineering.

May 2021 – Oct 2021 · 5 mos

• Led the Collaboration Technologies, Global Messaging, and Service Technologies teams as we strive to deliver a great experience through the software our colleagues leverage to do business.
• Drove the core principles of "security by design” by reducing friction between Security and IT, while expediting the development and/or adoption of innovative and secure technologies.
• Enabled holistic management of technology use by colleagues in order to create a universal digital experience that is centered around the needs of the business and its customers.
• Created both dynamic and stable technology platforms that integrate practices from development, security, and operations to increase automation, scalability, and reliability.

Apr 2020 – May 2021 · 1 yr 1 mo

• Led the Conference, Office, and Service Technologies teams as we strive to deliver a great colleague experience through the software they leverage to do business.
• Implemented the core principles of "security by design” by reducing friction between Security and IT, while expediting the development and/or adoption of innovative and secure technologies.
• Enabled holistic management of technology use by colleagues in order to create a universal digital experience that is centered around the needs of the business and its customers.
• Developed both dynamic and stable technology platforms that integrate practices from development, security, and operations to increase automation, scalability, and reliability.

Sep 2019 – Apr 2020 · 7 mos

• Led a globally distributed team of senior managers, managers, engineers, and researchers responsible for software security testing across all company business units and products.
• Authored the company's original “Security by Design” program; responsible for providing guidance on how to architect and build security into the software development lifecycle.

Jun 2018 – Sep 2019 · 1 yr 3 mos

• Built a distributed team of engineers and researchers to address core technical and administrative capabilities within the software security domain.
• Authored the company's original software security strategy; responsible for architecting and implementing security testing as part of the software development lifecycle.
• Architected the company's centralized version control strategy, designed to improve software development efficiency and security across the organization.
• Designed training toward building a secure software development lifecycle; implemented multiple paid and open source solutions to add breadth of coverage at scale.

Mar 2019 – Present · 7 yrs 1 mo

• Long form, tech-focused ideas on Security, Software, Careers, and Life.

Jan 2018 – Jun 2018 · 5 mos · Remote, New Hampshire

• Administered training to internal resources regarding complex application security concepts.
• Built and maintained automation tools to enhance the quality and speed of program launches.
• Engaged in technical guidance to both executives and practitioners toward establishing and maintaining effective Bug Bounty programs at scale.

Jun 2017 – Jan 2018 · 7 mos · Remote, New Hampshire

• Designed and engineered proof-of-concept applications and security research tooling.
• Led development of Bugcrowd’s security researcher training initiative as Project Manager.
• Spoke at (or acted as a technical resource for) industry trade shows and conferences, including BSides Las Vegas, Black Hat, DEFCON, DerbyCon, and HackFest Canada.

Jan 2018 – Mar 2019 · 1 yr 2 mos

• Host, Application Security Weekly (episodes 0-55)

Jan 2017 – Apr 2020 · 3 yrs 3 mos

• https://infosecmentors.net

Jan 2016 – Jan 2017 · 1 yr · Boston, Massachusetts

• Provided guidance to CISOs, Executive Directors, and security practitioners on how to develop vulnerability management programs at scale across global corporations.
• Led training engagements for Penetration Testing and Web Application Security practitioners.
• Consulted with executives on how to build effective corporate information security programs.

Jan 2016 – Jan 2016 · 0 mo

Jan 2016 – Jan 2016 · 0 mo · Burlington, Massachusetts