Aug 2023 – Present · 2 yrs 9 mos

• Leading growth at Monad, where we're building the most powerful and flexible security data pipeline.
• Enabling security teams to collect, normalize, enrich, and route security telemetry at scale for faster, more cost-effective security operations.

Feb 2023 – Present · 3 yrs 3 mos · Austin, Texas, United States · Remote

Feb 2022 – May 2023 · 1 yr 3 mos

• Develop cloud - AWS, Azure, GCP - resource misconfiguration detection rules using Open Policy Agent (OPA) Rego language and deploy using a secure DevOps workflow.
• Serve as the team lead for all GRC and compliance framework mapping efforts. Covering PCI DSS, SOC 2, HIPAA, ISO27001, CIS Benchmarks, NIST 800-53 and GDPR.
• Serve as the Azure security SME on the CSPM detection engineering team.
• Provide strategic guidance to the product team and UI/UX designers to help enhance the customer experience and decrease the time to remediation.
• Cross-team collaboration to help ensure resource crawlers are extracting the proper fields from cloud provider APIs and more.
• Achievements
• Orchestrated and led the efforts to create the Datadog Essential Cloud Security Controls (ECSC) CSPM Ruleset.
• Gave 5 conference talks, 2 training workshops (DEF CON + Security Weekly) and 1 podcast interview.
• 2 published Datadog blogs.
• 1K+ GitHub commits and 30K lines of code created.

Nov 2020 – Feb 2022 · 1 yr 3 mos

• Key Areas of Focus:
• Azure Security (i.e., Azure Kubernetes Service, Azure Active Directory, Azure Storage)
• Threat Monitoring & Detection (Azure Sentinel, Splunk, XSOAR)
• Azure Governance, Risk and Compliance (Azure Policy, Azure Security Center, Prisma Cloud
• CSPM)
• Cloud-native Technologies Security (Prisma Cloud Compute and Prisma Microsegmentation)

Jul 2020 – Nov 2020 · 4 mos

• Leading security efforts for the hardening of medical device products and the Device-to-Cloud (D2C) pipeline.
• Managing a portion of the HITRUST certification and GRC efforts for the program.
• Working with product owners and developers to discuss and decide on implementation of security requirements using the Agile SAFe development framework.
• Collaborating with software testers to ensure consideration and testing of security-related scenarios.
• Conducting security design review of hardware components to identify risks and vulnerabilities.
• Assisting the cloud security operation team in monitoring for new security alerts and working with the proper stakeholders to remediate the findings.
• Additional activities: Threat Modeling, Failure Mode and Effects Analysis (FMEA), Tool Qualification and COTS Security Assessments

Oct 2018 – Jul 2020 · 1 yr 9 mos

Sep 2018 – Dec 2018 · 3 mos · Tel Aviv Area, Israel

Dec 2017 – May 2019 · 1 yr 5 mos · Tel Aviv Area, Israel

• I was 1 of 80 students selected out of an applicant pool of 500+ top international students from MIT, Harvard, NYU Shanghai and other schools, to spend Winter Break in Tel Aviv, Israel.
• Learned Web Application Penetration Testing skills such as SQL injection and XSS.
• Presented a cybersecurity and blockchain startup idea to a panel of venture capitalists.
• Met with top cybersecurity startups and venture capitalists.

May 2018 – Aug 2018 · 3 mos · Dearborn, MI

• Carried out web application penetration testing assessments on Ford-owned public-facing sites.
• Pen tested Ford and other OEM's Android mobile applications to assess the state of security for mobile apps across the auto industry.
• Presented my findings from the mobile app pen testing assessments to some of the Cybersecurity and Risk Management leadership team.
• Tinkered with other IoT devices used in Ford-owned facilities such as drones and security cameras.

Sep 2017 – Jul 2018 · 10 mos · Warwick, RI

• Security Weekly is a security podcast network for information security professionals, by information security professionals. We are a 6x winner of RSA's "Security Bloggers Best Security Podcast" award and have produced 1,000+ episodes over the past 13 years.
• Booked and managed the logistics for over 75 guests on the show.
• Assisted with brainstorming for episode and show topics.

Jun 2017 – Aug 2017 · 2 mos · Washington D.C. Metro Area

• Vetted the potential risks of over 10,000 mobile apps for our company-granted devices and bring your own device (BYOD) policy.
• Lead the “Security Tip of the Week” initiative by developing practical tips that were distributed company-wide.
• Directed the collaborative effort of combining four secure configuration procedures into one auditable document.

Jun 2017 – Jun 2017 · 0 mo · Cambridge, MA

• The Harvard Business School SVMP (Summer Venture in Management Program) is a management training program with ~2% acceptance rate that offers participants a broader understanding of the challenges business leaders face, the many dimensions of the business world, and the impact they can have on their community and the world through business leadership.

Feb 2017 – Dec 2017 · 10 mos · Newport, RI

• Assisted Rhode Island's Cybersecurity Officer on forthcoming FOIA and Open Meetings Act legislation through my research.
• Created a military academy cybersecurity assessment presentation for a foreign military's senior leaders.
• Conducted research for the Pell Center's cybersecurity-related publications.
• Assisted with coordinating events for the Rhode Island Corporate Cybersecurity Initiative (RICCI).

Jun 2015 – Aug 2015 · 2 mos · Middleboro, MA

• Contributed to accident reconstruction meetings.
• Attended a Travelers intern conference where I gained numerous life-long professional team-building skills.
• Commuted to several properties around New England and conducted inspections with home inspectors.
• Found an indicator of insurance fraud while inspecting a totaled car saving the company $20k-$28k.
• Uploaded over 3,000 confidential mail letters and files in a timely fashion.