Feb 2022 – Sep 2022 · 7 mos · Seattle, Washington, United States

• Technology leader supporting and managing a sizable organization of five security divisions including Product Security, Infrastructure Security, Security Operations, Detection + Response and Architecture for Cloudflare's Security Organization.
• Recommended Metrics and KPIs for evaluating organizational and program performance. Applied software development background to hands-on develop an early variant of a metrics dashboard for security teams under my purview. Dashboard successfully identified areas of opportunity to uplift execution across the organization.
• Mentored and coached organizational leaders on effective strategies to rationalize, communicate and manage capacity needs to meet strategic outcomes. Facilitated organizational restructuring in several divisions in order to meet long-term goals.
• Mentored and coached Cloudflare's Principal Level Security Architects to hone ability, develop and deliver effective, data-backed persuasive arguments to unlock funding for security controls uplift in the areas of Key Management, Identity and Access Management, and Asset Management.
• Championed and facilitated revisions of the Security Organization's long term (multi-quarter) planning process to articulate goals, enable upfront critical path discovery, simplify dependency identification and streamline project prioritization.

Feb 2021 – Feb 2022 · 1 yr

• Manage several engineering teams that offer company-wide security guidance and security control implementations used to secure workloads delivered to Salesforce's Public Cloud. REDSCAR is a high-performing org of experienced staff with mixed product + infrastructure security, software development, and security architecture backgrounds.
• Using tools like CNCF Open Policy Agent (OPA) they successfully developed and aggressively realized a security policy-as-code strategy for the Salesforce. They continue to develop and enhance paved paths, facilitating high-velocity and secure releases into Saleforce's public cloud environments.
• Oversaw rehabilitation efforts of critical components of Salesforce Assurance Tooling Strategy which included implementing an automated 3rd party supply chain scanner, and automated assurance self-attestation process - resulting in a non-trivial reduction in the time required to perform assurance activities and scaled-up service capability across the company.
• Oversaw revisions of Salesforce’s NIST based risk management framework to improve its ability to assess effectiveness and justify continued investments in centralized security controls. This included implementation of a continuous risk management and telemetry gathering process that facilitates automated computation security control effectiveness in real-time.
• Mentored and coached Principal and Architect level staff to successfuly develop persusasive arguments for rescuing and funding critically challenged proactive security assurance functions in Static Analysis, Dynamic Analysis, Data Security and Cryptography.
• Managed succesful partnerships with Salesforce engineering leadership that delivered novel, time-saving and effective solutions for export control compliance and build infrastructure security.

Aug 2018 – Feb 2021 · 2 yrs 6 mos

• Focused on the design and implementation of modern security infrastructure and security assurance processes utilizing policy-as-code strategies for organizations moving rapidly to public cloud.
• Expanded team from 5 to 26 security engineers who perform threat modeling, security architecture reviews and security testing of Salesforce workloads.
• Developed KPIs for measuring team performance. Leveraging my software development background, I personally developed the first version of our metric tracking solutions on Apache Spark and Zeppelin for data analysis and reporting.
• Highly effective change agent. Guided team during a period of rapid growth. Uplifted process maturity from an ad-hoc threat modeling process to a data-driven business. The instrumentation we developed feeds our capacity models, and allows us to respond quickly to changing pressures on the team's resources.
• Developed security control requirements for Salesforce Public Cloud Environments. Critical topics like Network Segmentation, Identity and Access Management, Container Security, Build Infrastructure Security, Vulnerability and Secrets Management were covered.
• Incubated a new team within my organization (SPACE) of highly experienced staff with mixed security and software development skills. Designed solutions to support modern security assurance processes using CNCF's Open Policy Agent (OPA) as automated security guard rails. Team also developed highly regarded Policy Sentry IAM Least Privilege Tool.
• Utilized previous experience in managing security consulting teams to structure security RFPs. Was directly involved in commissioning projects for internal, vendor driven architecture reviews and security testing of Salesforce environments. Defined criteria for vendor selection and selected successful bidders.
• Personally developed reference architectures for securing kubernetes (EKS) on Amazon Web Services and Google Cloud Platforms.

Feb 2018 – Aug 2018 · 6 mos · Greater Seattle Area

• Performed a comparative analysis of security controls and features present in Amazon Web Services, Microsoft Azure and Alibaba Cloud. Subjects covered included Identity and Access Management, Compute Security, Network and Storage Security and provided solution blueprints in the following areas:
• Managing Multiple Accounts and Subscriptions
• Centralized Logging and Monitoring in Cloud Environments
• Secrets Management
• Serverless Workload Security
• Container Security
• Incident Response and Forensic Procedures
• Supporting Continuous Integration and Delivery to cloud environments with automation.
• Cloud Provider Compliance
• for each cloud provider while addressing capability nuances with implementation workarounds where necessary.

Jan 2017 – Feb 2018 · 1 yr 1 mo · Greater Seattle Area

• In charge of P & L, growth strategy and consulting capabilities of Synopsys's Cloud Security Consulting Organization.
• Significant expertise assessing security of or designing software architectures on AWS, Azure and Google Clouds.
• Introduced the Synopsys "Cloud Security Bootcamp" to increase the number of Synopsys consultants able to execute Synopsys cloud consulting engagements.
• The bootcamp is a 16-week program that simulates scenarios companies face when migrating their LoB application portfolio or redesigning applications for cloud environments.
• All aspects concerning cloud application security are considered. Consultants are tasked with building secure reference architectures for AWS, Azure, Google and Open Stack cloud for following scenarios:
• . a lift-and-shift of a LoB application as an IaaS deployment
• . implementing a PaaS application leveraging cloud provider APIs
• . automation of cloud native application deployments via CI/CD using Hashicorp's tools, Ansible, Chef and Puppet.
• . perform policy assessments of cloud architectures using the Cloud Security Alliance Controls Matrix as a guiding framework.
• All consultants who graduated from the Synopsys Cloud Security bootcamp have successfully secured professional certifications on AWS and Azure platforms.
• Successfully upgraded Synopsys's AWS Consulting Partnership Level from Registered to Standard Partner as a result of Cloud Security Bootcamp training.
• Successfully placed several consultants on long term staff augmentation jobs with high profile companies as a result of Cloud Security Bootcamp training.
• Efforts have resulted in a notable increase in Cloud Security Consulting revenue.

Dec 2013 – Dec 2016 · 3 yrs · Bellevue, Washington

• In charge of P & L, business development, client management, and technical oversight / security testing for large high-tech clients across Pacific Northwest.
• Acted as a trusted, external advisor for multiple (>$1B revenue companies) across supply chain, retail, financial, aviation and ISV verticals on specifics of their application security program.
• Directed multiple security teams, providing policy policy and strategic guidance as they built out their application security programs.
• Oversaw improvements to organizational security policies, risk ranking methodologies, secure coding standards and project management approaches for identifying, triaging and remediating security vulnerabilities discovered through security assessments.
• Mentored junior consultants who conducted security reviews resulting in improved report quality and increased client satisfaction.
• Significantly grew PNW revenue to a multi-million dollar run rate as a result of efforts.

Oct 2013 – Jan 2019 · 5 yrs 3 mos · Remote

• Software Architect with multi-year experience designing and implementing application back-ends for reactive data collection / telemetry platforms and machine learning systems using Scala, Apache Spark, Akka and other products from the Lightbend stack
• Very comfortable with advanced functional programming concepts including correct and effective of use Scalaz, Shapeless, Cats functional programming libraries.
• With extensive experience in the following domains:
• Fast Data Analytics and Stream processing with Spark and Kafka
• Batch Processing of Data with Spark, Scalding
• ETL job design for telemetry systems.
• Setting up Scalable Deployments with Kubernetes
• Containerized Akka Microservices Cluster Deployments with Docker
• Continuous Integration, Deployment and Delivery Systems for AWS, Azure and Google Cloud platforms
• Re-designing and implementing monolithic applications as micro-service level architectures using domain driven design techniques.
• Selected project list:
• Led the design and implementation of a python based custom continuous integration and deployment pipeline for data-science teams. The solution was implemented on Python and used Pyspark with MLLib for machine learning + Boto3 for AWS integration.
• Led the design and re-implementation of a C# mobile application backend, converting from a monolithic design to, reactive platform built around Lightbends’s products including Playframework, Spray, Slick and Akka.
• Implemented an ETL backend for a machine learning data warehouse. The backend collected data from multiple IOT home devices and performed additional processing to reduce data size.
• Rescued a failing project with with poor Apache Spark performance by optimizing its behavior in a memory constrained Apache Mesos environment.
• Container scanning pipeline for Kubernetes deployments using hadolint, lineage, clair and sysdig falco.

Feb 2012 – Dec 2013 · 1 yr 10 mos

• Trusted Security Advisor and Application Security Consultant to Microsoft Premier Clients in America, Europe and Asia on behalf of Microsoft Assessment, Consulting and Engineering (ACE) and Microsoft Consulting Services (MCS) teams.
• Managed the ACE, Application Security Training Program. Training programs advised developers on secure programming practices using Microsoft technologies and software development processes.
• Successful in identifying opportunities for additional work and upselling services to each organization leading to repeat business for Microsoft ACE ISRM.
• Trained customers on application security concerns, performed security architecture assessments, code reviews and penetration tests of client applications. Provided feedback to teams and management on effective methods to mitigate identified security concerns.
• Created training modules detailing secure programming practices using ASP.NET, ASP.NET MVC, Windows Communication Foundation (WCF), Windows Identity Foundation (WIF), Windows 8, Windows 8 Mobile, HTML5, C/C++ and Windows API
• Created training modules advising developers and project managers on effective strategies to augment development processes with security focused practices including threat modelling, fuzzing, the use of static analysis tools, secure testing practices and the Microsoft Secure Development Lifecycle (SDL).
• Performed security architecture assessments, penetration tests, and security advisory for many application teams at Microsoft as part of Microsoft IT's Risk Management Program. Used knowledge of security vulnerabilities affecting web, mobile and desktop applications to highlight security concerns with most applications. Trained engineering teams on effective methods to mitigate these security concerns.

Feb 2011 – Feb 2012 · 1 yr

• Oversaw patch readiness development and testing for the .NET 4.5 framework, ultimately ensuring that.NET 4.5 was capable of being updated without errors on release. Worked closely with Windows, DevDiv and Visual Studio groups to ensure that all project activities were completed according to plan.
• Program manager for a team of 2 developers and 2 testers. Defined requirements, specifications, project schedule and ultimately released APT – the automated patching tool. APT improves the .NET framework team’s agility and speed in building, developing and testing security updates for the .NET 4.5 framework by automating several previously manually driven tasks.

Feb 2010 – Feb 2011 · 1 yr

• Program manager for a team team of 5 developers and 3 testers. Defined requirements, specifications, project schedule and ultimately shipped XAP.NET – a next generation managed workflow programming framework and API used for rapid transformation and presentation of structured data in Bing Answers. XAP.NET is regarded as the most productive framework for building Bing Answers with a >4x development efficiency improvement over the existing XAP.Native C++ based framework. Aligned schedules with teams using beta and final releases XAP.NET to deliver several answers on the Bing Search Engine as showcases. Awarded Microsoft Gold Star for successful execution, on time delivery and recognized impact of XAP.NET to Bing Product Strategy.
• Program Manager for team working on KIF Interchange Protocol (KIF), a wire protocol supporting data marshaling and high-speed server-to-server communication (very similar to Facebook’s Thrift and Google’s Protocol Buffers). Wrote specifications for measuring KIF performance and drove performance improvements leading to a 50% reduction in packet size and 10% improvement in protocol read/write performance.

May 2007 – Jan 2010 · 2 yrs 8 mos

• Program Manager for several development and test virtual teams focused on the reproduction, triage, planning and release of security updates to the Windows Operating System. Managed multiple concurrent releases throughout tenure.
• Released several high profile security updates via Windows Update for Windows OSes (Windows NT through Windows 7) securing ~4billion+ Windows computers in homes and enterprises from internet attacks with 0 incidents/post-release issues after updates were shipped.
• Small sample of notable releases:
• DNS Devolution (WPAD) 2009
• http://www.microsoft.com/technet/security/advisory/971888.mspx
• Moxie Marlinspike and Kaminsky's ASN1 Cryptovuln 2009
• http://www.microsoft.com/technet/security/Bulletin/MS09-056.mspx
• Update to Autorun 2009
• http://support.microsoft.com/kb/971029
• Dan Kaminsky's DNS 2008
• http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx
• Update to Windows Sidebar 2007
• http://www.microsoft.com/technet/security/advisory/943411.mspx
• And many many more releases addressing vulnerabilities in Win32k.sys, Windows Bluetooth Stack, Windows File sharing, Windows Kernel, Microsoft Message Queueing etc.
• Program Manager for Microsoft virtual team that investigated the release of 3rd party ISV updates via Windows Update. Team defined vision, business plan, and ISV process and success metrics. Presented and pitched business plans and process concept to Windows GMs in Windows Update, Windows Fundamentals, Windows Sustaining Engineering and SVP Jon DeVaan. Project was accepted as a Win8 area of investigation and ultimately influenced design decisions in the introduction of Windows 8 App Store.

Jan 2002 – Jan 2004 · 2 yrs · Lagos, Nigeria

• Founding employee that worked on SocketWorks cPortal – a Java J2EE portal software development kit with a team of ten developers/analysts.
• Cross functioned as system integrator for SocketWorks’s clients, designing network architectures, strategies and procedures for integrating cPortal into their networks. Established initial standards and processes for planning and introducing cPortal into Socketwork’s client’s networks.
• Network and systems administrator managing 100 client machines in a heterogeneous, Linux, Windows and MacOS based network.
• Managed technology budget for organization (approx $1,000/month) for purchase and maintenance of SocketWorks hardware.