Jan 2026 – Present · 4 mos

Jan 2025 – Jan 2026 · 1 yr

Jan 2024 – Jan 2025 · 1 yr

Sep 2020 – Dec 2023 · 3 yrs 3 mos

Jun 2013 – Present · 12 yrs 11 mos

• Leader of multiple OWASP projects including Dependency-Track, CycloneDX, and the Software Component Verification Standard (SCVS)

Dec 2023 – Mar 2026 · 2 yrs 3 mos

• Founder of Ecma Technical Committee 54 and served as Chair for the first two years.

Jun 2023 – Present · 2 yrs 11 mos

Feb 2023 – Mar 2026 · 3 yrs 1 mo

Dec 2020 – Feb 2023 · 2 yrs 2 mos

Aug 2018 – Dec 2020 · 2 yrs 4 mos

Dec 2020 – Present · 5 yrs 5 mos

Nov 2017 – Aug 2018 · 9 mos · Chicago, IL

Jan 2012 – Nov 2017 · 5 yrs 10 mos

• As a founding member of Axway's product security team, I've had the unique opportunity to lead and participate in a number of security-related activities that had a positive impact on the global R&D organization and our customers.
• Helped introduce the Secure SDLC process into Axway by working with stakeholders, customers, and development teams.
• Architected a global continuous security automation pipeline consisting of static analysis (SAST), dynamic analysis (DAST), component analysis, attack surface analysis, and container analysis.
• Lead threat modeling exercises along with an initiative to scale threat modeling activity to meet the increasing security demands of the marketplace and the exponential growth of micro-services and the rapidly expanding attack surface they represent.
• Lead secure architecture reviews, published best practice documents, and worked with teams early in the development lifecycle to ensure secure architectural decisions and best practices were in place.
• Through data analysis and customer interaction, defined several iterations of compliance controls that provided a roadmap for demonstrating continuous improvement.
• Worked with every team in the global R&D organization to ensure each team was armed with everything necessary to achieve compliance to the controls. Provided each team continuous training along with strategy and specifics on developing and delivering secure software.
• Lead transparency efforts to promote competition and excellence between teams and their security champions.
• Performed whitebox penetration testing engagements of Axway software.
• Lead offensive research and implemented defensive programming techniques in shared libraries and frameworks consumed by Axway R&D and used as mitigating controls in production applications. Created training, workshops, and documentation on how various attacks take place and proper mitigations needed for defense.
• Provided mentorship to fellow security team members.

Oct 2008 – Dec 2011 · 3 yrs 2 mos

• Architected several different software solutions and projects including ones used by the FDA, CDC and pharmaceutical industries as well as more general purpose, high transaction applications.
• Lead the global team with mentoring, code and architectural reviews.
• Managed quality, security gates, release dates, and Scrum iterations for multiple projects.
• Focused on high-performance improvements to new and existing software products, either designing for performance in mind, or increasing (sometimes as much as 800%) performance of existing applications. Other improvements were targeted towards various security mitigations.
• Increased usability of several browser-based applications.

Apr 2003 – Sep 2008 · 5 yrs 5 mos · Chicago, IL

• Advised content team and implemented solutions for new markets which include download-to-own, streaming, and mobile applications.
• Architected DRM and DRM-free streaming and download solutions for both the consumer and educational markets.
• Created new business model for the version 2.0 product. The new model was a hybrid product/subscription in which customers would buy the server appliance and subscribe to the content.
• Provided leadership to both internal and external software development teams. This included programmers, system and database administrators, interface designers and testers.
• Analyzed customer and former customer feedback in order to create business requirements and feature sets for new/improved products.
• Architected and assisted in the development of the version 2.0 product which is a webbased, video on demand platform designed using Java, Struts, Hibernate, MySQL, JBoss, Linux, and utilized AJAX technologies with back-end, internal processes written in Perl.
• Led and participated in the creation of focus groups which analyzed new product designs and modified those products in order to increase usability.
• Created video encoding processes and workflows that streamlined digitization and maximized output.
• Responsible for all project management, timelines, status reporting, repository management, change management and bug/issue management.
• Consistently analyzed market trends in order to recommend new product designs or revisions and presented possible solutions, benefits, marketing opportunities and costs to senior management.
• CCC! Video on Demand was recognized as one of the best educational products of 2008 by District Administrator magazine and endorsed by several teaching colleges throughout the country.
• CCC! Video on Demand was awarded "Best in Tech 2008-2009" by Scholastic Administrator at the National Educational Computing Conference in Washington D.C.

Jun 2001 – Nov 2002 · 1 yr 5 mos · Rosemont, IL

• Performed business systems analysis and proposed solutions that fit requirements
• .
• Architected portal and all portal applications.
• Lead a five person team of internal developers, database and UNIX admins, and interface designers from inception to delivery. Reported project status directly to the CIO.
• Portal included live and archived streaming video, claims reporting, real-time and moderated chat for guest speakers, complete back-end for insurance agents; all of which was written in mod_perl on Apache on Linux with MySQL, and OpenLDAP.
• Responsible for the creation of the industry’s first completely automated system where prospects would apply for insurance, receive approvals, and pay for their premiums without input from underwriters.
• Consistently monitored the portal and its applications for performance and security.
• Worked with marketing team to create ways to increase awareness through the use of SEO techniques for two customer-facing websites.
• Provided hosting services and e-commerce solutions for several state associates which were sponsored by OMSNIC.

Jul 1996 – Jun 2001 · 4 yrs 11 mos · Arlington Heights, IL

• Created and managed the web development team which included programmers, database administrators, and graphic and interface designers.
• Responsible for all hiring and budgeting decisions.
• Met with clients to determine business/system requirements and provided sales staff with scope of projects including proposals, deliverables and timelines.
• Performed most of the project management responsibilities and was immediate liaison for clients.
• Managed the internal intranet and all other information systems including email, remote access, and Internet connectivity.
• Created and implemented IT policies that promoted best practices for coding techniques, security and manageability.
• Architected and implemented numerous websites and a large number of web-based applications for high-profile clients including major airlines, insurance companies, and investment firms.
• Architected B-to-B and B-to-C commerce solutions for several Fortune 500 companies.