Oct 2022 – Dec 2024 · 2 yrs 2 mos

• Designed and reviewed secure architectures for cloud-native SaaS systems in AWS. Implemented IAM models, network segmentation, and CI/CD security controls to enforce least privilege and secure deployments. Guided engineering teams on secrets management, logging, and cloud security best practices in regulated environments.

Oct 2021 – Aug 2022 · 10 mos

• Led threat modeling and security reviews for blockchain infrastructure and smart contract systems. Built scalable security assessment workflows supporting 120+ security reviews per quarter and improved vulnerability risk scoring and remediation tracking. Participated in incident response for platform and distributed node security events.

May 2021 – Sep 2021 · 4 mos

• Partnered directly with enterprise customers to design and secure cloud-native architectures in AWS. Helped organizations deploying to the cloud implement IAM policies, SCPs, Config rules, and network segmentation to enforce least privilege and governance. Built automation using Lambda and API Gateway to support security operations and incident response while advising engineering teams on logging, secrets management, and secure deployment practices.

Jun 2017 – Oct 2019 · 2 yrs 4 mos

• Built DevSecOps programs that integrated security into modern development pipelines. Implemented SAST automation, secure CI/CD workflows, and developer-focused security standards. Led vulnerability management initiatives and introduced modern TLS and secure automation for artifact storage and secrets management.

Aug 2015 – Jun 2017 · 1 yr 10 mos

• Led a 24/7 security engineering team responsible for identity systems including SSO and federation. Strengthened authentication architecture through monitoring, least privilege, and improved session controls. Served as incident commander for high-severity infrastructure and authentication incidents.

Mar 2008 – Aug 2015 · 7 yrs 5 mos

• Performed manual code review, penetration testing, and secure architecture assessments for enterprise systems. Delivered threat modeling, remediation planning, and security controls aligned with standards including ISO 27001, NIST, PCI, and HIPAA. Partnered with engineering teams to improve secure development practices.

Feb 2006 – Jan 2007 · 11 mos

• Developed secure C++, Java, and PHP applications while supporting architecture, testing, and documentation for enterprise systems. Built internal tooling and SDK demonstrations while helping teams establish secure coding practices.

Dec 2003 – Dec 2004 · 1 yr

• Designed and built mapping service clients using early WS-Security implementations to enable secure integration with Microsoft APIs. Developed video training modules and technical guidance to help developers understand and implement these APIs effectively. Supported engineering teams building secure integrations through documentation, demos, and developer education.

Jul 2000 – May 2002 · 1 yr 10 mos

• Designed and delivered a training program for software engineers building product integrations with a CRM platform. Traveled internationally to teach the course and train additional instructors, scaling the program across global engineering teams. Partnered with product and engineering leadership to influence key product decisions that improved developer experience and supported real-world customer integration use cases.