May 2025 – Oct 2025 · 5 mos · Remote

• Served as operational CISO, leading multiple security engineering and operations teams. Concurrently served as the accountable executive for regulatory, audit, and licensure obligations and requirements, including full liability for the company's security program.

Feb 2023 – May 2025 · 2 yrs 3 mos · Remote

• As the security second-in-command, I represented information security to internal and external executive stakeholders and sat on the Executive Leadership Team, shaping company-wide technology strategy. I directly managed and matured multiple security functions (TDR, GRC, VM, CloudSec), introducing capabilities like risk-based alerting and AI-driven vulnerability triage while reducing vendor spend by over $1M annually. Across all my roles, I led the rapid adoption of AI for productivity and software development company-wide.

May 2022 – Feb 2023 · 9 mos · Remote

• I directed the global Platform Security program, leading a team of engineers in hardening all company technology platforms, including PKI and authentication/authorization systems. My team built and maintained Starfleet, an open-source tool that programmatically configured and enforced secure configurations across the entire AWS environment.

Jul 2022 – May 2025 · 2 yrs 10 mos

Jan 2022 – Present · 4 yrs 4 mos

Aug 2019 – Apr 2022 · 2 yrs 8 mos · San Francisco Bay Area

• Led an organization of 5 teams covering detection engineering, incident response, insider threat, security platform engineering, and vulnerability management. My work included driving organizational restructuring and defining charters, roles, and long-term vision.
• I led the launch of an insider threat program, designed the detection/response strategy, and spearheaded a deep engineering analysis that simplified from ~60 technologies to 8 with significant savings in vendor/service contracts. I also overhauled the org’s hiring process (job specs, recruiter training, interview materials, and interviewer training) while instituting the first metrics program and KPIs.
• Technical projects included release of major versions of the StreamAlert open source platform that provided support for Python 3.7 and Terraform 0.12, moved Lookuptables to DynamoDB, added parquet data storage, enabled cross-account AWS support in Lambda, etc. I also oversaw creation of blog content used to evangelize our products.

May 2018 – Jul 2019 · 1 yr 2 mos

Jun 2017 – Jul 2019 · 2 yrs 1 mo · Los Gatos, CA, USA

• Managed a team of Senior Security Engineers responsible for securing one of the world’s largest AWS deployments. I introduced and enforced new standards and project management structure (including Kanban and scrum), designed Netflix’s AWS Engagement program for collaborations, hired new core security engineering members to expand team competencies, and led our team in building and maintaining several open source and proprietary products (Lemur, Repokid, HubCommander, Security Monkey, et al found on the Netflix GitHub page).
• Notably, I led a company-wide engineering strategy and migration to a multi-account AWS deployment which included completely rearchitecting large parts of Netflix's core infrastructure and partnering with AWS to build new features and capabilities to make this possible. I also spearheaded initiatives to improve global conference participation and university recruiting efforts, and am listed as a co-inventor on a pending patent Detecting Credential Compromise in AWS.

Mar 2014 – May 2017 · 3 yrs 2 mos

• I expanded and managed a security team as a shared services group, leading its growth from 6 to 31 members across Seattle, Dublin, and Sydney. I spent a year in Sydney to staff/train the manager and team and introduce a follow the sun model. Once back in Seattle, I piloted/launched Amazon’s first Infosec university recruiting program and hired the first data science security and incident response teams.

Jun 2013 – Mar 2014 · 9 mos

• In this role I was an embedded TPM in the Incident Response & Security Operations teams responsible for program and project management related to incident response, including tooling, platforms, and long-running incident remediation.

Jan 2013 – Jun 2013 · 5 mos · Pittsburgh, PA

• My work at SEI included building their first production generation-based file fuzzing platform in the cloud (AWS).

Oct 2010 – Oct 2012 · 2 yrs · Seattle, WA

• My first role at Amazon was focused on engineering infrastructure to support 1500+ users across five locations. My contributions included launching a company-wide desktop Linux migration and on technical operations, leading Amazon’s transition to a virtualized workforce to reduce office space at increased cost-savings, which earned me the company key.

May 2007 – Oct 2010 · 3 yrs 5 mos · Tri-Cities, Washington, United States

• TekSolid was a technical consulting firm I founded to provide general IT services to SMBs including infrastructure, security, VPN, email, remote access solutions, and servers. I successfully negotiated the company’s acquisition in 2010.