Dec 2022 – Mar 2025 · 2 yrs 3 mos · Seattle, Washington, United States

• ● Lead a Risk Assurance function, discovering the root causes and understanding systemic gaps related to tech and control failures and how those gaps impact the firm's operational risk profile.
• ● Directed the Assurance Transformation project, shifting from a controls-based to a risk-based cybersecurity oversight, significantly improving risk identification processes
• ● Orchestrated a cross-functional team to address long-tail open-source vulnerabilities, enhancing system resilience against potential threats
• ● Spearhead the global Cyber Security Control Assurance function, enhancing cybersecurity risk management and reporting firm-wide

Mar 2022 – Dec 2022 · 9 mos · Seattle, Washington, United States

• ● Led the cybersecurity functions for all DocuSign products and corporate environments, managing a multi-million dollar budget and a team of over 150 security professionals
• ● Maintained a robust industry compliance program, including PCI, ISO27001 and eIDAS. Drove successful reauthorizations of Federal IL4 and FedRamp standards, reinforcing the compliance framework across all products.
• ● Directed executive-level cybersecurity reporting, ensuring board members were fully informed on cyber risk through clear and comprehensive communication.
• ● Worked with product teams to develop and implement a robust security strategy, ensuring risks were understood and managed across all product lines.

Apr 2021 – Mar 2022 · 11 mos · Seattle, Washington, United States

Sep 2020 – Apr 2021 · 7 mos · Seattle, Washington, United States

Apr 2020 – Sep 2020 · 5 mos · Seattle, Washington, United States

Sep 2018 – Apr 2020 · 1 yr 7 mos · Seattle, Washington

Mar 2017 – Aug 2018 · 1 yr 5 mos · Seattle, Washington

May 2017 – Apr 2020 · 2 yrs 11 mos

Mar 2016 – Feb 2017 · 11 mos · Greater Seattle Area

Sep 2015 – Feb 2016 · 5 mos · Greater Seattle Area

Apr 2015 – Sep 2015 · 5 mos · Greater Seattle Area

Jul 2014 – Mar 2015 · 8 mos · Greater Seattle Area

• Responsible for leading ServiceNow’s Threat Intelligence efforts. Provided operational threat assessment of new vulnerabilities in the ServiceNow environment. Wrote Intelligence Reports to brief senior management on threats to the ServiceNow Cloud and Corporate Environments. Acted as an escalation point for the Security Operations team, conducting Malware analysis and documenting IOC’s from malware samples gathered during incident response activities.
• Accomplishments:
• Developed the Threat Intelligence Portal (TIP) utilizing ServiceNow as a frontend and database.
• Developed the CTIMASTER system, which was used to gather IOC data from various open and closed sources, and push that data into TIP, as well as extract data from TIP and develop custom Snort, DNS Sinkhole, and Splunk configuration files dynamically.

Jun 2013 – Jul 2014 · 1 yr 1 mo

Dec 2012 – Jun 2013 · 6 mos

• Developed the Corporate Security Program for ServiceNow; including Policy and Procedures Development, Design and Implementation for Network Security, Centralized Logging, Physical Security.
• Developed and supported implementation of policies to support various attestations; including, ISO27001, Federal ATO, SSAE16
• Co-created the Business Continuity Plan to ensure continuation of critical business functions in the event of the loss of a facility.
• Created Disaster Recovery Plan to ensure recovery of critical systems and data in the event of a catastrophic outage.

Sep 2012 – Jun 2013 · 9 mos

Oct 2010 – Sep 2012 · 1 yr 11 mos · Redmond, WA

• As the Director of Denali's Security and Wireless group I led a team of 6 post-sales security consultants and engineers that were responsible for definition and delivery of security related services. I developed Denali's Security Services Portfolio and the many of the associated deliverables including; IT Risk Assessments, Security Posture Assessments, Compliance Pre-Audit Assessment, Penetration Testing Assessments, Vulnerability Assessments, and control implementations.
• Accomplishments:
• Developed a profitable services delivery team within one year, grew the organization from one employee to six. Developed partnerships with our manufacturer vendors to support the growth of our business.
• Led technical engagements to implement various control systems utilizing; Cisco, IronPort, Palo Alto, Juniper, F5 Load Balancers, AccelOps, and others.
• Worked with business risk owners to develop security programs around; ISO 27001, PCI, HIPAA / HITECH, GLBA and other regulatory compliance drivers.
• Developed best practices white papers for securing the enterprise from common data exfiltration techniques used by the Pwnie Express PwnPlug and other pen testing drop boxes.
• Developed internal systems, processes and procedures for cracking NTLM and md5 hashes using ophcrack and hashcat.

Feb 2010 – Oct 2010 · 8 mos · Redmond, WA

• Provide Pre and Post-Sales support to Denali customers with a focus on the Enterprise and Mid-Market Account base. Engaged in the complete cycle of our customer projects from initial customer meetings, requirements gathering, development of the Statement of Work and final implementation.
• Accomplishments:
• Provide PCI and GLBA configuration assessment for customer routers and firewall rule set analysis for various Denali Customers.
• Implemented Cisco Nexus Data Center solutions (7010, 5000, 5500, and 2148) for Denali’s largest customers in the Northwest.

May 2009 – Feb 2010 · 9 mos · Greater Seattle Area

• Provide Pre and Post Sales support to RSI customers focusing on the State of Washington and Enterprise Account base. Provided network consulting and design services to customers in the Northwest, working with multiple vendors such as; Cisco, Juniper, Riverbed and Palo Alto to develop best in breed solutions.
• Accomplishments:
• Lead an initiative to provide Security Engineering support to the State of Washington Enterprise Security Services group.
• Assisted with the design and implementation of the State of Idaho MPLS Metro Network.

Jan 2005 – May 2009 · 4 yrs 4 mos · Bellevue, WA

• Provide Network Consulting services to Cisco Network Optimization Service (NOS) customers in the Advanced Services Northwest Region. Focused on providing deliverables based service to customers including; Software Strategy, Network Design Reviews, and Implementation Plan Reviews. Architectural Level engineer working with the State of Washington to develop MPLS based Service Provider grade offerings. Provide complex troubleshooting support and TAC case support for high visibility customer issues.
• Accomplishments:
• Primary NCE role for a large power utility after working with Cisco for only 3 months, that same customer just renewed their NOS contract for another three years in 2006 and 2009.
• Worked with large enterprise customers in evaluating MGX ATM solutions versus MPLS for their Next Generation Network. Assisted the same customer in developing their MPLS-TE solution to replace their existing ATM network.
• Developed strategic solutions for the State of Washington MPLS network to provide secure differentiated services.

Oct 2004 – Jan 2005 · 3 mos · Redmond, WA

• Worked as the Lab Manager for the Microsoft Platform Architecture & Guidance (PAG) Group, managing servers and networks designed for application testing. Provided black box security testing for application blocks developed by the PAG group.
• Accomplishments:
• Implemented CSM Based Load Balancing solutions for Application Testing and Development.
• Implemented Network and Server Management tools based on the Microsoft Operations Manager (MOM) Suite.
• Provided black box security testing for various application blocks developed by the PAG Group.
• Helped develop and test Server Virtualization software for the Microsoft Mini Core Program.

Jan 2001 – Oct 2004 · 3 yrs 9 mos

Jan 2000 – Jan 2001 · 1 yr