Mar 2025 – Present · 1 yr 3 mos · Washington, United States

May 2023 – Nov 2023 · 6 mos

Aug 2022 – Apr 2023 · 8 mos

Aug 2020 – Jun 2022 · 1 yr 10 mos · Seattle, Washington, United States

Jul 2019 – May 2022 · 2 yrs 10 mos · Bellevue, Washington

• IC and people manager working on all aspects of Enterprise security for a 3000+ person corporation. Individually and as a team, I worked on all products produced by UiPath and worked with teams in engineering, IT, operations, sales, legal, and marketing.
• Managed a fully remote engineering team in Romania and US. Grew the team from 2 engineers to 10.
• Performed security design and code reviews to detect security issues before they reached production environments. Applications written in C#, Java, JavaScript, C++, and Python.
• Performed cloud infrastructure reviews to advise product teams on improvements they could make to better secure customer data. Reviewed infrastructure in Azure, AWS and GCP with a heavy focus on Kubernetes.
• Worked with DevOps team to review and improve IAC (terraform, Helm, and Docker) templates used by feature teams.
• Helped to stand up security monitoring and incident response program. Worked with Azure Sentinel, Microsoft Defender, CrowdStrike, Recorded Future, Microsoft Cloud App Security, RedHat Advanced Cluster Security (StackRox).
• Performed purple team exercises using known ATP groups described through the MITRE ATT&CK framework to create likely attack scenarios.
• Organized and supervised red team exercises using external security organizations, to validate detection and response capabilities.
• Performed vulnerability management for cloud and physical endpoints. Developed tooling to provide actionable insights to teams to reduce time to patch critical systems.
• Helped with the design and standup of the UiPath Federal cloud environment. Including helping with documentation and development of new process needed to achieve FedRAMP compliance.
• Designed and performed table top exercises to help identify technology and knowledge gaps in security response capabilities.

Sep 2014 – Jul 2019 · 4 yrs 10 mos · Redmond, WA

• Design and develop new features and products that improve security for all Windows and Azure
• users.
• Prototyped, designed, and developed security mitigation to isolate Flash from the
• Edge browser.
• Designed and developed data service to allow security teams to identify misused
• and malicious SSL and code signing certificates.
• Added telemetry to IE and Edge that gives the Defender and SmartScreen teams
• information about active browser attacks targeting extensions.
• Prototyped, designed, and developed an enhancement to AppContainers (one of
• Windows’ process isolation technologies) for Edge, resulting in a large decrease
• in the user mode attack surface of Edge.
• Designed and developed new security mitigations to prevent exploits from
• leveraging remote code execution vulnerabilities.
• Maintained and designed enhancements to the access and isolation model for Windows.
• Designed and developed new APIs to make it easier to launching processes in restricted contexts.

Dec 2013 – Aug 2014 · 8 mos · Irvine, California

• Design and develop endpoint security products for detecting malicious software and
• preventing such software from executing, as well as, create tools to be incorporated into the
• companies internally classification and forensics systems.
• Developed a library for blocking execution of exploits, by blocking common
• techniques used to gain execution.
• Developed a kernel mode library for injecting DLLs into newly created processes
• using APCs.
• Created a tool for unpacking software packed with modified versions of common
• packers.
• Created a forensics tool for reading the 64 bit process memory space of a 32 bit WOW
• process from within the 32 bit process.

Feb 2010 – Nov 2013 · 3 yrs 9 mos · Fort Pierce, Florida Area

• Designed and developed tools to monitor the behavior of applications run on a windows
• operating system.
• Created a kernel level rootkit to hide devices, files, registry keys, windows,
• processes, threads, handles, etc, using DKOM, SSDT hooking, IDT hooking, and
• DKOH.
• Created a kernel level API monitoring engine using SSDT hooks and kernel
• callbacks.
• Created a network traffic parser, to extract useful information from network
• streams and datagrams.
• Reverse engineer new malicious samples, in order to improve anti-detection and
• monitoring of the samples.
• Create pseudo malicious applications to test and demonstrate the abilities of the
• monitoring application.

Jan 2008 – Jan 2010 · 2 yrs

• Designed and developed security hardware and software applications used to gain
• tactical advantages on the battle field. Skills used during employment:
• Device driver development
• Wireless OS design
• Reverse engineering
• Machine emulation development
• Malware analysis
• Vulnerability discovery
• Hypervisor development
• MANET security
• Binary Modification and Compiler Creation

Jan 2006 – Jan 2008 · 2 yrs · West Palm Beach, Florida Area

• Performed support, maintenance, and development of mobile security applications, as
• well as assisted the production of future scan engines, and maintenance of the current
• scan engines.
• Designed and created prototypes for a new product line of mobile anti-virus
• products.
• Created analysis tools to test and demonstrate the abilities of the current and
• future anti-virus engines across multiple platforms.
• Reverse Engineered and analyzed malicious code.
• Developed a device driver and APIs used to detect rootkits on windows devices.

Jan 2005 – Jan 2006 · 1 yr

• Researched and developed tools for automated malware analysis.
• Created monitoring software for tracing the spread of adware in P2P networks.
• Created a kernel-level modification detection engine.
• Developed tools for analyzing function hooks on systems running Windows Vista.
• Researched methods for the detection of hypervisors on systems running
• Windows XP and higher.
• Researched methods for the detection and prevention of 0-day attacks.