Jul 2025 – Present · 10 mos

• 🎙️ Coffee, Chaos & ProdSec is a weekly cybersecurity podcast where caffeine meets controlled chaos. Together with my co-host Cameron, I explore the wild intersections of Product Security, AppSec, and DevSecOps — from leaked keys and broken pipelines to the frameworks and people fixing them.
• Each episode blends technical depth with honest, conversational insight. We interview security leaders, discuss real incidents, and break down complex topics like supply-chain integrity, AI in security, and secure-by-design practices in a way that’s accessible, informative, and occasionally caffeinated-to-the-max.
• Highlights & Impact
• ● Produce and host weekly episodes exploring the evolving world of Product Security — from building secure products and pipelines to navigating the challenges of modern AppSec and DevSecOps.
• ● Built and scaled brand identity, content calendar, and community engagement strategy across LinkedIn, Spotify, and YouTube.
• ● Partnered with industry experts and OWASP project leads to bring credible, practical insights to thousands of listeners.
• ● Established the show as a learning resource for professionals seeking real-world ProdSec experience and career guidance.
• ☕ “Where cybersecurity meets caffeine-fueled chaos — and strong coffee leads to even stronger opinions.”

Mar 2024 – Present · 2 yrs 2 mos · United States · Remote

• Deputy CISO and Chief Security Architect leading a 12-person Global Security Architecture organization spanning enterprise and product security and customer-facing professional services. One of two Deputy CISOs.
• Strategic Leadership
• ▪ Drive multi-year roadmaps for security architecture and InfoSec, adjusting priorities to address business, stakeholder, and customer needs.
• ▪ Lead enterprise AI Security strategy and maturity roadmap, defining standards, review processes, and guardrails to enable rapid innovation while minimizing risk from accelerating AI adoption.
• Security & Compliance Excellence
• ▪ Achieve/renew ISO 27001, ISO 27017, PCI-DSS, SOC 1, SOC 2, HITRUST, HIPAA, IRAP, FedRAMP, and GDPR certifications.
• ▪ Own 16+ security standards specifying base requirements for enterprise and products.
• ▪ Support deals totaling >$100M in Cloud ARR growth and >$500M TCV addressing customer product security needs.
• Secure Product Development
• ▪ Drive secure-by-design practices through threat modeling and security reviews with product, engineering, operations, and IT teams.
• ▪ Streamlined threat modeling for >100 solutions, saving hundreds of engineering hours per team annually.
• Operational Impact
• ▪ Security Architecture SME for incident response across incidents including credential compromises, privilege escalations, exposed secrets, and zero-day vulnerabilities.
• ▪ Drive SOC technology transformation to reduce false positives, analyst burnout, and improve incident handling.
• ▪ Reduced security technology costs by 35% through strategic platform consolidation.
• Influence & Enablement
• ▪ Lead security enablement via monthly podcast series and educational materials for non-security personnel.
• ▪ Key member and approving authority on Product, Enterprise Architecture, AI, Risk, and Privacy committees.
• People & Partnerships
• ▪ Mentor and develop talent across InfoSec and Engineering.
• ▪ Collaborate with cloud and security vendors to enhance products and lead evaluations.

Apr 2022 – Mar 2024 · 1 yr 11 mos · United States · Remote

• Lead Security Architecture team of 5 architects responsible for enterprise and product security; serve as cybersecurity SME for the company
• Define, maintain, and execute 1-2+ year roadmaps, dynamically adjusting priorities to address risks and needs of the company and our customers
• Partner with GRC to drive audits to achieve/renew certifications and reports for product offerings. Target frameworks include ISO 27001, ISO 27017, PCI-DSS, SOC 1, SOC 2, HITRUST, IRAP, FedRAMP
• Key member and approving authority in Product Architecture, Enterprise Architecture, and other architectural and steering committees (e.g., Risk, Generative AI, Analytics)
• Sought out to interact customers to address product security questions and concerns in support of closing new deals to grow cloud ARR
• Partner with Security Operations to carry out incident response activities, assess risk, and drive remediation
• Interface with cloud providers and security vendors to improve security features in their products and lead proof of value evaluations prior to procurement of solutions
• Owner of Threat Modeling capability; drove enhancements in toolset and process to streamline threat assessments for new and existing software solutions resulting in hundreds of hours saved per engineering team per year
• Drove creation of 16 new Security Standards to serve as the base security requirements for enterprise and products
• Recruit, mentor, develop, and support direct reports and other talent in InfoSec and Engineering

Jun 2021 – Apr 2022 · 10 mos · Remote

• Led security architecture function consisting of 3 architects and 1 engineer, primarily serving as a thought partner and coach while ensuring the team can operate effectively to achieve business and personal goals
• Partnered with senior leadership to develop and prioritize short and long term roadmaps
• Identified opportunities to reduce cloud security risk for the company and drive planning and implementation of solutions
• Owned/led security function within larger cloud platform development team
• Served as architect on cloud platform architecture team responsible for creation of design artifacts to enable engineering teams to build new SaaS platform in AWS
• Partnered with GRC team to ensure that compliance requirements are met and artifacts produced in support of SOC 2 and ISO 27001 audits
• Provided guidance to engineering teams to ensure security requirements are met in implementation of cloud infrastructure and SaaS products
• Created holistic set of security requirements for cloud platform team to ensure strong secure design principles were followed and issues could be identified prior to launch of new SaaS platform
• Worked with cloud security vendors to run POCs with their solutions and heavily influenced decisions on whether to purchase
• Led initiative to implement container runtime security within SaaS Platform using Lacework

Jan 2014 – Aug 2015 · 1 yr 7 mos · Oak Brook Terrace, IL

• Provided software expertise, implementation, and support for key customer’s client-facing applications
• Defined and developed requirements and specifications for new software features
• Consulted for a Fortune 100 technology company on major business transformation project; built custom tools, provided support, software customization, and shared best practices around use of proprietary project software
• Incorporated end-user feedback to resolve issues, make product improvements, and redefine software strategy
• Developed software solutions using the .NET framework and agile practices to meet wide range of client needs
• Enabled rapid development of client application with Microsoft LightSwitch, SharePoint, and Microsoft Azure
• Contributed to code scaffolding and libraries for use in rapid application development projects

Sep 2012 – Dec 2013 · 1 yr 3 mos · Chandler, AZ

• Developed Advanced Driver Assistance System (ADAS) software using C/C++ according to the ADASIS protocol
• Drove redesign/implementation of several ADAS software components to improve design and efficiency
• Contributed to analysis, refactoring, and enhancement of existing Search module
• Performed extensive testing, debugging, and remediation of software bugs reported by QA and the customer
• Authored and updated documentation for new and improved software designs

Jun 2010 – Sep 2012 · 2 yrs 3 mos · Scottsdale, AZ

• Designed, implemented, and integrated Cross Domain Solution prototype using C/C++
• Integrated custom software solution by reverse-engineering parts of major legacy system
• Performed work on OS hardening and a Host Based Security System (HBSS) Alternative for Linux according to Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP)
• Explored SOA security using Oracle products and a Layer 7 SecureSpan Gateway
• Major contributor to and author of various software documents