Feb 2024 – Jan 2026 · 1 yr 11 mos · Remote

• Build Public Sector sales as the first engineer dedicated to the vertical. Ramp and mentor the team to a dozen engineers, each with growing territories to drive millions in revenue from greenfield.
• Lead first-of-its-kind proof of concepts on complex migrations into containerized workloads, regulated artificial intelligence (AI) applications, promotion across air-gaps and other compliance boundaries as needed, and adoption of FIPS-validated cryptography.
• Setup delivery on secure networks, meeting customers where they are at to expand market access.
• Demonstrate business value of application security and software supply chain best practices to a myriad of regulatory frameworks and guidelines, now including NIST Secure Software Development Framework and Application Container Security Guide .
• Executive briefings and thought leadership to support a rapidly-growing technology and audience.

Nov 2021 – Feb 2024 · 2 yrs 3 mos · Remote

• Partner exclusively with the most security-conscious customers, guiding them on meeting their development and security needs within the entire GitHub Enterprise platform and integrations.
• Deployment and compliance planning (eg, CMMC, ITAR, SOX, FedRAMP)
• Automating and building the infrastructure to support it safely
• Cultural changes of internal collaboration
• Rolling out application security programs company-wide
• Develop custom solutions such as human-friendly Kubernetes runners, managing an enterprise-wide security team across the largest GitHub customers, and other projects you can browse in GitHub.
• Talk and write about the cool stuff I do.
• BSides Boulder 2023 - "Threat Modeling the GitHub Actions Ecosystem"
• CNCF CloudNativeSecurityCon 2023 - "Securing Self-Hosted GitHub Actions with Kubernetes and Actions-Runner-Controller"

Jan 2018 – Nov 2021 · 3 yrs 10 mos

• Lead consolidation of developer tools within CMMC and ITAR compliance including
• Application security tooling to centralized reporting within Cybersecurity Team
• Source control to GitHub Enterprise Server (several thousand active users)
• CI/CD to GitHub Actions in on-premises Kubernetes
• Custom audit reports, saving thousands of dollars per year in time spent on audits per consolidated system decommissioned
• Drive adoption via migration support and community engagement, saving hundreds of thousands of dollars in reduced support ticket volume each year
• Developed a data lake and automated ingest from several dozen sources for actionable business insights into developer productivity, tool adoption, and talent planning.
• Lead a team for Linux infrastructure operations for Cybersecurity and Incident Response
• Datacenter hardware
• Threat hunting infrastructure
• Red team and blue team infrastructure and applications
• Lead the creation of many cross-team business processes
• Open-source license risk assessment and mitigation
• Automated compliance auditing and alerting for developer tools
• Revamp the process to open-source internally developed software

Nov 2015 – Jan 2018 · 2 yrs 2 mos

• Automate, document, and audit a consolidation of hosting environments via Rundeck
• Rewrite cron jobs, calendar events, handwritten docs, and tons of scripting languages
• Create, test, and deploy configuration management with SaltStack
• Create federated permissions within AD and vSphere for automatic management
• Get the system through DFARS accreditation

May 2015 – Nov 2015 · 6 mos · Hybrid

• (assigned to Booz Allen, see above)

Feb 2014 – Jan 2015 · 11 mos · Annapolis Junction, MD · On-site

• Field engineer for approximately $4 million worth of construction across 3 task orders. Ensured that leadership, everyone on site, and the client representatives all had the tools, materials, and information they needed at the right time and on budget. This included gathering and vetting bids from contractors to meeting with clients to share progress and everything in between during the build phase of design-build projects.

May 2013 – Nov 2013 · 6 mos · Newport, RI

Sep 2011 – May 2013 · 1 yr 8 mos

Jun 2011 – May 2013 · 1 yr 11 mos · Salem, VA

• Courses taught include Linux System Administration, IP Networking (CCNA exams 1-3), Database Development (SQL), Structured Cabling, Windows Desktop Support, Windows Server and Exchange Server. Duties included development of course material, conducting lecture and labs to maximize student learning, grading student assignments, and providing mentorship and guidance to students.

Jun 2010 – Sep 2010 · 3 mos · Christiansburg, VA

May 2008 – Aug 2008 · 3 mos · Reston, VA

• Load and Performance Division of IT Department

May 2004 – Sep 2021 · 17 yrs 4 mos · Hybrid

• not accepting new freelance work **
• Freelance work has included
• General compliance consulting
• Site wireless planning over 802.11 for mesh and point-to-point backhaul links
• Industrial low-voltage cabling
• Ebook formatting and publishing support
• Copyediting for genre fiction
• Desktop computer repair/support for businesses and automation scripting
• Basic WordPress sites
• Basic CRUD programming in no-code frameworks such as MS Access and in languages including PHP

May 2004 – Jun 2006 · 2 yrs 1 mo · Charlotte Court House, Virginia, United States · On-site

• Build white-box computers for the school district
• Troubleshoot and repair school district computers
• Run low-voltage cables to support district labs
• Retail sales of computers and peripherals to the general public
• Retail sales of computer services (troubleshooting, repair) to the general public