Resume
Arm, Inc.
(remote) Cambridge, UK
Senior Manager, Secure Development Consulting
12/2020 – 4/2023
- Avoided 60+ costly security risks before procurement, development, or project planning began
- Engaged 150+ stakeholders and architects in security discussions before project initiation
- Collaborated in 145+ high-level architectural design reviews (SAD, HLD) to embed security controls
- Demonstrated the high ROI value of Threat Modeling to business sponsors, developers, and architects
- Matured Secure SDLC for 44 business and engineering development teams
- Reduced ransomware risk by 25% through technical security engagements with platform owners
Senior Manager, Cloud Security Architecture
11/2019 – 12/2020
- Redesigned 35 applications to meet standard patterns for network, security, and shared services
- Migrated 20+ successful business and engineering customers to the AWS landing zone
- Built custom AWS guardrails and a landing zone for business and engineering applications
- Defined strict AWS IAM policies that enabled IT and engineering teams to manage their environments
- Adapted legacy controls to maximize cloud capabilities for logging, alerts, data protection, compliance
Senior Manager, Security Policies and Architecture
5/2018 – 11/2019
- Ensured 99%+ policy adoption rate through listening, engagement, advocacy, and mediation
- Aligned all company security policies with architecture patterns and internal audit requirements
- Authored and curated 31 entirely new enterprise security policies, standards, and guidelines
- Created enterprise-wide security awareness and training materials with 96% customer satisfaction
CLEAResult Consulting, Inc.
Austin, Texas
Head of Information Security
4/2017 – 5/2018
- Expedited $40M contracts by successfully answering customer security questionnaires and contracts
- Achieved the first SOC2 compliance, including audit prep, evidence collection, and remediations
- Directed all security program activities: personnel, budgeting, GRC, threats, and data protection
- Reported to executive committees five key metrics (incidents, vulnerabilities, risks, gaps, compliance)
- Matured the security team via development, study, coaching, and mentorship
Principal Engineer, Information Security Architect
4/2014 – 4/2017
- Envisioned and created custom, integrated, low-cost security solutions to meet business risk appetite
- Founded a flexible and intuitive SIEM system that collected 100 GB from 800 sources
- Completed 15 critical app migrations to public cloud IaaS, PaaS, and SaaS while improving security
- Discovered and remediated 200+ critical vulnerabilities in company networks and applications
- Directed high-profile, third-party assessments, penetration tests, incident responses, and audits
Lower Colorado River Authority (LCRA)
Austin, Texas
Senior Information Security Analyst
10/2013 – 4/2014
- Managed a $0.5M Security Information and Event Management (SIEM) system replacement project
- Strengthened the role of security through policy, architecture review, and change management
Adjacent Technologies, Inc.
Austin, Texas
Head of Information Security
3/2012 – 10/2013
- Saved the company $0.3M in penalties by meeting complex, contractual, security obligations
- Designed a corporate security program framework and implemented a complete security program
- Migrated critical business applications to the cloud while maintaining security and compliance
- Implemented a cloud security control framework and operations that met customer requirements
- Reduced phishing and social engineering susceptibility by 60% through education and simulations
NCsoft Corp.
Austin, Texas
Senior Security Engineer; PCI Program Manager
7/2009 – 3/2012
- Saved the company over $1M in lost revenue and fines by keeping full compliance with PCI-DSS
- Built and administered an essential PCI Compliance Program to ensure security and compliance
- Achieved all scheduled quarterly PCI assessments of system and network infrastructure
- Executed fraud and risk mitigation strategies to combat cyber-crime and reduce chargebacks
- Headed major computer incident responses, coordination, and communications
Safeway, Inc.
San Francisco Bay Area, California
Senior Security Engineer; PCI Program Manager
10/2004 – 7/2009
- Completed a 3-year, $0.5M enterprise data security program that secured 500k files 200M records
- Designed and built the tools and processes for the enterprise data loss prevention (DLP) program
- Reformed and matured enterprise encryption and key management policies, processes, and tools
- Founded an enterprise security operations center (SOC), set vision and policies, and trained staff
- Assessed dozens of critical business applications for security and compliance risks (PCI, SOX, HIPAA)
- Authored 15 information security policy documents for emerging technologies including encryption,
key management, servers, databases, virtualization, workstations, remote access, and mobile devices
U.S. Coast Guard
Washington, D.C.
Senior SOC Analyst
10/2001 – 10/2004
- Defended critical U.S. military infrastructure from cyber-attacks after 9/11 by finding vulnerabilities
- Directed and produced a Computer Incident Response Team (CIRT) that was a world-wide model
- Engineered and deployed an enterprise IDS solution using open-source Snort, Barnyard, and MySQL
- Conducted network vulnerability scans, penetration tests, and risk assessments on military networks
- Investigated civil and criminal cases by collecting, preserving, and analyzing forensic evidence