Led the unification a system that collected potential exposed secrets with a separate system that verified and remediated the exposure if a secret proved active. My identification of an overlooked path forward changed the chance of success from unlikely with complex engineering to certain with less engineering.Build, maintain and improve the systems and infrastructure that maintain Microsoft's endpoint protection; includes implementation of vulnerability detection, antimalware systems, tech eviction, associated data processing, monitoring and alerting. Mentored interns in projects related to our service. These included dynamic deployment of remote scanners to match target load; a system to detect errors in patch deployment; and a deep analysis of our scan reporting fidelity utilizing with statistical and machine learning techniques.Collaborated with a peer network security engineering group and coordinated with 3 more teams to deploy a network device security scanning solution with automation for scan targeting and cadence. Adjusted and redeployed several times to match new capabilities and shifts in the technology stack.Worked with my team to deploy a spark cluster solution to process the massive amounts of vulnerability and antimalware data generated into a consumable and actionable format. Includes end to end monitoring and alerting, environment classification, inventory processing, data engineering and feed consumption.Participated in an AI advanced projects class conducted through Microsoft Research (MSR). Was the information security subject matter expert in a group that created a Machine Learning solution for security vulnerability analysis. This solution was built around a Deep Neural Network and was integrated into Microsoft's cybersecurity product offering.

Co-Founder Ghettohackers. Co-Founder Third Friday Group for locating security talent in Seattle Area. Self-Elected Webmaster for the Seattle 2600 in the late 90's:https://web.archive.org/web/19990508143149/http://www.2600.com/meetings/pages.htmlhttps://web.archive.org/web/19990203011002/http://www.seattleu.edu/~jester47/seattle2600.html

Conducted web application, network, social engineering, and other penetration tests to provide multiple clients with a better understanding of their security posture. Worked with clients to implement remediations and mitigations of issues discovered. Engaged in forensics and incident response work for a client with a virtualized network. Acquired forensic copies of virtual hard drives and reviewed these to confirm extent of breach using forensics analysis software. Gained the ability to jailbreak, disassemble and own an iOS app. Circumvented iOS cert-pinning, extracted information with OTool, Hopper, and keychain dumper. Regular utilization of Burpsuite Pro. Utilized proxychains, dnsChef and other tools for traffic redirection.Demonstrated the ability to turn tool output and information on the vulnerabilities discovered into actionable understandable reports. Constructed professional executive level reports of findings and offered support at the sales level to clarify technical questions and communications.

Long term engagement with security division of client. Worked with the client's security monitoring group to tune their Intrusion Detection System (IDS). Reviewed and assessed rules and policies on a SourceFire/CISCO FirePower system along with changes in configuration to increase the signal to noise ratio in the detections. Wrote and deployed rules for the IDS as needed. Conducted extensive analysis of traffic using Wireshark, hex editors, and other network analysis tools to improve rules and detections. Built a suite of script applications that would connect with the CISCO FirePower devices to extract performance data with high granularity, deploy local rules to policy layers across a Defense Center environment numbering in the double digits, and correlated ArcSight ID to Defense Center IP for FirePower/ArcSight integration. Development of scripts reduced the time of deployment of custom rules from potentially hours to minutes and stabilized the ArcSight/FirePower environment.

Design, build and operate a program for third party outreach to identify and remove security vulnerabilities in Windows 8 apps. Exercised application security skills and experience to assess vulnerabilities discovered through the analyzer infrastructure. Utilized planning and management talents to reach out to the third-party developers and owners of these applications and help instruct them on how to correct the issues discovered.

Reported vulnerabilities in a Federal/Accreditation environment and tracked them to resolution. Built, modified, and documented automation tools in VBA to streamline the production of daily, weekly, and monthly vulnerability reports to CVPs and engineers. These were used to report the security compliance and risk posture against established baselines. Worked with property owners to drive patching, configuration, and monitoring requirement compliance. Triaged and remediated breakdowns in the communication between teams to catalyze vulnerability remediation and security compliance. Work to satisfy and demonstrate audit compliance.

Worked in a dual role as the lead for QA and Software Security on a social media subsidiary of Zondervan. Acted as the hub between the customer support and design/development teams to identify, prioritize, triage, and remediate bugs. Utilized RCOV, Tarantula, and Rake to review Ruby on Rails code for security bugs and raised application security awareness within the development team.

The Majority of this role is related to reporting or managing vulnerabilities in a large-scale computing environment. Work on a team to protect the information network of a major global freight forwarder. Follow industry practices and use industry resources for risk management. Maintain 24x7 on call rotation. Respond to incidents and attack. Monitor snort/sourcefire data for intrusion. Upgraded and administered remote access VPN.

Triage global windows setup errors in a large operational environment. Operate in a Tier 3 PSS role within the product group to triage driver-based deployment failures in setup.exe. Receive notification of errors in Setup from submitters and track Setup bugs across the windows development organization. Reviewed panther logs and used the WinDbg kernel debugger to analyze core dumps for root cause.

Perform comprehensive security assessments for line-of-business applications to asses architecture, code and design in a multi-language (.NET, SQL, VB, C++, C#, javascript, PHP) multi-development cycle environment. Project managed code reviews. Generated threat models utilizing data flow analysis tools. Drafted reports to communicate results across management and developers.