Temporary contract with Fortune 100 manufacturer.

• 12th NTX ISSA Cybersecurity Conference: “Threat Detection in Boundaryless Environments” panel 9/6/2024.• CISO XC Conference: “Staying Compliant in Cloud Security with AI” panel 4/25/2024.• CISO XC Conference: “Modernizing InfoSec: Staying in compliance with cloud & data security” panel 11/21/2023.• Hexcon23: “Securing the Future: The Intersection of Security and AI” panel 11/20/2023.• 11th NTX ISSA Cybersecurity Conference: “Practical Tips for Career Advancement” panel 11/15/2023.• Mastering 5G Network Design, Implementation, and Operations Books, Gallery Quote, published June 2023.• The DemoForum Zero Trust Platforms and DSPM Cybersecurity Meetup, Guest Speaker, online 4/4-6/2023.• DevNetwork API & Product Advisory Boards, September 2022 to Present.• AutoCyberSecurity Conference, Shanghai, China: “Public Domain Security for Vehicle Systems” 3/19-20/2020 (cancelled due to Covid-19 pandemic).• 7th NTX ISSA Cyber Security Conference: “Can IoT Systems be Secured?” 11/15/2019.• Industrial IoT World Conference, Atlanta, SME Panel: “Creating best practices and protocols for flexible IoT Security” 11/1/2019.• Industrial IoT World Conference, Atlanta, Analyst Breakfast Briefing: “Why IoT needs ML for higher adoption rates” 10/31/2019.• Industrial IoT World Conference, Atlanta; SME PANEL: “Using a comprehensive, multi-layered approach to solving cybersecurity weaknesses” 10/30/2019.• Texas Cyber Security Summit, San Antonio, “CSA IoT Security Controls Framework” 10/10/2019.• LASCON-Austin “ML-Based Detection Engine of Device/ Network Attacks for IIoT Gateway”10/25/2018.• University of Texas-Dallas, Tech Talk “Mobile Threat Defense” 8/27/2018.• IAFCI North Texas Chapter Meeting “The Mobile Threat Landscape” 7/10/2018.• ISACA-Austin “On-Device Mobile Threat Detecting using ML” 4/4/2018.• Symposium on Securing the IOT 3/5-7/2018, San Francisco.• International VDI Conference, Germany – IT Security for Smart Manufacturing: “Embedded Security

• Developed and led the application security strategy and program across the organization.• Worked closely with development teams to integrate security practices into the SDLC, including threat modeling, secure coding practices, security testing, validation and vulnerability management.• Led security assessments, code reviews, and penetration testing efforts to identify and mitigate security vulnerabilities in applications.• Developed and maintained security policies, standards, and guidelines related to application security.• Drove the selection and implementation of application security tools and technologies.• Directed the implementation and maintenance of security controls to safeguard sensitive information and company assets.• Communicated security risks and strategies to stakeholders, including executive leadership, in a clear and effective manner.

• Leveraged MITRE frameworks and Cyber Threat Intelligence (CTI) to compile Attack/Adversary Playbook for Red/Blue Team operations for Product Security & Incident Response Teams (PSIRT).• Ensured that Nokia’s portfolio is compliant with customer and regulatory security requirements.• Established the wide governance on product security for Nokia systems, with one focus on API security.• Serviced security requirements and security regulations for Telecom, Enterprise, and Government markets.• Evolved the vulnerability management platform ‘VAMS’ for the Nokia product portfolio which allows the Nokia product lines to identify vulnerabilities in the product and ensures fast fixes/disclosure to customers.• Identified and evangelized best practices for product security both externally and internally to Nokia and ensured that they are adopted as appropriate.• Developed the ASTaR (Advanced Security Testing and Research) End-to-End lab in Dallas for security testing with a focus on 5G solutions to prioritize test scenarios and execution in cooperation with the Business Groups, with results delivery.

As SME on Scheme Committee, was key contributor to the industry's first, vendor agnostic, IoT Practitioner Certification for professionals, IoT Security Practitioner Certification, as well as the Artificial Intelligence Practitioner Certification, all released.https://certnexus.com/certification/

• Mentored and Directed Security Analysts, Engineers and Architects.• Led the Shift-Left strategy with Development and DevOps teams while composing enhanced SDLC Standard.• Worked with Development and Operations on enhancing existing security posture of APIs.• Designed security solutions that enforce security consistently across internally developed, commercial-off-the-shelf (COTS) and cloud-based applications and platforms (AWS, Azure) leveraging IAM, KMS, VPC.• Performed security architecture reviews for secure, private, and compliant production datacenters (PCI, FedRAMP) leveraging Third-Party Risk Management tools (SCA, SAST, DAST, BitSight).• Performed various Risk Assessments, Threat Modelling in order to advise for proper tradeoffs with business.• Led design reviews with Development and Operations teams.• Developed procedures to automate CD-CD pipeline security during code builds, testing and deployments.• Collaborated with product and platform teams to maximize DevSecOps automation goals.• Worked directly with Security Operations Center (SOC) and Technical Vulnerability Management (TVM).• Member of Change Board and Vendor Risk Management for various ISMS procedures towards ISO 27001/27002, NIST CSF.• Representative as Infosec Privacy Expert for Legal Department intake towards GRC.

• Used Application Security tools within LLVM compiler toolchain to obfuscate application code/bitcode within the Secure SDLC.• Demonstrated advanced understanding modern security concepts: malware, cryptography, disassembly, reverse engineering and exploitation methodologies.• Utilized VMs, Containers, Linux, Python, JavaScript, Java, JSON, XML, Network stacks to demonstrate various POCs, including CI-CD pipelines, eg. Jenkins.• Leveraged pentest tools such as Frida, JADX, bytecode-viewer, IDA Pro, Hopper.• Provided consistent, proactive, technical leadership and expertise to ensure the success of the implementation and integration.• Trained customer’s software architects, developers and security engineers in Arxan’s technology and security best practices.

• Recommended key decision points for technology direction and contributed to comprehensive technical roadmaps for the vehicle ecosystem with the right balance of tradeoffs for security/privacy and customer experience.• Converted business requirements into working solutions by creating Secure Application Development and Privacy Policies (PCI, GDPR, CCPA), DevSecOps, Threat Modeling ECUs, Root of Trust/Secure root Purple Team, CI-CD pipelines for any secure vehicle endpoint to backend server workflow for Toyota TMNA and other Toyota Entities (AWS, Azure, Embedded and Mobile focus). • Made recommendations on best-of-breed vendor solutions and tools for mobile, server, embedded and safety using common frameworks (NIST, OWASP, CSA, IEC 61508, ISO 26262, SOTA, PKI, IAM).• Evaluated technology with trials and POCs for mobile/server workflow.• Worked with development teams on implementation with agile improvements. • Represented Toyota Vehicle Security at SAE J3061 Cybersecurity for Cyber-Physical Vehicle Systems.• Represented Toyota Vehicle Security at SAE J3138 for Diagnostic Link Connector Security.

The goal of the EC-Council Security of IoT Program is to create a certification toaddress the security aspects of the growing Internet of Things field.

• Owned technical portion of the sales cycle, using Burpsuite, Metasploit, FakeAP, MITM attacks, Wireshark.• Articulated the value of our Mobile Threat Defense implementing User Behavior Analytics. • Focused on IoT Security applications, research, and new product development for target markets. • Responded to RFPs of prospects from Medical (HIPAA), Financial (PCI), Enterprise and FedRAMP markets. • Delivered tailored Proof of Concept and workshops demonstrating live Device, Network and Application attacks to ensure the technical win. • Stood up SSO instance of PingID IdP using SAML2 for sales engineer usage, as well as customer success.• Developed leadership relationships with all stakeholders, including Security Engineers, Architects and C-line executives, as well as Channel Partners.• Sought to understand customer pain-points to provide product management/Agile development teams feedback and helped defined new features for roadmaps.• Searched for venues where the Zimperium solution selling was conveyed, via social media and conferences. • Focused on ICS/IOT solutions for industrial, automotive, health and telecom/consumer markets, investigating standards, use-cases, sectors, for unique problems that needed better solutions.• Focused on Security/Privacy aspects of all architectural designs, including Reliability and Resiliency.

• Consulted with customers to utilize Silabs solutions in secure all sectors of IoT-to-Cloud (GCP) applications: smart metering, medical devices (FDA), home automation, industrial control, asset management and automotive, with actual working prototypes.• Modified actual SW for Ubuntu platforms at 2 large customers on x86 (porting from ARM) utilizing DevOps microservices: JSON, MQTT, MQTTfx to Cloud & MongoDB.• Mastered vast knowledge while implementing WiFi, Ethernet, ZigBee, Thread, Bluetooth, sensors and proprietary RF/SDR connections, all with security design elements of bootloaders and operating systems. • Modified source code for interaction with secure Smart Phone apps and cloud service connections to show full IoT to Cloud and back functionality.• Encouraged customers to embrace SW troubleshooting and architectural discussions: pentesting (both internal and external), QA Testing (unit testing, corner-case), reviewing definitions of product requirements vs customer expectations vs management expectations, with strong emphasis on security, privacy and safety.

• Avidly promoted security-by-design M2M solutions (Long Range-LoRa, proprietary RF) at all accounts, generating revenue through enhanced product definition and Design Wins at medical, whitegoods, electric grid, oil & gas, automotive customers and numerous industrial (SCADA, ICS) for IT and OT networks.• Pentesting LoRa in field in Brazil, Mexico and Texas to show robustness over various distance/terrain/RF interference, jamming, pentesting, malformed frames, etc.• Continually interfaced with customer marketing, presenting secure technical solutions, understanding existing architectures, proposing new architectures that connect to the cloud.• Provided in-home lab penetration testing and on-site troubleshooting of secure solutions for customers in territory.