I built and manage the global AWS Prototyping Security function. I worked with global peers to define a standard risk based practice that balances security and privacy with the velocity demanded by time constrained engagements helping customers find innovative solutions to their business challenges. This program is used globally by hundreds of prototypers and has saved them over 12,000 man days of time compared to other security review mechanisms. It maintains it's growth through team ownership and a distributed pattern of self regulation. I have been the escalation point for global questions on security best practices, approaches and designs for other Security leaders within AWS Prototyping teams. I provide thought leadership and work closely with Legal, AWS Security, and business leadership to maintain appropriate approvals.I work with customers as to define and build innovative solutions as a part of the AWS World Wide Specialist Organization. I have architected and built solutions for connected aircraft (connection failure tolerant downloads), Enterprise Attack Surface Enumeration for fraud detection, product classification using LLMs, and working to create a Virtual Employee Assistance Tool leveraging GenAI to remove the undifferentiated heavy lifting of data location and analysis.I built and run a global AWS Security workshop for aviation customers in collaboration with the Aviation ISAC group.I

I was responsible for 3M's cloud security platforms for multiple cloud vendors. I led the migration of 3M's Information Security platform and tools to AWS. I managed the cloud security engineering team and project management for Incident Response, IAM, GRC, DevSecOps, and Account Guardrails implementation into AWS. I was the manager working between AWS migration resources, 3M InfoSec teams, and the AWS Cloud Security Engineering team, which reported to me. I worked with 3M's Corporate Research Lab and other groups on appropriate security controls during prototyping, product development, and new infrastructure deployment. I liaised with the IT Department's Platform Engineering team responsible for account vending.

I managed the Cloud Security Engineering team for 3M's Global Information Security team reporting to the 3M CISO. The team implemented an Cloud Security Posture Management which enforced reactive and preventitive guardrails, policy and compliance validation, and reporting. The team built a global application logging API to provide a standardized approach to logging which can be ingested into 3M's SIEM and Operational oversight platforms.The team built cloud native transitions for on premise practices during the 3M Global IT transition and move to AWS. This team provided engineering expertise, cloud knowledge, and coordination with AWS Migration resources and 3M InfoSec teams to move on premise data, systems, and processes into the cloud.Implemented cloud native solutions and practices to train and up skill security and IT resources which did not have cloud experience.

Cloud Security Architect working in AWS to secure applications, infrastructure, and services. Provide Security oversight and technical review of application development, audits, and incident management. Identify, Implement, and transition security frameworks into the security operations teams.Major Accomplishments:1. Implemented an automated logging and monitoring solution which can automatically remediate actions taken in AWS without human intervention2. Implemented a "Just in Time" Privileged Access Management framework which leverages AWS federation access, time bound, permission, and resource specific access.3. Designed centralized logging strategy

Designed and implemented threat and vulnerability management program. Implemented internal, data center and cloud scanning resources and combined reports into a single report to management.I implemented the first DevSecOps process within 3M. Incorporating HP Fortify's SAST tools into the build process for several 3M HIS applications. This effort led to a change in the global 3M approach to SAST scanning which decreased time to resolution by several weeks and increased scans per deployment by 3 fold. This resulted in faster time to production.

Enhanced and implemented numerous policies, standards, and procedures for Governance and Compliance. Designed and implemented an internal risk assessment process based on NIST 800-53 Rev 3, HIPAA ,and other regulatory requirements. performed over a dozen risk assessments.Designed and implemented a risk registry to track product and organizational risks and work towards remediation.

Worked to implement a common compliance core framework across all Adobe digital marketing products to ensure compliance with numerous industry, federal, and regulatory requirements for security. Including, but not limited to HIPAA, NIST 800-53, FEDRAMP, ISO 27001, and ISO 27002.

My responsibilities included working with the community, UHIN's Network Administrator and Developers to design, develop, deploy, and provide escalation support and training for UHIN's clinical and administrative networks, products and services. I also operate as the Security Officer for the company providing audits, training, and maintaining UHIN's compliance with it's EHNAC accreditation, industry standards, and state and federal laws.Major Accomplishments:2009 implemented a clinical health information exchange working with major state and national healthcare organizations to allow interoperability and the exchange of HL7 documents between members.2011/2012 - implemented an ANSI X12 clearinghouse which provided validation, transformation, and routing services to 96% of Utah administrative (X12) transactions in support of the standard change from 004010 to 005010.

I was the UHIN liaison for projects. I was responsible for the project management, meetings, and dealing with vendors and the UHIN community committees overseeing the projects.I began the work on the clinical Health Information Exchange (cHIE) in this position was later given the Business Analyst title.

I was responsible for training, implementation and customer support for all UHIN members. I traveled throughout the state of Utah for presentations, trainings, and in office support.

Senior level position within Medicaid Operations. I was responsible for projects that were instituted or included Medicaid Operations. Medicaid Operations is the customer support, claims processing, and provider enrollment hub for the Utah State Medicaid Program.I reported to my direct manager, the bureau director and the assistant director of health care financing.My responsibilities included the creation of project plans, implementation and pilot project reports, programming requests, testing, and data mining.