Command Center Inc. is a Cybersecurity Threat Mitigation provider thatdelivers an Advanced Cyber Threat Detection and Response technology whichprovides outcome based cyber mitigations to Financial Services, Insurance,Hospital & Healthcare and Government organizations.

Embedded Application Security into the Chase Travel SDLC with capabilities including Threat Modeler, Codebashing, CheckMarx One, Contrast IAST, Burp Suite Enterprise, Aqua, Divvy Cloud and ServiceNow reducing risk to Chase Travel Platform assets 57%Designed, Developed and Maintained Chase Travel Cybersecurity KPI/KRI metrics dashboards & executive reports using AWS Datamesh (Athena & QuickSight), PowerBI and Tableau used by GRC to measure Chase IG controls effectiveness.Developed and Administrated Chase Travel Security Champions ProgramCompleted remediation of 18k critical & high severity exploitable vulnerabilitiesDeveloped, Implemented and Administrated Chase Travel Security Engagement program with internally developed JIRA / ServiceNow solution.Delivered Chase Travel Security Architecture & Threat Modeling services for Chase Travel Platform assets working with engineering teams.Developed and Delivered Chase Travel PCI Secure Code Training Program with Checkmarx Codebashing to Chase Travel in scope engineersDeveloped and Maintained Risk-based Scoring for Chase Travel CMDB Assets in ServiceNow.Designed and Implemented Artifactory JFrog Xray repositories for Chase Travel 3rd Party and Open-Source libraries.Orchestrated and Administrated Chase Travel Vulnerability Management, specifically SLA Violation, Risk Deviation approvals and False Positive Audit with ServiceNowDesigned and Implemented Chase Travel In-house developed Service to Service Zero Trust solution.Collaborated and Partnered with Chase Travel senior leaders across Engineering, Business, QA, PMO, Audit, Cybersecurity, etc. to execute on JPMC strategic technology roadmap.Developed and Maintained AWS Serverless Lamba services automation for cybersecurity tools including Aqua, Checkmarx One, DivvyCloud, JIRA, ServiceNow, ThreatModeler, etc.Operationalized and Administrated Command Center ASPM managing risk with Software Supply Chain, SBOM, Vulnerability Management, etc.

Embedded application security into the Humana software development lifecycle using CheckMarx, Web Inspect, Contrast IAST, Snyk SCA, JFrog Xray, Burp Suite Enterprise and F-5 WAF.Managed and owned internally developed Humana Security API (SecAPI) and Quality API products leading product owners, engineers, etc. prioritizing value and delivering group sectors a suite of DevSecOps tools required to enable automated releases/deployments in (Azure, AWS and GCP).Developed, Influenced and Drove execution of Humana DevSecOps strategic multi-year roadmap aligned with Humana technology mission.Collaborated with Group Sector business units (Retail, Pharmacy, etc.), stakeholders (EA, EIP, HPE, SPARQ, etc.) and partners to integrate SecAPI, Quality API and Vault Secret Management platform across the Humana enterprise.Enabled & Supported Humana engineering teams and their associated pipelines with integrations to our suite of DevSecOps tools and services.Increased adoption 10X for SecAPI, Quality API and Vault capabilities across Humana to increase annual revenue.Delivered Security Architecture, Threat Modeling, SCA, SAST, DAST & IAST through integration with SecAPI 2.0.Increased productivity of Humana Associates & 35 Contractor resources reporting under the DevSecOps program.Implemented Hashi-Corp Vault Secrets Management platform across Humana multi-cloud environments (Azure, AWS and GCP).Implemented Venafi Certificate Automation lifecycle management platform across Humana multi-cloud environments (Azure, AWS and GCP).Designed, Developed and Maintained KPI/KRI metrics dashboards and executive reports using PowerBI used by GRC to measure controls effectiveness.

CareFirst BCBSManager, Information Security – Application & Data Security December 2018 – Present• Create and execute CareFirst Information Security vision, strategy and tactical roadmap aligned with information security best practices and common data security controls in frameworks such as FISMA, HIPAA, and NIST 800-53.• Implement & Operationalize automated SAST, DAST and IAST for E-Services & FEPDirect Jenkins CI Build & Deploy jobs using Fortify SCA, Web Inspect, Burp Suite and Contrast Assess.• Implement & Operationalize Contrast Protect RASP for E-Services & FEPDirect in production.• Implement & Operationalize Secure Coding IDE and Secure Code Training solution for developers using Synopsys Secure Assist IDE & Secure Code Warrior solutions.• Implement & Operationalize Open Source Security governance using Sonatype, JFrog Xray and Contrast OSS.• Implement automated, OAuth supported - Swagger-based, API Dynamic Application Security Testing for 300 RESTful Web Services in Jenkins CI/CD Pipelines.• Conduct Application Security Penetration testing & Ethical Hacking in Production for E-Service & FEPDirect Applications.• Lead Application Security Vulnerability remediation and production mitigation efforts for E-Service and FEPDirect critical & high production vulnerabilities.• Perform Source Code Analysis & Security Code reviews of Java projects using Find Bugs, SonarQube and IntelliJ.• Implement Real-time Application Security Intelligence, Analytics, KPI Dashboard & Monitoring solution using Splunk ITSI.• Implement & Operationalize Application Security Vulnerability Management process working with development leadership and teams.• Implement & Operationalize Automated Security Engagement Risk Form for Functional & Non-Functional Security Requirements.

• Create and execute Domino’s Information Security vision, strategy and tactical roadmap aligned with information security best practices and common application security controls in frameworks such as FISMA, HIPAA, PCI-DSS and NIST 800-53.• Implement & Operationalize automated SAST, DAST and IAST for E-Commerce (Dominos.com), Pulse POS, Pulse Next Gen POS Jenkins CI Build & Deploy jobs using Fortify SCA, Web Inspect, Burp Suite and Contrast Assess.• Implement & Operationalize Contrast Protect RASP for Dominos.com in production.• Implement & Operationalize Secure Coding IDE and Secure Code Training solution for developers using Synopsys Secure Assist IDE & Secure Code Warrior solutions.• Implement & Operationalize Open Source Security governance using Sonatype, JFrog Xray and Contrast OSS.• Implement automated, OAuth supported - Swagger-based, API Dynamic Application Security Testing for 300 RESTful Web Services in Jenkins CI/CD Pipelines.• Conduct Application Security Penetration testing & Ethical Hacking in Production for E-Commerce (Dominos.com, Pulse POS and Pulse Next Gen) Applications.• Lead Application Security Vulnerability remediation and production mitigation efforts for Dominos.com critical & high production vulnerabilities.• Perform Source Code Analysis & Security Code reviews of Java projects using Find Bugs, SonarQube and IntelliJ.• Implement Real-time Application Security Intelligence, Analytics, KPI Dashboard & Monitoring solution using Splunk ITSI.• Implement & Operationalize Application Security Vulnerability Management process working with development leadership and teams.• Implement & Operationalize Automated Security Engagement Risk Form for Functional & Non-Functional Security Requirements.• Drive adoption of application security as part of the Software Development Life Cycle (SDLC) in agile methodology, including automated tools.

Sirius is an IBM Security Business Partner specializing in the delivery of critical Application Security Risk Management Solutions for Software Development organizations, which significantly reduce business risk across the SDLC at the application layer for all business sectors.

Delivery of Application and Software Security Services

• Lead Americas, EMEA and APAC Application Development, QA, PMO, Risk, Infrastructure and Security teams with all Application Security Initiatives and projects.• Provided Executive Summaries and Risk Advisement to Executive VP’s and CIO.• Managed all 3rd Party Application Security Vendors (Trustwave, Veracode, IBM and Coalfire).• Coordinated with Sr. Level Management to integrate Application Security into Risk, Development, Q/A, Infrastructure, Security and PMO organizational processes.• Implemented and Integrated IBM AppScan Security Source for Analysis, Remediation, Developer and Automation into Continuous Build Integration for SAST. (Maven, TFS and Jenkins)• Implemented IBM AppScan Enterprise ver 9.0.1 for DAST in Global Enterprise• Implemented Application Security into Global SDLC Toll Gate PMO Process• Developed Application Security Vulnerability Management Program, Standards and Policies including Remediation and Risk Acceptance into Global Risk Management Process• Interviewed, Hired, and Lead Sr. Application Security Architect, SAST/DAST SME, Software Security Developer, Ethical Hacker and Application Security Engineer to achieve organizational goals.• Developed Global Application Security Awareness Training Program• Served on the Global Change Control Committee• Developed 2015 Global Application Security budget which included vendors, staff resources, technology purchases, etc.• Reduced Global Business Risk 40% by implementing Global Application Security Management.• Developed Global Application Security Business Risk KPI metrics• Developed Global Application Security Program which aligned to Global Business Goals, Milestones and Objectives.

•Perform HP FOD Standard and Premium Application Security Testing and Exploitation (UI and Web Services) on 100 Nestle and Genworth Financial web applications using HP Web Inspect, Burp Suite Pro, HP Fortify SCA 4.0 and Netsparker utilizing Methos and WAHH Testing Methodology.•Environment: HP Web Inspect, Burp Suite Pro and HP Fortify SCA v 4.0

Application Security Penetration testing of critical banking center applications.

•Lead all Application Security Testing and Exploitation (UI and Web Services) using AppScan Standard v 8.6, NTOSpider, Netsparker, SQLmap and Burp Suite Pro in Agile SDLC utilizing WAHH, OWASP Testing Guide and OSSTM Methodology.•Working with Developers, QA Engineers, Project Managers and Business Owners to educate and implement industry best practices for remediating software security vulnerabilities.•Creating and managing an Application Security Metrics Dashboard, using Sharepoint, Splunk, MongoDb, google charts and fusion charts.•Environment: IBM App Scan Standard v8.6, Burp Suite Pro, NTOSpider and Netsparker

•Lead all Application Security Testing and Exploitation (UI and Web Services) using AppScan Enterprise v 8.6 and Burp Suite in Agile SDLC utilizing WAHH, OWASP Testing Guide and OSSTM Methodology.•Conduct Threat Modeling Analysis for V.me personal, business, developer, VDC, VPP and Visa.com•Perform Manual Code Reviews using Firebug, Eclispe and CheckMarx•Review, Analysis and Validation of AppScan Dynamic Security testing findings•Provide security vulnerabilities (XSS, CSRF, SQLi, DDOS, etc.) remediation support to Java, .net, PHP and Ruby developers•Review, Analysis and Validation of Veracode Static Code Analysis findings•Lead Planning, Installation, Deployment and Support of AppScan Enterprise Platform throughout Visa, Cybersource, Playspan, Fundemo and VPS•Responsible for conducting manual code review, static code analysis, dynamic security testing and manual penetration testing for V.me and Visa.com which consist of over 60 applications and 36 domains•Review and Analysis of 3rd Party Web Application Penetration Test Findings prior to implementation•Deliver AppScan Enterprise v 8.6 Security Testing training to Developers and QA Engineers •Provide OWASP Top Ten training to QA Engineers and Software Developers•Guide usage of ESAPI Encoder, CSRF Guard and Validator of the OWASP ESAPI Library•Provide support to the Imperva & Akami Web Application Firewall NSWG•Provide Secure Coding training to software development teams using Visa Secure Coding Guidelines•Deliver Veracode and IBM Ounce Security Testing training to Developers•Create custom Injection and Scripting attacks/exploits for Application Security Testing•Environment: IBM App Scan Enterprise v8.6, Burp Suite v 4, IBM Ounce and Veracode

•Lead all Application and Infrastructure Security Testing for Blue Cross Blue Shield of MI•Lead, Manage, Plan, Support and Implement the Secure Coding Program with in BCBSM•Manage and Assign security testing projects to Security Testing Team members•Develop, Validate, Assemble, Submit and Quality Review all Security Testing Draft and Final Reports•Manage Security Testers and Secure Coding Developers•Create, Design and Implement all Security Test Plans for project and base Security Testing with in BCBSM•Develop and Document Application Security Testing requirements, guidelines and standards•Develop and Document all Secure Coding requirements, usage, guidelines, standards and processes•Develop, Document and Execute all Test Cases for Security Testing•Utilize and Implement OWASP Top Ten issues, WASC and CWE’s into Security Testing efforts•Develop and Document Procedures and Methodology for Security Testing efforts•Implement and Maintain the OWASP ESAPI Library throughout BCBSM•Implement, Configure, Administrate and Maintain the F-5 Web Application Firewall with in BCBSM•Perform Static, Dynamic and Manual Security Testing utilizing OWASP Testing Guide Methodology•Train and Educate all Security Testing Team members using Aspect and Fortify CBT•Produce weekly, monthly and quarterly security testing and secure coding status reports•Lead developers, project team members, executive management and vendors through remediation efforts•Integrating Threat Modeling and Test Case Strategy development throughout the SDLCEnvironment: IBM App Scan v 8 - 8.5, Burp Suite v 3.5 - 4, Web Inspect v 9.2, Fortify SCA v 2.5 – 3.1.

Served as GLBA Regulatory Compliance specialist for over 100 different credit unions including Health One Credit Union, River Rouge Credit Union, Meijer Credit Union, and Affinity Group Credit Union.