ServiceNow is a Workflow engine PaaS company with services in multiple regulated markets. (PaaS not SaaS, since customers administer their own application and users). Aug'24 - Present Principal AI Security ArchitectSecurity Research team - Worked with the Security organization to draft and refine Enterprise-wide GenAI Security Objectives and Key Results. Collaborating across the company and with working groups outside the company.Mar'22 - Aug'24 Principal AI Security ArchitectAdvanced Technology Group (Core AI Development team) - Formed ServiceNow AI Red Team across orgs. Designed secure enclaves to train models on restricted datasets. Secured internal NVIDIA GPU clusters and research SuperPod. Track AI/ML assets, mitigate AI/ML threats, apply controls from NIST AI/ML RMF and EU AI Act, teamed up with; Global Government Relations, Product Management, Strategy, Legal, Audit, Security, etc.. Proposed security requirements for multiple environments, AI/ML assets, Kubernetes, and GPU clusters.Dec'18 - Dec'19 Federal Information Systems Security Officer DoD IL 4/FedRAMP HighSelect NIST 800-53 controls, approves changes, enforce mandatory configurations, ensures products are 3rd party audited, etc.. Apr'16 - Feb'22 Principal Security ArchitectSecurity architect for commercial and regulated market environments. Did M&A due diligence assessing security of acquired companies and remediation plans. Design review board member. NVIDIA SuperPOD trainedGIAC GDSA Defensible Security Architecture CertifiedGIAC GCSA Cloud Security Automation (DevSecOps) CertifiedGIAC GSTRT Security Management CertifiedAWS Security TrainedSplunk Machine Learning Trained_____Aug'14 – Mar'16 Security Consultant - Full time Independent contractor reporting to the CISOFedRAMP security architect, helped ServiceNow achieve FedRAMP multiagency JAB Certification in February 2016.

Managed project and services vendor to VMware, ServiceNow, and SRI International focused on Security and GRC related staffing and project needs. Highly insured, staff are background checked, drug tested, and paid 90% of contract for higher quality staff and to avoid the 30-50% overhead of contract firms. No subcontracting or tiers of contracts.We perform onsite and remote Enterprise/Cloud Architecture, Discovery, scoped PenTesting services, Security Architecture/Engineering, and Security Implementation. Established in 1995 to supplement vendor services in implementing VMS/Pathworks, Ultrix/Digital UNIX, OS/2, Cisco network configuration and PIX/Gauntlet/Eagle firewalls.

SRI built the Stanford Dish in 1960, invented the mouse in 1961, was 2nd node on the Internet in 1969, managed the Internet (DNS and IP allocation) from 1972 to 1991, spun off SIRI in 2007. Stanford dish was used to map Soviet radar stations from moon reflections when the U-2 and SR-71 flew over, spawned Varian Semi, Fairchild Semi, this birthed Silicon Valley. Maybe part of MKULTRA.On-Call Independent Security Consultant to the CISO, assisting in strategy, planning, architecture and security reviews. Identified and alerted SRI to unused class-B subnets, SRI then sold those for $1.7M (paid for myself many times over). Used architectural guidance to select; SIEM, IDS, and Security Stack products and components. Worked with guidance from SRI fellow Dr. Peter Neumann (Multics author) and bind author Dr. Paul Vixie (Farsight CEO).SANS GIAC Intrusion Detection Trained

ARMUS is a HIPAA-compliant service supporting online clinical data research and quality management for Cardiothoracic care.Guided ARMUS to successful migration from hosted rack of servers to HIPAA Cloud.

Nov 2012 - Sep 2014 Full time Independent Security Consultant reporting to the CISOFor private/hybrid clouds, documented architecture and globally deployed security technologies. Assessed all vCloud Air service firewalls and advised on corporate firewall migrations. Supported RedTeam, did 24x7 scanning of VMware internal global network and perimeter and cloud services, identified configuration issues and managed target list for scans and pentests. SANS trained, Palo Alto Networks trained, OpenStack Certified____Apr 2010 – Oct 2012 Principal Architect, Enterprise Architecture - Full time contractor reporting to the VP of Enterprise Applications. Formed and facilitated the VMware ARB Infrastructure Technical Review Board (ITRB). Tech lead for VMware Disaster Recovery and other projects. Reverse engineered and documented core VMware data centers, global network. Documented critical business process dependencies on data, applications and infrastructure.CSA CCSK (SaaS/PaaS/IaaS Security) trained. VMware trained in multiple VMware technologies.

(Was Applied Biosystems, merged with Invitrogen in 2008 to become Life Technologies, acquired in 2013 by Thermo Fisher)Infrastructure Architect in the Enterprise Architecture & Security group, followed a 'TOGAF-lite' framework. Team lead, technical project lead, technical roadmap facilitator, design reviewer, systems designer, and internal security consultant. Member of the EA/Corporate Security team prior to being split, did network designs filling in for network engineer, used Red Seal for threat path analysis, did security reviews for projects.Technical lead for: Production data center moves, FDA validated Oracle E1 (JDE) buildout project for APAC, SAP/JDE integration, Web Application Firewall deployment, Hyperion SOX deployment, Campus 10GigE, and EA standards. Infrastructure architect for R&D projects including; Internet2 (10Gb IPv6 Internet) for Terabyte transfers, Petabyte storage arrays for datasets, private cloud computing, and GPU (video card) compute clusters for processing RNA/DNA/molecular instrument data.HP-UX Certified.

(Was GreenBorder Technologies, Inc., I left just as it was acquired (I.P., kernel developers) in 2007 by Google as part of Chrome Browser/ChromeOS) Responsible for the discovery and Risk/Fixability prioritization of all real and perceived product vulnerabilities using DREAD and STRIDE. Worked with public security lists and forums (whitehats and blackhats) to uncover perceived and possible product vulnerabilities and compatibility issues. Created online browser security test which defeated most antivirus and antispyware products.Responsible for all internal and hosted IT/Ops issues including network and system security and multiple OS and server applications.

Call Center/ACD software development company. Built development environment, internal IT systems, firewalls and security. Worked with Microsoft to develop Call Center environment using Live Communciations Servers and Microsoft-CRM. Integrated Meridian switches via Symposium, Cisco Call Center, AT&T PBXs to contact center applications which provided presence through IM, Web Chat, VOIP/SIP, and email. Also provided remote support for ACD products at Microsoft, American Airlines, and other companies.

Founded SaaS company to provide external application integration using an online transaction engine and SQLserver gateways as XML connectors. Used Enhydra JMS hub for business logic and Jabber IM for machine communication. Provided personal funding, brought together partners. Company pivoted to providing integration (XML/EDI for payor/payee transactions), development and hosting for Physician front office applications. Environments met HIPAA requirements.

Designed and built infrastructure for the first ASP/SaaS company. Hosted ERP, CRM and PDM integrated via SOA in single-tenant environments and multi-tenant storage and networks. Managed systems engineering group (Servers, Storage, Network, Security) with up to 20 direct reports of managers and individual contributors. Guided technical enforcements of SAS-70 level 2 certification. JDEdwards CNC certified.

(Was Pioneer-Standard, renamed to Agilysys in 2003)Systems and Network Engineer. Designed and installed clusters and networks for large customers. Original E-Trade trading system infrastructure, original McAfee ASP networks and servers, clusters for Dresner Bank RCM Global Investors, systems and firewalls for BofA, Wells Fargo/Nikko Investments, Intel, AMD, and National Semiconductor. Implemented Corporate Internet feeds, firewalls and ISP peering for multiple customers. Designed and implemented Cisco LAN and WAN networks. Implemented Token Ring networks for Firemans Fund, Levi Strauss, The Gap, Clorox, and VISA. Employed here from 1989-1995, and recruited back from 1997-1999.HP certified, Cisco CNP certified, Microsoft MCP certified, Telco Systems certified

Managed a UNIX/Windows server environment with Cisco, firewalls, Webservers, security analysis, NTexploits list, and published NT vs UNIX security whitepaper. Ran OSF/1 Unix on IBM-VM on a G4 mainframe, modernized networks, modernized storage. Integrated NIS+ and Active Directory via kerberos.Solaris certified, Microsoft certified.

(Was GTE Government Systems, acquired in 1999 by General Dynamics)Network and Systems Engineer. Maintained server hardware and UNIX systems for strategic (Intel/DoD Agencies) and tactical (Military) federal government customers in high security signal collection environments. UNIX certified (Microsoft Xenix), Network certified (TCP/IP & DECnet)

Repeatedly setup/packed up/maintained Sun/DEC servers and networks in a large mobile datacenter and disaster recovery unit supporting Federal Agencies. Prevented network vulnerabilities (fiber Ethernet, meteor burst, line of sight radio, satellite, mux, channel bank) in fixed and mobile Secure Compartmented Information Facilities (SCIFs). Maintained crypto (VPN/Firewall/Secure Phone) equipment, key generators, and issued codes. Served in 2nd Infantry Division, Camp Casey, Korea. ROK Ranger trained. Maintained Crypto gear in DMZ and 2nd I.D. HQ.COMSEC certified, Crypto certified, Network certified (Fiber Optic Ethernet, TCP/IP, Telco), TS-SBI/SCI