- Documented and implemented a Security Champion program that gives application development teams a feedback loop to the Security team to assist with creating security conscious developers that are fixing security vulnerabilities in the coding phase.- Created DevOps Security Architecture standards that align with the Cloud Security and Enterprise Architecture standards.- Collaborated with the Vulnerability Management team to implement automated dependency scanning and static code scanning in code repository.- Security focal for several vendor long term engagements to resolve security roadblocks and to ensure solutions meet security architecture requirements. Worked with NGINX, AWS, and Pivotal.

CISSP, CCSP, GISPHired as Computer Security Specialist responsible for Enterprise Security Tool integration, configuration, and monitoring. Promoted to senior level and Security team lead for Risk Assessment, Cloud Security, and DevOps Security.- Streamlined the Risk Assessment process using the “shift left” philosophy to introduce security requirements earlier in the development process, resulting in a 20% reduction in assessment time. Strategy and implementation plan in place to begin automation of security requirements within the CI/CD pipeline to further reduce time to completion.- Security team lead for Agile PI planning with the Cloud and development teams to implement security integrations for AWS and Azure CI/CD pipelines. Attending PI planning sessions has vastly enhanced the security relationship with dev teams. - Work with Leaders across the business and development units to introduce DevSecOps practices to automate and secure business and development processes. Business has agreed to include 10% security backlog in each sprint.- Integrated Qualys vulnerability and Veracode code scanning into the corp AWS and Azure environments and documented the process for repeatability. Integration allows for automated scanning of the AWS and Azure environments. - Collaborate with System and Integration Test teams to create Security break fix test cases to be used across the organization. Security tests will be executed in all dev/test environments to increase the reliability of the applications.- Created cloud application development best practices and risk assessment process knowledge bases in Service Now.- Established static code scanning policy and procedures. Review and approve all application code scans for the risk assessment process.

CISSP, GISPHired as a System Design and Integration Specialist responsible for working with customers to integrate Jeppesen products into the customer IT environment. Responsibilities increased to include team lead, hosted application installation, communication, and change management.- Professional Services Navigation application suite subject matter expert and POC. Responsible for managing releases, notification, communication, installs, change management, integration, system administration and release tracking.- Responsible for working with customer IT and Security teams to analyze architecture and systems to be integrated with Jeppesen Navigation and Flight Planning products. - Created application agnostic SAML authentication method for customers using Mobile application. Solution has a streamlined integration process and has generated 256k in revenue in the first year.- Integrated Proprietary windows and linux applications into customer environments across an international customer base. Worked with customers on planning, architecture, and troubleshooting. Provided documentation and installation checklists for repeatability.

Hired as a Technical Support Specialist responsible for production application support and was promoted 4 times to Lead job title. Each promotion resulted in increased responsibilities as well as maintaining the production application support role.- Implemented and managed an organizational server consolidation project that reduced the amount of servers that needed to be maintained by 150 servers. The reduction of servers saved the company 3.2 million dollars in future maintenance expenses.- Point of Contact for security related questions and projects within the department. Communicated, monitored, and recorded the monthly Microsoft security patches on department servers. Conducted weekly status meetings and Root Cause Analysis as needed.

Hired as a 401k Financial Specialist and was promoted to the IT Help desk in May 1996. Promoted three times in IT to final position, the final two years were spent as a CIBER Consultant on the Merrill Lynch account due to an outsourcing agreement.