Leading the privacy engineering pillar of the new Privacy Engineering Center of Excellence

● Founded and led customer facing privacy practice within AWS Security Assurance Services. Workingwith multinational customers designing repeatable privacy enhancing patterns reducing overall privacyenabling faster globally expansion.● Developed multiple privacy offerings and solutions to educate, assess, and remediate privacymanagement and operations increasing rate of return on investments in privacy.● Developed the AWS Privacy Accelerator Framework used to assess current security and privacyposture and create repeatable privacy enhancing pattern libraries.● Partnered with internal privacy assurance to create the internal AWS privacy framework used byservice terms for privacy compliance to increase customer transparency.● Mentored junior team members, service teams, solution architects, and other Amazon teams onprivacy enhancing technologies and patterns.● Operationalized privacy requirements across laws, directives, regulations, and frameworks to createprivacy best practices reflected in design patterns across a variety of engineering areas includingcontainers, IoT, and big data.● Used the Factor Analysis of Information Risk (FAIR) to develop a quantitative measurement of privacyrisk and privacy risk threat modeling to provide executive a dashboard view of current and historicalprivacy risk.● Experienced AWS solutions architect delivering advisory and hands-on engineering guidance enablingcustomers to develop secure, scalable, and resilient solutions using AWS services and features.● Worked with customers to develop data maps and processes for privacy to increase data managementand understanding.

-Security and privacy consultant to global project teams, including Global Mail, Mobility, and Allianz Virtual Client, on security, privacy, and compliance.-Provided security/privacy guidelines, best practices, and standards for project architectures, implementations, and daily operations.-Responsible for architecture/deployment for Data Loss Prevention program in global data centers.-Responsible for establishing logging standards, cloud security standard for SaaS, IaaS, and PaaS, and creating secure baselines that comply with ISEC, FINRA, HIPAA, COBIT, GLBA, and FedRAMP. -Led the design of security zones, virtualization security, and encryption in data centers based on best practices of Cloud Security Alliance, NIST, and COBIT.-Partnered in defining architectural and operational requirements in anticipation of GDPR go live date and in response to the NYDFS Cybersecurity Regulation.

-Designed and implemented enterprise identity solution compliant with security and privacy requirements.-Design and implemented zero trust network using routing domains to ensure protection for sensitive and personal data. -Designed and implemented secure MPLS-VPN with redundancy across untrusted networks using Dynamic Multipoint VPN. This provided a secure, resilient, full mesh communications link between all sites around the globe.

-Designed and implemented enterprise identity solutions to allow secure access for mobile devices to the corporate network and interacting with sensitive data.-As project lead, charged with replacing the current virtual office solution to reduce overall cost, reduce management overhead, and increase privacy and security.-Created security strategy to protect sensitive and confidential data against ransomware attacks.

-As security lead, evaluated enterprise-wide security controls and developed strategic plan to make the firm compliant with ISO, PCI_DSS, SAS72, and (ISC)2 standards.-As security lead, architected and implemented laptop mobile device encryption to minimize risk of personal and sensitive data exposure. -As security lead, discovered security and privacy risks to confidential data on intranet site and crafted remediation plan to reduce risk for data leakage while maintaining customer usability. -Used industry best practices to develop policies and procedures to secure network segments containing sensitive data.

Configured/maintained Cisco routers and switches across the enterprise. Configured/maintained Cisco 515e Pix Firewall to maximize security without affecting network performance. Maintained Cisco VPN 3000 concentrator for user remote access. Optimized switch, router, and server configurations to eliminate unwanted traffic and increase speed across network. Researched and recommended software/hardware needed to maintain network security. Designed/implemented SSO across multiple server platforms giving users the ability to access any network resource with a single strong password. Conducted security audits and recommended solutions for discovered vulnerabilities

Installed/configured/maintained Cisco routers and switches across multiple sites throughout the US. Reducing the cost of and dependency on third-party consultants. Migrated from third-party hosted firewall to in-house firewall, eliminating monthly fee, reducing overall cost of firewall maintenance, and affording the company greater control over access to its critical resources. Migrated local server storage to a fiber-based SAN allowing greater recoverability, faster data access times, and increased ROI for server and drive purchases. Redesigned LAN/WAN connectivity to segment traffic using VLANS reducing broadcast traffic and localizing server-to-server communications to the network core. Migrated HP hubs and IBM routers to Cisco routers and switches. Planned, coordinated and implemented security measures to safeguard network data against accidental or unauthorized modification, destruction and disclosure. Supervised and coordinated personnel engaged in installing data communication lines and resolving user data communication problems. Designed configuration and supervised installation of various WAN technologies including DSL, T1/DS3, and Frame-relay/ATM. Conducted exhaustive security audits and used collected data to develop company-wide security objectives, policies, and procedures.