Our mission:1- Help organizations build, ship, and operate secure products.2- Help aspiring security engineers gain the skills and experience they need to build a thriving career.

Responsible for all aspects of the secure product delivery strategy for Affirm and its international subsidiaries.

Responsible for the security of products that deliver digital content to ~221M streaming customers of well known brands including, Disney+, ESPN, Marvel, National Geographic, 20th Century Studios, and ABC News. • Program Leadership: Designed the strategy, built teams, and launched security architecture, threat modeling, static analysis, dynamic analysis, penetration testing, and mobile application security testing services in support of a portfolio of over 1,500 applications. Led and mentored product security managers and service leads. Delivered a launch readiness program that brought visibility to product risks.• Program Scaling: Delivered a risk-based penetration testing program capable of completing 100+ penetration tests per year. The program proved scalability by delivering 40 penetration tests within a 6 week period.• Disney+ APAC Launch: Took ownership of the highly visible Disney+ APAC product launch due to poor ownership and cross-segment collaboration. I coordinated the efforts of multiple Disney segment security teams to a successful and secure launch of Disney+ APAC under a significantly expedited schedule. This project was a critical part of Disney’s efforts to increase revenue to offset COVID-19 theme park and sporting event closures.

Built and led the information security program in preparation for the launch of Amazon’s autonomous drone delivery service. Responsible for the security of the embedded on-vehicle systems responsible for flight and navigation, the cloud-based routing and logistics systems, and the regulatory security compliance program supporting aircraft and operations certification.• Embedded Security: Responsible for the security of Prime Air’s custom UAV (drone) platform. Worked closely with the software and hardware engineering teams to define and execute a strategy for securing the proprietary drone flight controller, avionic sensors, compute units, routing, and safety systems. Published a threat model which enumerated assets, threats, and mitigation requirements.• AI Security: Led initiatives to secure Prime Air’s use of AI for drone delivery. This included securing data collection, storage, labeling, and retention. • Product Security Leadership: Led efforts to secure Prime Air’s unified traffic management (UTM) system. This included route planning, command and control, and flight simulation systems. • IP and Privacy Protection: Led initiatives to protect Prime Air intellectual property. Provided mechanisms and training to allow safe travel to countries with elevated threats. Led training sessions for new hires to provide insight into the unique privacy concerns of the program. This drove awareness and greater partnership.• Solution Engineering: Launched a solution to provide identity and ephemeral authentication tokens to drones. This resolved a vulnerability that required long-lived credentials to be stored on the drone.

Led product security for AWS service offerings and AWS vendor security. Responsible for recruiting, team development, and executive risk communication.• Executive Communication: Drove risk decisions with AWS service VPs to ensure AWS services launched securely. Prepared and presented risk and incident briefing materials to the CEO and CISO of AWS.• AWS Nitro Launch: Led a cross-functional team in the secure delivery of AWS Nitro, an AWS compute offering built on a re-designed virtualization framework including hypervisor, custom-built ASIC hardware, and supporting services.• AWS Service Delivery: Led the secure delivery of products for AWS Compute, EBS, ECS, IoT, Macie, GuardDuty, Amazon Game Studios/Lumberyard, and the internal system that was the model for AWS Security Token Services.• Team Building: Strong track record for building and growing high performing teams of top tier talent. I led recruiting for 5 Amazon security teams. I reviewed thousands of resumes, interviewed ~150 candidates, and became an expert in Amazon’s methodology for recruiting and leading top tier talent. • Automation and Scaling: Led automation efforts that scaled team workload distribution and security approvals resulting in improved visibility and reduced wait times for customers.• Vendor Security: Took ownership of the AWS vendor security team and program. My team managed risks associated with key vendors that supported the AWS sales, marketing, and re:Invent planning teams.

Responsible for all aspects of Caliber’s technical services division.• Product Delivery: Led cross-functional team in the development and launch of a vulnerability management as a service product serving the SMB market. • Service Delivery: Led a global, cross-functional team in the delivery of penetration testing, red team, and application security consulting services. Re-vamped penetration testing and reporting methodology using Caliber’s GRC Select product to provide full visibility into scope and test results.•Business Development: Accelerated revenue growth by developing strategic relationships with client base.

• Responsible for all aspects of the application security program that satisfied a key requirement to secure a $1.2B contract with the US Federal Government. Responsible for designing and implementing the strategy for Concur’s corporate and consumer offerings. Reported to the CISO.​​• Developed Concur’s application security architecture based on the OWASP ASVS and ISO 27034 standards. This resulted in greater trust from Concur customers, which led to shorter pre-sales cycles, better customer retention, lower cost per transaction, and faster time to revenue. It also supported Concur’s ISO 27001 certification strategy.• Introduced organizational change that moved Concur’s application security program from a reactive, compliance-based approach to a collaborative, engineering approach that feeds actionable issues to developers for faster remediation time.

• Developed and implemented the application security program for a portfolio of approximately 350 applications. In this role I provided processes, tools, and consultation to assist development teams in the creation of secure applications. I also helped to provide executive reporting and metrics, which significantly raised visibility and began a culture shift toward accountability in the development lifecycle.• Developed and published secure development and security testing standards for in-house development teams as well as volunteer contributors from the community.• Responsible for recruiting, training and managing a small team of interns and volunteers to assist in the achievement of team initiatives.• Supported compliance initiatives through risk assessments and security testing. Helped project teams understand compliance needs and coordinate with available resources. Assisted project teams with compliance requirements dealing with PCI, ISO 27000, and international privacy regulations.• Performed high value penetration tests and vulnerability assessments to validate security requirements and further understand business risks. • Developed and delivered security training in the subject areas of secure development and security testing to audiences consisting of technical contributors and project managers. This created security subject matter experts within strategically selected teams. • Provided security consulting and testing in support of the global implementation of the Church’s PeopleSoft system. This included PeopleSoft HR and Finance systems.

• Responsible for the design and implementation of Consonus’ cloud backup (SaaS) and storage on demand (IaaS) products. Engineered, implemented and maintained a secure, multi-tenant storage and remote backup cloud service. • Served as a network and firewall administrator in an ISP-class network environment • Responsible for vulnerability management, SIEM and incident response.• Lead the system engineering team in the achievement of SAS70 type II certification. In this project, I was responsible for developing and implementing the policies, standards and procedures necessary to meet control objectives. • Responsible for the administration and optimization of high-availability SQL server clusters • Assisted in the adoption of ITIL framework best practices. • Served as senior systems engineer on the Consonus change control board.

Managed systems security and administration in a cross-platform network supporting critical research and manufacturing systems. Responsible for the security and availability of IT systems and corporate information.