Founding co-chair of revived PKI policy working group composed of experts across the company tasked with enshrining sound principle into corporate security engineering requirements. I engage with product teams across the company--from Azure to Xbox--to assess and align PKI and cryptographic key management practices to internal security standards developed by the working group.

Served concurrent short-term engagement as a Microsoft Consulting Services subcontractor to a "Big 4" client. Provided remote expertise in the migration of two enterprise Certificate Authorities to new hosts; re-designed CRL distribution strategy via load-balanced web CDP repositories. Prepared PKI Disaster Preparedness & Recovery plan.

Provided practical consultation for financial services institution in the formalization of Cryptographic Key Management standards, workflows, and hardware module selection in alignment with NIST FIPS 140-2 guidelines. Lead consultant on Public Key Infrastructure (PKI) initiative—designed and built a dual-HSM-backed two-tier PKI composed of an offline root and four enterprise certificate authorities distributed across two AD forests. Authored, executed, and documented all aspects of building and managing enterprise file-level, application, and database encryption solution. Adapted and incorporated best practices from DoD in the development of the organization's first operational workflows around the handling of sensitive physical assets to accommodate a variety of business applications (e.g, offline PKI artifacts, Cryptographic Tokens, unsecured hard drives, etc).

Performed contract services as Information Security Architect for health care organization in support of PKI SHA-2 migration project. - Planned, coordinated, and executed Root Key Ceremony- Installed and configured Active Directory Certificate Services (Win Server 2012).- Designed, installed, and configured SafeNet Luna SA and G5 Hardware Security Modules (HSM).- Planned, Designed, and implemented Certificate Authority backup strategy for Root CA.- Reviewed PKI Key Management design against NIST SP 800-57 standard.- Reviewed Certificate Policy (CP) and Certificate Practice Statements (CPS) against RFC 3647.- Helped define roles & responsibilities in accordance with Common Criteria role separation.- Authored Hardware Security Module (HSM) physical token management workflows. - Drafted high-level enterprise migration strategy to phase-out SHA-1 signed certificates.

Drafted organization's key management process in accordance with NIST SP 800-57 standard. Planned, developed, and implemented client-side certificate provisioning and management for mobile devices. Led the development, planning, implementation, and documentation of two factor authentication infrastructure and user provisioning process. Responsible for global SSL/TLS certificate consolidation strategy and continued certificate administration. Led international team of engineers through deployment of best-in-class endpoint security solution to over 20,000 endpoints across three continents. Authored over 60 operational guides and procedure documents as part of the Security Team's internal process management overhaul.Offered threat analysis and coordinated incident response between multiple teams. Stayed fluent on cyber security developments through open source research. Partnered with technical project leads, and provided general security expertise and consultation in support of sound operational practice.* Responsible for the creation and testing of software patch designed to secure critical vulnerability later disclosed by third party at DEFCON 23 (2015).

On deployment, trained and mentored a team of four technicians in support of a full-spectrum communications Network Control Center in a fast-paced, high-volume operations environment. Performed Active Directory and Exchange account creation for over 2,000 users. Assigned users to Group Policy Object (GPO) groups. Led Tier 2 communications team which handled over 25,000 customer support issues; resolved over 20,000 on first contact, and personally fielded over 1,700 client support requests, saving back shops over 228 hours. Enforced physical security measures and managed an inventory of $73,000 in IT assets.

Provided cryptographic support to the 39th Air Base Group, OPERATION ENDURING FREEDOM (OEF), IRAQI FREEDOM (OIF) and five geographically separated units in Turkey. Provided cradle-to-grave accountability for over 5,500 Communication Security (COMSEC) aids and 325 Secure Voice encryption keys. Provided guidance and education to COMSEC, Smart Card (FORTEZZA) and Secure Voice Responsible Officers on proper procedures for control and accountability of keying material. Maintained account records and issued COMSEC aids to 77 sub-accounts. Operated the Certificate Authority Workstation (CAW) to create cryptographic Smart Cards. Performed two-person control duties to manage controlled authenticators used to support national objectives as outlined in European Command (EUCOM) and Chairman of the Joint Chiefs of Staff (CJCS) directives.- Executed emergency exercises during Nuclear Surety Inspection (NSI), earned Two-Person Control team "Outstanding team"​ award during NSI Staff Assistance Visit (SAV) and U.S. Air Forces in Europe (USAFE) Inspector General's "Pat on the Back" Award. Efforts key to winning the DISA Defense Message System Local Control Center award for 2002. Swiftly contacted/resupplied eight expeditionary units; ensured integrity of global authentication systems. Contributions helped unit garner the 2002 USAFE Communications and Information team award for Information Assurance.

Provided vital Information Assurance support for the 423d Air Base Squadron, HQ USEUCOM’s Joint Analysis Center (JAC) four multiservice tenant units, and over 30 allied nations. Controlled Communications Security (COMSEC) material to fulfill local, national and international mission requirements. Submitted requests for new material and disposition of material declared in excess to worldwide controlling authorities. Received, processed and issued material received from the National Security Agency (NSA) and other validated sources. Securely transferred material through the Data Transfer Device and the Defense Courier Service. Performed monthly issue, prepared destruction and inventory reports. Accounted for all material to the Director, Cryptologic Support Group. As acting Primary Security Manager, processed security clearances for over 150 individuals requiring background investigation and performing temporary duty. Provided initial and annual training for COMSEC Responsible Officers.