Lead a BI & Reporting team for EDG Security providing Business Intelligence & Reporting for Microsoft’s Executive LT e.g. IRMC and Azure’s Security Fundamentals. These reports are used in a monthly review fashion with senior and executive management. Scope for the team increased and led efforts for operating and maintaining S360 data pipelines to provide prescription instructions for service owners to get to green across various security metrics. These pipelines transform raw data into consumable instructions. The result was raising the security baseline by 70% across ~2K services for the company. These pipelines have been transferred to our data platform team. Participated in a V-Team to create and implement Objective and Key Results (OKRs). These OKRs are higher level metrics for driving the business than traditional security metrics. The OKRs allowed for semester planning across EDG Security and allowed teams to dock and prioritize known work. Led efforts for special projects:CritSec Tool: is a new approach to visualize security posture by service criticality. This tool provides an aggregate view of many security metrics by service and stacked against service criticality. In addition, it tracks security posture progress and regression over time. This allows for teams to spot where to prioritize or spot regression on a daily basis. Transience predictions: Led a machine learning projects to predict assets that will have a very short lifespan (1hr - 48hr) and provide breakout reports and slicers for reports to delineate durable vs transient assets. This view incredibly important for understanding security posture in modern services highly elastic environments. Work in this area is progressing and has been presented in Microsoft wide forums.

Conceptualized and implemented a new security data reporting experience for Windows Devices Group (WDG) | Cosine, Devices, Gaming (CDG). These security-based scorecards and reports were built to dynamically calculate key security metrics for ~1700 internal Microsoft services, representing ~$35B in Microsoft revenue. These reports were utilized by senior management and ultimately in IRMC executive leadership. Drove programs and efforts to instill a data first culture across EDG Security. These efforts not only provided cross pollination of knowledge around data but also found duplicative efforts for teams to leverage work already done. Additionally, conversations around business data challenges offered better solutions by soliciting diverse perspectives from inclusive forums. Performed the role as an interim reporting lead for a team of five. During this time led efforts to drive scorecard production efficiencies and assist in creating and end to end security V-Team. This led to drive prescriptive actions into S360 for service owners to know what do to get to green. Additionally, led efforts for capturing incidents and driving tickets to appropriate CDGS teams for resolution. Led the reporting team to adopt SCRUM and Agile methodologies for work planning and prioritization. Effort resulted in ~75% increase in work throughput and provided increased insight and alignment to EDGS goals.

Developed and implemented Measure Definition Framework (MDF) which greatly enhanced data completeness and data hygiene for Universal Store (UST). This framework was the underpinning of establishing good UST's Service Engineering and Technical Operation's key metrics for data driven business decision making. Prototyped a new Power BI report for determining internal Azure resource spend for Universal Store. This prototype provided transparency to over 800 internal servicers and resulted in a reduction in Azure spend of $20M and prevented an additional $25M in Azure spend in FY20. Additionally, this prevented a 30% projected UST Azure budget overrun and allowed UST to land within 1% of the Azure budget. Ultimately this prototype became integrated into Microsoft's S360 and is now scaled Microsoft wide.Worked with Governance Risk and Compliance to provide various Power BI reports for UST's teams and services to gain compliance. These reports were used for PCI, SOX, and Security based metrics. Launched the first Microsoft internal Power BI users group called Chillaxin w' Data. This group started in Universal Store and was expanded to include parts of Windows and Devices Group (WDG). This group was recognized by the Power BI PM group and replicated across Microsoft. This resulted in fast tracking literally hundreds of reporting projects by allowing PMs and Devs to share learning in real time.

Established a Security Development Life-cycle and a Security Champs program to ensure secure coding practices. This included working with various service teams to document and attest to company and industry standards. Additionally, devised a questionnaire and workflow in determining which development features should have a security review prior to code release to production. Completed a data mapping project on a global billing system for Microsoft Commerce. This included classifying 3+ million attributes across hundreds of SQL databases. This mapping provided key documentation for achieving PCI Certification and SOX Compliance. Spearheaded a large encryption project to revamp the encryption of customer data across Microsoft Commerce. This included mapping website/API endpoints creating a gap analysis of existing encryption and desired encryption states. Worked with six large service teams on creating plans to remediate and verified fix after releasing to production. Worked on policy and procedures documents involving SDL and champs program.Participated achieving PCI certification for Commerce Platform.Played a role in an internal Microsoft audit of the Commerce Platform. Created remediation plans for audit findings and oversaw the plans to remediation.

Acted as the primary fraud investigator Microsoft's online cloud services Azure and Office 365. Daily duties included investigating account signups, security incidents and credit card charge backs for fraud. Maintained a robust set of metrics measuring the success of investigative activities such as fraud rate, charge back rate and mean time to decision. Worked on several large high profile incidents to attribution. Tracked global fraud rings and provided key insights into the rings' modus operandi and provided key detection patterns to decision scientists for integration into a real-time decisioning engine. Devised new detection methods for identifying fraud. These included using a behavioral alerting system, Alphabet Entropy and integrated botnet information into the manual review fraud tool. Each method had significant impact on reducing the underlying fraud rate and reduced detection time.

Primary responsibility was developing a new information security program from scratch. This included substantial documentation such as creating policies, proceedures, information secuirty training program and reporting to senior management, board of directors and external regulatory agencies such as Federal Reserve Board (FRB), FDIC and Washington State Deparment of Fincancial Institutions. Policy development included Information Secuirty , Computer Incident Response , Employee Acceptable Use, Change Management and GLBA/Privacy. Worked with each department including IT during creation of policies. Gained senior management sponsorship and board of diector acceptance.Created a complete Information Security training program. Trained bank employees on detecting phishing attempts, social engineering and bank robbery procedures. Major projects included designing, purchasing and installing a state of the art intrusion detection system (host and network) and SEIM appliance. Solution included the installation and configuration of Cisco Monitoring Analysis and Response System (CS-MARS), Cisco Security Agent (CSA) and Cisco IDS/IPS 4240s. Major reponsibility of installing, configuring and tuning detections systems over long period of time. Daily duties included monitoring intrusion detection events, investigating incidents and fraud attempts and reporting to management. Investigated a major and sustained phishing campaign over two months against the bank. Devised special countermeasures to deter phishing attempts. Losses were limited to less than $10,000. Investigated worked with the FBI on a wire fraud incident that was tied to a series of incidents across multiple institutions nation wide. Provided pivotal information to the FBI that contributed to the identification of the suspects.