1) Manage Application Penetration Tests- Having been a pentester for two years, I understand what is required for an effective penetration test. I also apply Threat Modeling to identify known gaps in our products and hot spots in code so that pentesters can hit the ground running.- I lean into the business risk side of testing. Using a risk framework, findings are categorized and prioritized to ensure that outstanding risks to the business are kept to an absolute minimum.- Post-patch validation testing and knowledge of advanced bypass techniques help to ensure that fixes are sound before asking for a retest.2) Threat Modeling- Product-team driven threat modeling is the ideal yet difficult to implement in resource-constrained environments.- To counter act this, I developed an AI tool that parses internal documentation and API docs to identify and synthesize threats.- While not perfect by any means, it got us 80% of the way there while only requiring a tenth of the effort. This allowed us to scale and iterate quickly to identify heavy-hitting latent risks that were previously unidentified.3) Automating Data Streams- Created a CVE parsing tool that processes CVE data feeds with AI to determine applicable software and versions because CVE metadata is largely unstructured and notoriously inconsistent.- The output of this tool can be cross-referenced with SBOMs and asset inventories to determine CVE applicability and apply automated triaging where appropriate.- Parsing code repos and identity source of truth data to determine who owns specific pieces of code to assist with triaging vulnerabilities

I provide security consultation services to some of the most prominent companies on the planet. Consultation responsibilities include:- Conducting code reviews and analyzing code both from a static (SAST) and dynamic (DAST) perspective- Performing application penetration tests and uncovering hard to find business-logic type vulnerabilities, including cross-service trust issues- Reviewing cloud architectures (AWS and GCP) to ensure a security-first design- Perform testing on network-connected devices, ranging from IoT to security products, to ensure security gaps are not present- Conduct internal and external network penetration testing to identify weaknesses in the perimeter or in internal systems that could lead to domain compromise or loss of business IP- Design and implement automated test cases for identified vulnerabilities so that findings can be routinely tested as part of CI/CD pipelines

• Assess the security of domains, networks, web applications/APIs, mobile applications, and people within organizations, oftentimes as part of FedRAMP or PCI assessments• Research new TTPs and the latest advancements in this field and develop new exploitation tools and frameworks• Develop and deploy unique phishing campaigns• Prepare reports and presentations at different technical levels in order to effectively communicate the business risk associated with identified vulnerabilities in people, processes, and technologies

Security Engineering responsibilities at SemanticBits include Penetration Testing, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Vulnerability Assessment/Scanning, Malicious Software Analysis, Cloud Security, and DevOps Security. I was responsible for owning the security posture of entire programs that were in pursuit of FedRAMP and HIPAA compliance.Utilizing a thorough understanding of the OWASP Top Ten and the CWE Top 25, I exploit and then help remediate application-level vulnerabilities. Higher-level programming languages, such as python, are regularly used to automate and streamline the Security Engineering process, especially in the Cloud.

At Northrop Grumman, I provide oversight for the day-to-day cyber security operations on a global network. I maintain Information Assurance-related documentation and ensure the system maintains compliance to applicable Risk-Managed controls (NIST 800-53). I coordinate incident response activities and collect and disseminate cyber threat intelligence to ensure the network is protected against the latest threats.

At Northrop Grumman, I am responsible for assessing, testing, and implementing secure systems. As part of the information security team, I am responsible for establishing and maintaining a security posture that is Risk-Management Framework (RMF) compliant.Daily tasks include vulnerability research and assessment to determine operational impacts, developing patches to different operating systems, developing scripts, maintaining RMF documentation, setting up test environments for security testing, and working with system administrators to secure systems.

At Northrop Grumman, I provide Systems Engineering leadership for a range of Cyber Security and Software driven projects. Daily tasks include synthesizing customer contractual needs and requirements into system requirements and providing solutions that meet customer expectations as well as the technical, schedule, and cost constraints of the program. Activities include developing and directing the preparation and execution of comprehensive plans, procedures and schedules for completing systems; reviewing and evaluating system and software requirements to insure completeness; performing technical analysis of complete systems and preparing comprehensive system level evaluations; supporting testing analysis and verification of products and services in development or delivered; and participating in team efforts for special projects identified by management.

Provide engineering review and analysis of ground-support pressure vessels and systems that are critical to the successful launch of space vehicles under the CSSC II Contract.I carry out ASME Section VIII Division 1, Division 2, and FFS calculations to confirm compliance to ASME, API, and NBIC codes. These calculations involve stress analysis, relief valve sizing, and fatigue life determination.

HVAC and Mechanical Systems Designer

Conduct Mechanical Engineering Research in the areas of Creep Modeling and Mechanical Test Frame Design.Developed a reduced-order Kachanov-Rabotnov creep model that would reduce the computational resources necessary to simulate creep.Developed a novel method for determining material constants for the Norton-Bailey creep model using statistics.