Partner with the leadership of MindBody + ClassPass Product Development teams to drive security initiatives to improve security posture. Accomplishments and responsibilities include: • Developing an international team of high performing security engineers.• Owning the Secure Software Development Lifecycle (SSDLC) • Oversees security automation testing and vulnerability management (SAST, DAST, SCA, CNAPP)• Initiated Bug Bounty Program • Manage internal penetration testing (pentest) team• Initiated the Security Partnership process to effectively work with product and engineering teams to include non-engineering teams (security, GRC, Privacy, legal, procurement) to improve communications, reduce delivery time, and to determine project risk and security posture.• Initiated the Security Champions Program

Product Security Program Manager and Security Architect. Responsibilities include application security, compliance, and privacy. Collaborates with application architects, IT, and business leaders to ensure investments are secure, compliant and meet corporate risk objectives. • Planned, led, and implemented the security of “DevSecOps” across the enterprise. Responsible for architecting and delivering an automated and scalable Security Product for the Enterprise.• Focus on applications, compliance, and privacy. He collaborates with solution architects, IT, and business leaders to ensure investments are secure, compliant, and meet corporate risk objectives.• Managed SAST, DAST, SCA security automation tools.• Completes Threat Modeling and Risk Analysis (DREAD and Residual Risk) as required. • Deep security knowledge with AWS, Snowflake, Apigee, PayPal’s Braintree, Databricks, and Veracode, Akamai Neosec API Security• Well versed in OAuth, OWASP, API security, secrets and certificate management• Experience working with Data Privacy (CCPA, GDPR), PCI compliance, RSA Archer, Qualys, Kenna, Burp Suite

Application Security Program Manager – Reporting to KAR CISO, enterprise initiative to introduce, influence and mature the Application Security program across KAR. Introduced “Security as a Service”, whereby Information Security provides consumable services to DevOps teams to inject security and compliance into DevOps teams, at scale, across the enterprise, regardless of languages, platforms, or methodologies (aka DevSecOps). • Primary Information Security liaison to product teams across the Enterprise.• Utilize Veracode SaaS platform for SAST, DAST, SCA analysis across 6 business units, 23 business lines, 45+ dev teams, 450+ applications, 350+ developers.• Leverage Veracode platform to automate integration with DevOps tools and processes.• Developed secure coding guides of common attack vectors for development teams to implement, when scans and pen tests uncover them. • Provided tools, education and reporting to drive Application Security remediation and compliance (GreenLight, KnowBe4, Veracode).• Write Selenium scripts for DAST.• Work with IAM and development teams to implement most appropriate Auth and SSO solution for both customer and employee applications (Okta).• Assist with annual penetration tests and GRC activities.Cloud Security Assurance – Leverage tools at scale to determine security of AWS Accounts, provide DevOps teams feedback based on standards. • Implemented automated, monthly, compliance and configuration scans for every AWS Account across KAR. Developed security standards and provided DevOps teams with feedback on identified vulnerabilities and provided information on how to remediate (ScoutSuite, Prowler, Python).• Work with development teams to understand identified vulnerabilities, provide solutions, approve mitigation and track issues to completion.• Work with teams to understand results of vulnerability scans (Rapid7 InsightVM, Nexpose). • Assist to improve the enterprise security ratings for KAR (BitSight).

A team member of the Enterprise Architecture Group. With a focus on Enterprise Integration Architecture and development of strategies and roadmaps.Raised KAR's enterprise security posture by leading the annual security audit, which included a first-time PII assessment. Additionally, initiated security architecture standards and published a compliance dashboard for services across KAR. Initiated and continue to lead the KAR Solution Architecture Forum. Its intended purpose is to communicate knowledge and standards to solution architects across KAR companies. Since 3/2015, I have accepted the additional responsibility of leading and managing the company's Integration Center of Excellence (COE) practice, an enterprise-wide competency center dedicated to delivering integration solutions and advancing the Integration Vision.Additional accomplishments:Initiated and led the implementation of an enterprise workload automation tool. I not only introduced a new technology, but also included processes that resulted in an Enterprise Service Offering which centralized development, support and operations.Lead Enterprise Architect on KAR's Integration middleware platform and application upgrade which impacted nearly every integration across KAR. Role required a balance of technical, tactical, and visionary leadership to successfully complete its implementation.

Technical Lead special projects, Team Lead for all customer WebSites. Position requires working with business areas / BA's / Architecture team / developers / among others. Strong leadership skills needed to develop and implement processes.

e-commerce b2c website. Ensure site availablility and coding functionality to support marketing initiatives.

2 month contract positon working on an online banking application