- Manages a team responsible for the organization’s cyber security posture and a team responsible for the efficacy and accuracy of the companies’ software security products.- Follows NIST CSF, SOC 2 Type 2, and CSA CCM for ensuring the security of the organizations SaaS infrastructure.- Develops security roadmaps for continual improvement in the organization’s security posture.- Drives risk mitigation through tracking KPIs across monthly and quarterly initiatives.- Key security initiatives achieved:-- Rolled out multi-factor authentication to the entire organization.-- Built a robust computer security incident response process and plan in coordination withcompany executives.-- Decreased reported phishing incidents by 95% year over year through training andimplementation of phishing prevention systems.-- Implemented companywide vulnerability management program and drove MTTR for criticaland high issues to less than 2 days.-- Drove vulnerability escape rate (VER) to less than 1 per month for all risk levels and closerto zero for critical or high issues.-- Implemented numerous security solutions over the past few years such as SIEM, cloudsecurity posture management (CSPM), Enhanced Detection and Response (EDR), SecureWeb Gateway (SWG), and numerous other homegrown technical controls. -- Revamped company information security policies

- Define and refine product functionality as it relates to rules and security controls.- Develop internal application security program focused on speed, accuracy, consistency, and transparency.- Manage internal and external application security research- Manage junior to director-level staff responsible for all areas of product and research- Outreach such as presenting at conferences, blogging, webinars, etc- Mentor staff

- Bridge product and service offerings.- Determine and define direction for products and services to support.- Manage directors responsible for service or product areas.- Help directors improve products and services including processes, deliverables, and methodologies.- Manage financial targets and goals.- Manage clients and building relationships.- Technical sales support.- Outreach such as presenting at conferences, blogging, webinars, etc- Mentor staff.

Create direction for products and services to support application security concerns of clientsHelp build and evolve current products and servicesManage service leadsRefine and improve services overall including processes, deliverables, and methodologies.Manage financial targets and goalsManage clients and building relationships.Present at numerous conferences focusing on development and security of mobile and IoT.Mentor junior staff.

Evolving current mobile security practice from an assessment, training and remediation services standpoint. Building the IoT practice to either merge with the mobile practice or supplement it.Refining and improving services overall include processes, deliverables, and methodologies.Collaborating and interacting with R&D and Engineering.Managing clients and building relationships.Presenting at numerous conferences focusing on development and security of mobile and IoT.Mentoring junior staff.

• Global Practice Manager, Mobile Application Security Services – Developed service offerings including collateral, intellectual property, and process. Created documentation, training (both hands-on and elearning) as it relates to mobile application security. Mentored and lead employees in performing mobile application security services.• Managing Consultant – Drove and grew business through consultative selling. Managed employees, strategic clients, and mobile application security business line. • Principal Consultant – Performed numerous assessments of web applications and software using penetration testing and code review. Depth of experience identifying vulnerabilities and flaws associated with web applications and web infrastructures. Utilized custom and freeware tools such as WebScarab Proxy, Eclipse IDE, etc. Helped develop detail findings reports documenting detailed vulnerabilities and presenting specific recommendations for fixing the vulnerabilities.• Senior Application Security Architect – Performed an application security architecture design of a very large online money transfer system. Helped integrate custom code and purchased products to incorporate security into the SDLC. Performed many security architecture reviews of current application systems to determine any risks associated with missing or improperly configured controls.

Worked directly with many different clients helping to solve security and privacy issues. I developed Information Security Controls policies to help harden organizations information security posture in the market. I worked directly with clients to implement logging and correlation reporting based on defined security events to provide a more real time reporting structure. I spent an extensive amount of time developing reports based on raw vulnerability data utilizing Perl and Crystal Reports.Ran an extensive project to properly identify over 750,000 IDs. Worked directly with upper management to outline and define requirements and guidelines to develop a concrete project plan. I created scripting processes for performing quarterly employment reviews while providing audit support. I created a training program for training new steady state employees on the ID revalidation processes and procedures.

I specialized in application security vulnerabilities and exploitations. Utilizing WebScarab and Paros proxy, SPI Dynamics WebInspect, and manual scripting techniques I designed and implemented a web application penetration testing program. I developed a process for implementing security checks within the Software Development LifeCycle (SDLC) by utilizing policies, standards, guidelines and best practices tying back to the OWASP Top Ten. I was the go to in providing consulting advice on application security topics and was queried daily be development staff.