As part of the Google Cloud family, I deliver strategic security services to enterprise leaders and their teams that enable them to assess, and close persistent, critical, and costly gaps in their infrastructure. Our technical security services include (not limited to): ‣ Cloud Security Solutions‣ Security Program Assessment‣ Data Privacy & Protection Assessment‣ Crown Jewels Assessment ‣ Ransomware Defense Assessment‣ Cyber Defense Center Assessment‣ Executive & Technical Tabletops‣ Incident Response Preparedness, Usecase & Playbook Development‣ Red Team Program Development

Served on the consulting team to meet with organizations and provide them with strategic security solutions and intelligence to:• drive efficient and effective security operations• improve cyber risk readiness and resilience• reduce the business impact of a breach

Served on the Public Cloud Security Team (PCS) to design and implement secure cloud solutions for USAA's multicloud enterprise environment (AWS, GCP, Azure): • Build and deliver the new enterprise cloud security assurance program for AWS (Amazon Web Services), GCP (Google Cloud Platform), and Azure (Microsoft). • Design, implement, and socialize the USAA internal Cloud Security Compliance program with AWS Security Assurance Services (SAS): established a RACI covering 24 cloud security domains, and a custom cloud control mapping aligned to industry frameworks (FFIEC, NIST, CSA CCM, CMMC, and Mitre Attack) outlining 70+ control objectives across 40+ AWS services. The program has enabled 30+ cloud security epics (173+ tasks) across 28 different accountable teams – shifting the cloud compliance needle left in our dev cycle. • Leading PCS representation in 2022 enterprise cloud audit collaborating with the cloud governance and cloud infrastructure teams, delivered 10+ tech demos & generated all evidence packages, audit completed with 0 net new issues. • AWS Cloud Audit Academy (201) partner: facilitated the 4-day course with AWS SAS for over 100+ USAA 1st, 2nd, and 3rd line partners. • Validate, automate, and evidence multicloud (AWS, GCP, Azure) security solutions to meet 11 key compliance controls utilizing cloud-native security tooling alongside 3rd Party CI/CD, Infrastructure as Code, and multicloud security solutions; baselined for the following objectives: secure config, identity governance, authentication, RBAC, privileged access mgmt, network security, application security, vulnerability mgmt, malware defense, HIDS, incident response. • Programming languages used: Golang, Python

Served on the 3rd-line IT Security Infrastructure Team conducting technical engagements aligned to FFIEC, NIST CSF, COBIT, and ITIL standards including: • Digital Member IAM (Identity and Access Management) • Mobile Application Security (Code Review) • Network Infrastructure Management (Cloud and Wireless) • IT Availability & Problem Management (Code Review) • IT Asset Mgmt (CI/CD IaC Review) • Data Transfer Governance • Internal Threat ManagementAll technical engagements were delivered within the 90-day SLO with 100% of objectives met for the 2021 OCC Supervisory Letter deadlines.

Served in Bank Business Intelligence & Analytics on the Bank Information Risk Services Team (BIRS), Sensitive Data Mgmt: • Bank IT GRC, Sensitive data, and PCI DSS: Structured and Unstructured PCI, PII remediation of 43 bank databases and 1.5M member data files. • Bank data security advisor for Snowflake Cloud secure data migration, oversight for data and privacy regulations (GDPR, CCPA, GLBA) • Lead bank CMMI audit and delivered a rating score of 3 - raised from the previous year's rating score of 2 • Designed and developed Bank Info Risk internal site and newsletter, additionally trained 2 other teams to create their internal bank GRC sites • Liaison for bank IT, compliance, and business stakeholders; responsible for accurate requirements gathering and advising during bank data projects to ensure data security standards and best practices were implemented with a focus on FFIEC and NIST

Cyber Security Instructor for the NY, NY cohorts. FSA Cyber Curriculum: • Cloud: Amazon Web Services (AWS) • Programming: Python • Security Essentials, Red Team, Blue Team Security Essentials: • Linux CLI, Windows CLI , Security Concepts • Computing, Virtualization, Networking, Services & Protocols, Backup & Recovery, Storage & Databases, Wireless Security • Networking & the Web: HTTP Verbs, REST, Persistence • Data Transmission & Capture • Data Encoding & Cryptography • Project: Building a Modern Enterprise NetworkRed Team: • Ethical Hacking, Offensive Security's PWK • Penetration Testing Methodology, using Kali Linux • Attack Types, Technical Tooling • WebApp: OWASP Top 10, Burp Suite • Red Team ProjectBlue Team: • Defense in Depth • Threat Modeling • System Hardening • Firewalls, IDS, VPNs, Vulnerability Mgmt • Identity And Access Management • Log Hunting & Analysis • Splunk, Wireshark, Snort, Python & Bash Scripting • Incident Response • Blue Team ProjectFinal Project: • Go beyond the course materials by building a project • Working together as a team • Produce written and video artifacts

Served on the Information Security Team: • Lead pentesting engagements for wireless & web app for airport, hospital and clinics, police and fire stations, public schools and libraries, and city hall buildings; created and delivered 13 actionable pentest reports to stakeholders • SDLC QA testing: regression (UFT), load (LoadRunner) • Completed IT Compliance Engagements include 2 rounds each of HIPAA, PCI DSS, CJIS, COPPA • Optimized SAP IdP on-prem to Cloud migration by programmatically tuning over ~1500 accounts and ~200 roles. • Developed, implemented, and administered various IT security and infrastructure systems, programs, and upgrades that increased the overall security posture by increasing workload automation and reducing noise/false-positives: anti-phishing program, AI threat detection system, SIEM platform, vulnerability manager, pentesting lab, and a WAF; automated when possible (Python) • Built 21 monthly security data & metrics reports and created the presentation(s) for CISO and CIO, security presentations were used during city council hearings and leadership briefings. Used data analytics to identify security trends, KRI's, and KPI's • Designed the Security Awareness Campaign strategy and developed & implemented the internal site, raised security training compliance attestation by 45%

Served on the IT Business Services & Security Team: • Program lead for 2 rounds of annual PCI DSS compliance (SAQ-D) projects, 100% completion and 2 formal executive attestations. • Internal infosec (IT Business Projects) consultant providing IT security insight and partnership. Completed 7 key enterprise cloud SaaS & PaaS implementations with 100% SLOs met for financial systems (Hyperion), eCommerce Cloud platform (Salesforce Cloud), HR Benefits system (ADP), Electronic Data Interchange (EDI) system (SPS Commerce), and a Digital Supply Chain system (NGC). • SIEM Analysis & Vulnerability Management for internal infra, eCommerce, and retail stores, remediations up by 30%. Developed and deployed remediation automation scripts (Python). • Enterprise IT Trainer: developed 3 enterprise courses & security awareness content: Security 101, Windows 10, and IT Business Analysis - delivered in-person to 500+ business partners. Lead annual in-person security training for 750+ users at corporate Sales conferences. • Designed, documented, and facilitated the execution of enterprise network security program to meet 100% baseline compliance requirements from 70% prior • IT floor 1st responder, helped save a life in an emergency incident • Hired after a successful Cybersecurity Internship in May 2015

• IT BCIS (Business Computer Info Systems)• MCAT A&P (Anatomy & Physiology)

• A&P I&II (Anatomy & Physiology)