Director for a (growing) 12 person team of cloud security thought leaders. We support OCI product security and the portfolio of 200+ cloud services, enabling OCI's 15,000+ developers to achieve strategic business and security goals.This team owns multiple shift left initiatives and defines security correctness for unique use cases and major architectural initiatives. We bring together expert breakers, builders, architects, and consultants to provide agility and security excellence to OCI. We define cloud security success for OCI's major strategic initiatives, and later we validate that success. We take the lessons we learn and apply them at scale by paving new paths and sharing knowledge with our peers throughout both Oracle and the public security community.We support each other through our team culture, which is deeply committed to collaboration, peer support, transparent communication, professional growth, and a people-first philosophy.

Chief of Staff for Oracle Cloud Security group. The group delivers threat management, threat intelligence, detection & monitoring, incident response, vulnerability management, trust & safety, and offensive security capabilities that protect Oracle's cloud products. My role supporting the group includes developing strategic plans, coordinating new initiatives, recruiting, metric development, new program development, budget oversight, and supporting senior leadership delivering on security strategy.I provide all-up execution ownership across a variety of security programs that identify, detect, and respond to information security threats to or involving Oracle's cloud platforms. I work directly with leaders and architects to develop roadmaps and deliver on strategic objectives to improve Oracle's security and deliver new products to internal and external customers. I work with senior leadership to deliver proposals, analysis, and presentations up to the EVP and board level. I work directly with expert engineers to define, design, and plan security control enhancements. I develop new programs to deliver meaningful security metrics and enable data-driven decision making.

Green fields project to build Oracle Cloud Infrastructure's first internal ethical hacking team to conduct advanced vulnerability discovery and red team operations.In 18 months, this team built exceptional cross-organizational trust and fostered a healthy team culture. This team consistently drives security innovation across Oracle cloud.

Sr. Technical Program Manager - Security Architecture Oracle Cloud Infrastructure.In this role I defined new initiatives and programs leading to significant expansion of several security teams which later played a critical role in opening new markets to OCI. I developed new processes, adding efficiency to existing programs and facilitating exponential delivery of services from linear staffing growth. * owner for standards development (development, operations, etc)* owner for security architecture consulting engagement to internal service teams * major content contributor to several improvement and regulatory compliance initiatives (IR, SIEM, SBOM; FedRamp, PCI)* owner of coordination for all 3rd party penetration testing and internal pre-GA product security testing activities across OCI's product suite ($10M+ annual budget + 3 ICs)

SecureOne / NFC Data was an interesting startup. I was the leader of a team of 18 engineers working together to deliver on the security goals for an innovative app-enabled consumer payment card product. In my role as architect, I provided valuable thought leadership adding multiple cost-saving efficiencies and security enhancements to the overall product design. My teams reliably delivered well-tested, high-quality solutions on time and within budget.I represented the company in multiple interactions with partners, customers, and vendors, building lasting and fruitful relationships that facilitated business growth. Responsibilities summary:* Lead and manage all compliance, security, and risk efforts; to include:--- Product security architecture--- Policy and procedure development--- Data management planning--- Regulatory compliance activities* Recruit and Manage development and engineering teams serving operations and development.* Provide technical leadership for engineering and operations teams* Manage remote development teams

At Grid Subject Matter Experts LLC, I was engaged in a consulting role solving interesting risk management problems in critical infrastructure, throughout multiple aspects of the energy industry. This was an interesting opportunity to provide solutions integrating physical and logical security under tight budgetary constraints. In compliance engagements, I regularly exerted influence without authority to achieve political consensus supporting the technology and business goals of utility clients. I engaged directly with customers, and creatively delivered solutions to solve complex security problems. I enjoyed the opportunity to help customers achieve their risk management goals through redesigning networks, modifying or adding security controls, and streamlining policy to add visibility and efficiency while reducing compliance footprint. I demonstrated the ability to rapidly ramp-up knowledge of customers' complex environments and processes, provide detailed recommendations, and increase overall customer satisfaction. Responsibilities Summary:* Risk Management--- Design end-to end information security solutions for utilities to facilitate FERC/NERC compliance--- Lead development of information Security policy and procedures--- Manage implementation of security tools and processes* Advisory services--- Provide consulting services to a variety of organizations serving the energy industry------ Start-up's in the renewables space------ Automation product vendors------ Security product vendors selling to energy customers

While at Nebula I developed and implemented the company's security program. I set the company's security-related goals and priorities, participated heavily in recruitment across all technical teams, led the security group's day-to-day activities, lead the technical development and implementation of several aspects of the product, and served as a conduit between stakeholders from senior management to developers and customers.* Owned all aspects of product security from design and development through EOL* Employee #9 at a well-funded start-up ("many many hats")* Recruited and managed a world-class team of cloud security experts* Delivered industry-impacting innovations in cloud security

Over my 6 years working full time with NASA, I preformed a variety of roles related to protecting the agency's information resources from sophisticated threats, primarily focused on APT defense.My initial engagement at NASA was focused on security modernization and data loss prevention research, executed through a public / private partnership with several major DLP startups that would evolve to become the current industry leaders. My work with this technology led to security-relevant findings that resulted in my reassignment to an operations team working on counter intelligence and network defense initiatives. While serving in this role, I received formal written acknowledgment for outstanding contribution from 4 US government agencies or departments, and 3 members of NASA's senior management.After 2 years as NASA's agency-level senior incident handler, I was tapped to lead the design and implementation of NASA's first dedicated 24/7 Security Operations Center (SOC). The mission, awarded to Ames Research Center by NASA HQ, was to protect and monitor all of NASA's network infrastructure. The task covered a diverse infrastructure consisting of greater than 40 Class-B networks connecting hundreds of thousands of nodes, spread across 16+ physical locations and involving hundreds of connections to external, special, or public networks.I functioned as the security information architect and a lead technical manager for the NASA SOC for 2 years. The project was completed within budget, on schedule, and exemplified a highly sophisticated, efficient, world-class information security capability. I preformed a wide variety of advisory, management, and technical capacities through the project's planning, implementation, operation, and first upgrade cycle.When I left NASA, I was approached by several former colleagues from NASA's cloud initiative to participate in an exciting new company that became Nebula Inc.

Assorted retainer and consulting contracts to provide unix and network security SME services to several professional services companies.Independent consulting spanning a variety of areas* Security posture assessment* Penetration testing* Information security technology implementation design, planning, & execution* Technology project planningSubcontracted through several professional services companies, including:* Manpower Professional* Wisconsin Health Information Network* Interactive Business Systems

* Led a team of 4 unix engineers / developers* 4 month mission critical project to achieve business readiness with an inflexible deadline* Rapidly developed and delivered Y2k + security patching solution for ~1,100 business critical Solaris servers with a wide variety of platforms and versions* Delivered 100% completion ahead of schedule and on budget

United States Gypsum Corp (NYSE:USG) is a global manufacturer of raw building materials with (in 1998) 13,000 employees, $3B in annual sales, and operations in 30+ countries. This role involved shared responsibility over operations and security of global fleet of solaris servers and supporting data networks.* Developed VPN strategy for world's largest manufacturer of building materials, saving $15M+ annually in telco leased line costs the first year* Drove automation project to improve system configuration and patching for 1000+ Solaris systems* Contributed to technology standards programs* Contributed to security standards programs* Participated heavily in strategic planning with technology decision makers