• Technical lead for Google Cloud Platform (GCP) and responsible for cloud security initiatives that automated GCP Project lifecycle, consolidated M&A Google Accounts, and eliminated shadow IT, resulting in the shutdown of 1,459 GCP Projects reducing the attack surface by 28.36%• Project lead for WAF as a Service (WaaS), which empowers engineers to manage AWS WAF rules via infrastructure as code (IaC) in a self-service manner, improving security posture at the edge and reducing WAF costs by 20%. This led to an AWS re:Inforce conference talk on API Security using the Well-Architected framework and how to apply at an Organization at scale. • Frontend engineer and design architect for the Artificial Intelligence Identity and Access Management (AiIAM) web application, which allows engineers to use natural language to construct AWS IAM policies in a self-service manner, following the principle of least privilege. This led to a conference talk at BSidesSF 2024, titled " AiIAM: Transforming the Democratized AWS IAM Architecture with LLMs." • Design architect and contributing developer to an AWS Support Slack Bot initiative that allows incident commanders to engage AWS support natively via Slack. The application creates AWS infrastructure by using a simple Slack command, eliminating AWS hard quotas for onboarded accounts and saves over 600 hours annually during production incidents allowing for quicker mean time to remediate (MTTR).

• Security lead for the identity and access management (IAM) product with the goal to provide granular authorization permissions to DigitalOcean API tokens and the cloud control panel following the principle of least privilege – this was released on schedule to 10k customers in private beta• Developed a scalable GitHub Application, written in Node.js, that served as a secret scanner and identified potential API tokens, database connection strings, private keys, and other secrets in every GitHub Organization repository within an enterprise and notified the pusher via Slack, while creating a security issue to track the vulnerability• Co-authored "Securing your DigitalOcean account," which highlights key actions to take to improve the security of your DigitalOcean account and reduce the risk of an account takeover – article can be found at: https://www.digitalocean.com/blog/securing-your-digitalocean-account• Completed application security and security architecture reviews for customer-facing products, provided guidance to engineering teams on security best practices, and reviewed engineering documents, including, Request for Comments (RFCs), Technical Design Documents (TDD), and architecture drawings

• Security architect responsible for the design and implementation of zero trust security controls using an agent/gateway model, micro-segmentation, and software-defined perimeter, which resulted in a 50% reduction in cybersecurity incidents by improving the security of employee web browsing activity, focusing on web content filtering/malware protection, enhancing network visibility, and effectively reducing the risk of lateral movement• Author and security architect for Network Security Architecture, Bring Your Own Device (BYOD), and Mobile Device Management (MDM) policies to improve the security of Doma's Azure footprint, which followed the Center of Internet Security (CIS) Benchmarks and NIST Cybersecurity Framework (CSF) and was a contributing factor to Doma’s public listing in the New York Stock Exchange (NYSE), while preparing it for SOC 2 Type II certification• Developed Encryption Standards and deployed a hardware security module (HSM) in order to meet strict customer encryption requirements and improved key management practices achieving FIPS 140-2 level 3 compliance• Liaison to Product Security and Software Engineering to promote a secure software development life-cycle and a DevSecOps culture, including, the evaluation and successful integration of security testing technology, such as Static Application Security Testing (SAST), Software Composition Analysis (SCA), Container Security, and Dynamic Application Security Testing (DAST)• Managed strict service level agreement (SLA) for critical, high, and medium vulnerability findings at 10 days, 45 days, and 60 days, respectfully• Regularly measured the maturity of the Product Security/application security program using Open Web Application Security Project (OWASP) Security Assurance Maturity Model (SAMM) and disseminate progress with senior leadership• Completed security architecture reviews, threat modeling activities, and data flow diagrams to identify security risks in application architecture

• Program manager and technical lead for the software, mobile, and application security program where detection and mitigating controls resulted in a 14-day rate of remediation for critical, high, and medium vulnerabilities – preventing cross-site scripting (XSS), SQL injection, and other OWASP top ten vulnerabilities• Responsible for processes, standardization, and automation of the software development lifecycle (SDLC) through the use of security-integrated Continuous Integration / Continuous Deployment (CI/CD) pipelines where testing toll gates reduce security vulnerabilities, technical debt, and produced over $500k in annual cost avoidance• Cloud Security Architect and Subject Matter Expert (SME) for all major efforts involving AWS and digital transformation projects where monolithic and on-premise applications were successfully re-architected using cloud microservices improving redundancy, scalability, and agility – these migrations avoided 5k hours in operational overhead over a year period• Tracked key performance indicators (KPI) and metrics for senior and executive leadership to ensure critical, high, and medium-level severities are mitigated in a timely manner by eliminating 60% of noise generated from security testing tools• Drove culture changes to promote Agile, DevSecOps, and Cloud Security best practices to enable digital transformation• Coordinated operational and tactical efforts including static and dynamic application security testing, software composition analysis, penetration testing, red team engagement, and other tier 1/2 application and cloud security concerns

• Processes commercial and open-source intelligence, assesses cybersecurity risk, and disseminates Cyber Threat Intelligence reports to senior leadership to help drive intelligence-driven defense efforts• Serves as the Cybersecurity Incident Commander for cyber events and incidents that affect the confidentiality, integrity, and availability of NextEra Energy and its affiliate’s systems• Agile Product Owner for the Cybersecurity Operations Center (CSOC) Orchestration and Automation projects, which provides tier 1 and 2 analysts with a workbench that promotes efficiency and productivity• Mentors junior and associate analysts on cybersecurity best practices and coaches them with cybersecurity incident response investigations by strengthening host-based and network forensics, static and dynamic analysis, and identifying the root cause

• Cybersecurity Operations Center (CSOC) rotational assignments, including intrusion detection/prevention system (IDS/IPS) monitoring, operational support for tier 2 security incidents, monitoring for potential critical cyber asset (CCA) violations reported via the Security Information Event Management (SIEM), follow-up on suspicious/persistent malware detection on all corporate assets, and monitoring and reporting on sensitive Sarbanes Oxley (SOX) / Non-Public Information (NPI) / Personally Identifiable Information (PII) access abuse on all corporate SQL databases• Processes emails sent to the Spam mailbox to identify malicious emails that made it past security controls and takes action to mitigate security gaps• Responsible for email, asset, and network share collections for litigation hold requests, using Encase software for all cases involving NextEra Energy Inc.• Design, development, and maintenance of an open-source mock phishing assessment framework called GoPhish to promote the security awareness program and perform monthly mock phishing assessments

• In charge of the design, deployment, and logistics for a company-wide project to enable multi-factor authentication for remote access and the implementation of the RSA Authentication Manager Prime for self-service requests• System Owner and Subject Matter Expert (SME) for RSA 2Factor SecurID and Managed Engine Password Pro and responsible for its account management (user/system changes), security patches, upgrades, and testing in accordance with North American Electric Reliability Council Critical Infrastructure Protection Standard (NERC CIP)• Technical lead and Information Security liaison for efforts and projects to limit remote desktop access to multi-factor authentication protocols for Windows and UNIX servers that were deemed critical by regulatory standards

• Design and implementation of IT solutions for internal and external security administration processes, access controls, identity provisioning/de-provisioning and regulatory compliance• Audit security processes related to employee and contractor workforce assignments and established relevant resolutions, which included the review of contractor and employee recertification for renewal of system access• Grant least privilege access of UNIX and Windows OS to appropriate employees and contractors using IBM and Microsoft products• Process termination of system access for separated employees and contractors in a timely manner to mitigate the risk of a security incident

• Involved in various projects to make Florida Power & Light and its affiliates compliant with NERC CIP standards• Assisted the Cybersecurity Project Manager in day-to-day assignments and participated in security initiatives including the removal of NPI data from FPL applications in accordance with the Florida Breach Notification Law