- Conducts peer review and provides feedback and guidance on the Cybersecurity Assessment Tool.

- Led security operations team of information security analysts across three time zones responsible for risk management, vulnerability management, incident response, security awareness training, phishing simulations, and vendor security assessments.- Provided guidance on NIST SP 800-37, 800-53, 800-61, 800-63, 800-171, and PCI-DSS compliant policies, procedures, controls, and implementations to engineering, sales, and legal teams.- Drove Credential Service Provider (CSP) compliance and audit initiatives to meet DEA requirements for Electronic Prescribing Controlled Substances (EPCS).- Developed insider threat detection and mitigation strategies.- Developed FedRAMP compliant policies and procedures and reviewed the development of compliant technical controls.- Presented at True University on “Breaking Down Silos with Human-Centric Multidisciplinary Approaches”, and at Society of Environmental Journalists 28th Annual Conference on “Keeping Your Data Safe and Secure”.

- Built a multidisciplinary Trust and Compliance team within Duo’s Security department to provide sales enablement services to address how Duo meets information security framework requirements and how Duo’s products help customers meet their compliance and regulatory needs.- Evolved Duo’s information security policy, business continuity and disaster recovery plan, incident response plan, data classification policy, and vendor security assessments to be in alignment with NIST SP 800-53 and ISO 27001 and 27002.- Successfully led cross team initiatives to complete SOC 2 Type 2 and customer-initiated audits.- Conducted semi-annual risk assessments- Partnered with legal team on contract reviews.- Analyzed FedRAMP technical and policy requirements and drafted initial strategy for FedRAMP authorization.- Presented at M3AAWG on “Lessons Learned from Phishing Assessments”, and at University of Michigan’s Influence Panel: Women in Computing

- Advised organization on building brand reputation based on Trust and building company culture around privacy and security by design.- Advised CEO, sales, marketing, and compliance team on email best practices, US - EU Safe Harbor, privacy, data protection, data ethics, and working with law enforcement.- Provided guidance on PCI-DSS, ISO 27001, ISO 27002, SOC 2 Type 2 gap analysis, compliance, and audit process.- Provided guidance on information security and operational security best practices and policies.

- Managed a technical organization composed of a 24/7 digital security incident response team, software development engineers, and research staff across five countries.- Set strategic direction for technical initiatives within Access Now.- Provided guidance regarding handling of inbound legal process (subpoenas, court orders, warrants, pen registers, national security letters) and warrant canaries.- Provided advice to funders, foundations, nonprofits, NGOs, and human rights activists regarding information security policies and best practices.- Led Access Now through its first ISO 27001, ISO 27002, and SAFETAG gap analysis and management response.- Drafted Theory of Change processes within the organization.- Presented at Citizen Lab Summer Institute on "Analyzing and Defending Targeted Threats", at Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) on "Combating Abuse for At-Risk Users", at RightsCon on "Internet Startups and Human Rights".

- Managed CloudFlare’s Trust and Safety team to handle inbound privacy, legal, and abuse complaints and escalations.- Served as the Compliance Officer, Custodian of Records, and primary point of contact for law enforcement inquiries, DMCA complaints, and for reporting of child sexual abuse material to the National Center for Missing and Exploited Children.- Evaluated and established CloudFlare’s vulnerability disclosure program.- Established CloudFlare’s security incident response team.- Reviewed all inbound legal process (subpoenas, court orders, warrants, pen registers), created subpoena compliance policy, and responded accordingly.- Authored CloudFlare transparency reports.- Conducted annual privacy policy reviews and obtained U.S. - EU Safe Harbor for CloudFlare.- Drafted and established PCI compliant policies and procedures.- Led CloudFlare through its first PCI-DSS assessment as a level 1 service provider.- Worked with Enterprise customers to address compliance and information security concerns and completes due diligence questionnaires.- Conducted information security, privacy, and data protection evaluations of CloudFlare vendors.- Provided security awareness training to CloudFlare employees.- Trained law enforcement agents on cloud service provider technologies.- Presented at Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) about email validation services and DDoS attacks, and at RightsCon on protecting user rights at startups.

- Maintained mail transport and anti-abuse application layers of residential and commercial mail platforms for over 30 million mailboxes.- Crafted workflow rules within Cloudmark Gateway MTA.- Developed next generation anti-abuse policies and strategic approach for platform evolution.- Conducted analysis of email-based attacks and works closely with third-party vendors to reduce both false positives and spam to the subscriber inbox.- Provided leadership, guidance, and oversight to junior engineers on anti-abuse team.- Provided industry expert insight to other teams within Comcast regarding abuse vectors.- Implemented RBLDNSD to replace Nominum Centris and decrease DNSBL update times.- Hosted first ESP summit at Comcast to promote open and transparent communication between ESPs and ISPs.

- Managed Cloudmark’s Security Operations Center responsible for maintaining Cloudmark Sender Intelligence (CSI) IP reputation service and tactical accuracy for Cloudmark Authority messaging security product.- Performed analysis of email, SMS/MMS, and social networking content to determine tactical approaches to reduce delivery of spam, phish, and viruses and increase delivery of legitimate, permissioned messages.- Identified non-obvious characteristics and patterns in spam and feedback reporter behavior.- Worked closely with Engineering to develop and improve backend fingerprinting technology.- Evaluated third-party data feeds for inclusion into backend systems.- Maintained Cloudmark's honeypot / spam trap network.- Led outreach to sender / ESP community to standardize best practices and promote transparent and open communication between Cloudmark and senders / ESPs.- Researched and presented data on spam trends and accuracy to internal and external customers.- Investigated malicious reporters and senders through behavioral analysis.- Acted as a Cloudmark subject matter expert spokesperson to the press on major spam attacks and cybercrime. - Presented at industry conferences (such as M3AAWG) on best sending practices messaging trends.- Served as the Compliance Officer for reporting child sexual abuse material to the National Center for Missing and Exploited Children.

- Managed DNSBL (RBL, DUL, OPS, RSS, QIL) IP reputation team. - Worked with xSPs regarding blocklist concerns and best practices.- Acted as Project Manager of internal spam trap / honeypot project.- Acted as Project Manager overseeing development of Email Reputation Services.- Led operational and development meetings for Email Reputation Service projects.- Networked with industry peers for business development.

- Responsible for maintaining DUL (dynamic DNSBL) blocklist and researching technical characteristics to evaluate static or dynamic IP assignment.- Acted as escalation contact for major ISP clients.- Reviewed procedures and tools to increase productivity and efficiency.- Revised procedural documentation and produced benchmarking reports.- Promoted to Anti-Spam Operations Manager in February 2008.

- Investigated cases involving spam, phishing, botnets, identity theft, fraud, unauthorized release of sensitive personnel data, distribution of counterfeit and pirated products, online pharmacies, illegal importation of pharmaceuticals, and abuse of wireless networks.- Independently conducted civil investigations that involved jurisdictional problems/considerations, such as suspects committing wrongful acts or conduct that was the concern of Federal, state, and/or local agencies, that required cooperation and collaboration to advance investigations.- Operated in an undercover role while conducting Internet buys of counterfeit products.- Acted as a liaison between attorneys and clients, and technical and investigative staff.- Acted as Project Manager, interfacing with Production Manager and third party developers, during refinement of in-house investigation database and data acquisition tool.- Managed anti-spam/anti-fraud investigative team.

- Performed forensic header and body analysis of spam email.- Performed multi source intelligence collection.- Reviewed and analyzed subpoena responses and investigative reports.- Developed suspect profiles and investigation candidate dossiers.- Specialized in identifying non-obvious relationships and recognizing patterns with fragmentary and historical data points.- Evaluated case data for appropriate legal causes of action (e.g. CAN-SPAM Act, Computer Fraud and Abuse Act, Lanham Act, common law torts, and other state anti-spam, anti-fraud, and identity theft laws).- Managed junior analysts during data acquisition and initial data review.- Drafted legal pleadings, subpoenas, affidavits, and declarations.- Handled sensitive and privileged information in a secure and appropriate manner.

- Enforced and educated subscribers on the TWC Subscription Agreement, AUP, DMCA, CAN-SPAM Act, Patriot Act, and other state and federal laws.- Primary point of contact for questions regarding identity theft, network intrusions, firewalls, spam, and viruses for employees and subscribers.- Negotiated spam block and RBL issues between affected customers and ISPs.- Presented seminars for general public and local business leaders about spam, Internet security, and abuse in a broadband environment.- Processed and handled incidents for over 90,000 subscribers. - Took ownership of abuse and security issues, coordinated efforts with a variety of TWC departments and divisions, handled high priority escalations, and saw issues through to resolution.- Researched unsecured/infected customer equipment and educated residential and business subscribers on appropriate resolutions.- Monitored and tracked customer bandwidth consumption and network security scans.

- Provided education, trouble-shooting, and fault-recovery through technical analysis by telephone to employees and subscribers who may not be technically skilled.- Provided support to Commercial Road Runner subscribers and to the business and engineering staff of the division.- Responded to escalated customer service trouble reports.- Analyzed, diagnosed, and corrected hardware, software, and/or operating system errors associated with all mISP equipment under the division's control in such a way as to minimize system downtime.- Monitored the technical operation of the mISP server complex and network, maintained records of performance standards, and followed procedures to effectively respond to out-of-tolerance conditions or outages.