Tony M. Email & Phone Number

Nashua, NH, US

Santa Clara, California, US

• Leading end-to-end security for Intel’s Tiber AI Cloud, a cloud platform providing customers access to the latest hardware, software and AI accelerators. https://cloud.intel.com
• Defining a strategic plan for security and our team, mapping it to various frameworks and working towards SOC 2 compliance.
• Leading over arching security architecture, working at all levels of the stack from data centers, SDN and networking, hardware bring up, hypervisors, storage and large scale Kubernetes deployments.

Santa Clara, California, US

• Leading company-wide threat modeling and security architecture review program for all high-risk, software projects (embedded systems to cloud). Increased review clarity and developed a training program, resulting in a.
• Spearheaded a year-long, cloud security transformation involving a virtual team across twelve organizations. Identified and prioritized 24 critical security gaps. Developed a comprehensive, two-year roadmap, gaining.
• Developed a company-wide, cloud security architecture guide focusing on AWS and Azure. Reduced architectural findings by 75% and accelerated time-to-market by providing clear guidance on security best practices.
• Created a hands-on, threat modeling training program with twelve instructors in seven geographic areas scaling security awareness across the company.
• Collaborated with cloud-focused M&A teams to identify and address security integration challenges, leading to a new, M&A security governance approach, accelerating the integration process.
• Contributed software and service expertise for: Corporate security exception approvals, M&A team, Security Training program, SDL Technical Review group, Security Tools group, Cloud Security Initiative working group.

Santa Clara, California, US

• Joint led product development security for Intel's largest software business unit, at its peak overseeing security for over 7,000 engineers and 400 projects.
• Transformed product security compliance by establishing an audit and metrics program, increasing security compliance from ~60% to nearly 100%.
• Led and grew a high-performing security team of over 50+ Security Champions and Product Security Experts, expanding security expertise across the organization. Developed and executed a comprehensive training program to.
• Served as primary escalation point for all PSIRTs, driving incident response, triage, and prioritization. Collaborated with teams to expedite issue resolution and improve incident response efficiency.
• Led business unit’s efforts for three, high-impacting security events, coordinating teams, central security and PSIRT to mitigate risks and ensure business continuity.

San Jose, CA, US

• Technical leader on central team responsible for company’s Secure Development Lifecycle policies, design and requirements.
• Championed a corporate initiative to define and provide guidance for SDL for Agile, DevOps/CD, and Cloud deployments.
• Defined a secure development framework and InfoSec engagement process for fast-moving teams building cloud services. This process allowed five security architects to scale and review over eighty cloud products a year.
• Provided security advice and consulting to numerous teams (Cloud, Endpoint, IoT, Network).
• Wrote guides and documents for: IBM AppScan, REST API testing with Burp Suite, SDL in Agile Development, and co-authored XSS mitigation and architectural recommendations. The AppScan guide increased usage effectiveness.
• Pen tested and audited multiple products, correlating findings with weaknesses in secure development lifecycle implementation. Assisted teams in understanding implications and how to address issues.

San Jose, CA, US

• Security Architect for AnyConnect and Identity Service Engine
• Integrated SDL processes with Agile development cycle, conducted security investigations, architectural and design reviews, threat modeling, requirements analysis, security training, vulnerability testing, and incident.
• Developed security and architectural design for MDM, AWS services, guest access portals, device on-boarding, PKI, and other features.
• Performed in depth analysis and hardened VPN communication protocols for both AnyConnect and ASA firewall.
• Analyzed Software Defined Networking (SDN) architecture and security model, presented and patented architectural solutions that allow security fixes to be deployed in hours as opposed to months.
• Designed and patented a zero-sign-on solution that seamlessly and securely integrates network identity into the single sign-on flow.

• Led multiple DoD research programs from proposal to successful customer demonstrations.
• Discovered a class of vulnerabilities in software reconfigurable communication devices. Demonstrated security concerns and solutions to AFRL and NSA representatives, which led to the multi-billion dollar JTRS program.
• Developed a cryptographic emulator and rebuilt an embedded IP stack's implementation of IPSec.
• Conducted multiple threat assessments leading to security requirements and architectural design choices.

Responsible for the company's point-of-sale identification service solution's software and database architecture and development.

Device drivers, embedded development, bourne shell scripting, mapping software

Master Of Science, Computer Science, Concentration Security

Bachelor, Computer Science