Founding platform and security engineer working across multiple Deep Cove service lines at the intersection of cloud infrastructure and security operations. Manage the compute and data platforms on Kubernetes (SIEM, EDR, DFIR tools, etc.) used to deliver Deep Cove managed security services. Triage and investigate security events in client environments. Create SOW and pricing for managed services customers. Roll up my sleeves and perform all the random odd jobs you'd expect in an early stage startup.

Led global SecOps team reporting to multiple CISOs before and after the acquisition by Thoma Bravo in 2022 and merger with ForgeRock in Q4 2023. Led endpoint security consolidation efforts that improved user experience, decreased IT support burden, and lowered costs. Rebuilt InfraSec team within 6 months following a period of high attrition during the Great Resignation. Led SIEM alert and ingestion prioritization, effectively managing SIEM costs and ensuring more time for security engineering. Re-architected FedRAMP vulnerability management tools in H2 2022, improving accuracy of monthly ConMon reporting processes. Led replatforming of security tooling from EC2 to Fargate and Lambda deployed with Terraform and Gitlab CI. Partnered with EMEA support teams on multiple high profile customer-facing investigations impacting PingOne and PingOne Advanced Services, leading response and remediation efforts across security, SRE, and product engineering.

Led multiple Engineering teams within Professional Services with responsibility for Falcon Forensics collector development and cloud and datacenter infrastructure used by CrowdStrike DFIR consultants globally. Supported product and sales on high-profile customer escalations. Partnered with legal to replace legacy NDR solution used by Crowdstrike consultants with a market leader.

Led full-stack engineering team within Enterprise Security with responsibility for customer-facing login services and identity-based fraud detection. Grew a diverse team during global pandemic and transition to fully remote. Led modernization of legacy SAML service, migrating to Spring Boot and ECS from Websphere deployment. Led customer-facing cloud migrations that modernized tech stack and improved support processes. Led containerization of EC2 based CIAM stack consisting of dozens of micro services that provided faster deployment of customer-facing login security features and scaled to meet market conditions. Led the modernization of home-grown fraud detection tooling and improved cross-functional incident response processes across Enterprise Security and Anti-Fraud teams.

Maintained and refactored Terraform code base for EC2 based deployment and wrote Python scripts for data migration for TRP CIAM stack in AWS. Improved hiring processes within Enterprise Security that laid the foundation for future team growth when I returned a people leadership role.

Led SaaS, appliance platform, and cloud security teams across North America and Romania that delivered PhishMe, Triage, and Vision anti-phishing tools for Cofense customers. Matured SaaS security platform and processes during SOC 2 Type I and Type II audits, refocusing the team on high impact tools and processes. Rebuilt overall department during a wave of high attrition following the PE M&A in early 2018 and maintained high morale through multiple rounds of cost cutting, effectively leveraged offshore teams to implement follow-the-sun platform development. Supported sales and legal teams during contract review and negotiation. Launched FedRAMP effort within Product & Engineering, conducted the initial NIST 800-53 gap analysis, laying the groundwork for a successful ATO. Led response to multiple operational and security incidents in production services.

Global DevOps leader and Services product owner within Software Monetization BU including Sentinel Cloud and EMS SaaS. Led the onboarding and expansion of large enterprise customers in North America including the development of customized CI/CD offerings, middleware SaaS integration, and data migrations from legacy licensing platforms. Led the development of automated software download solution in EMSaaS using AWS CloudFront, Lambda, and API Gateway that displaced legacy offering.

Rebuilt North American Cloud Ops team responsible for delivery and support of Sentinel Cloud and EMS hosted offerings in AWS and On Prem. Led AWS infrastructure improvements including the introduction of Ansible and the migration of Sentinel EMS from Windows to Linux and migration from On Prem datacenter to AWS. Managed multiple high visibility customer-facing incidents and led cross-functional improvements SaaS support by developing strong partnerships with global support and product management teams. Led multiple product and platform migrations that decreased technical debt and increased service uptime.

Founding manager of Cloud Operations team for TAP (now known as Helix) before and after the FireEye M&A, growing the team from 2 to 12, promoting the next generation of leaders. Led the development of infrastructure automation and observability tools during early customer deployment of the initial platform and migration to microservices architecture. Introduced automated infrastructure provisioning and application deployment that reduced customer onboarding from days to hours. Led vulnerability response and remediation during multiple high priority internet-facing vulnerabilities. Implemented common-sense change management processes that balanced feature delivery with stability.

Led multiple infrastructure and build teams that supported Elder Scrolls Online before public announcement and through private Beta, including initial AWS EC2 buildout for marketing website. Built initial ZoS security program, leading multiple rounds of application and infrastructure penetration tests.

Led and hired nationwide consulting team in support of Energy and Smart Grid projects for commercial and Federal customers. Performed network security integration at the Naval Observatory, Quantico, and a large Hydro in the Grand Canyon, and a DARPA project I can't talk about.

Taught in-person, onsite, and virtual training on Tenable products. Rewrote Tenable Nessus and Enterprise Security curriculum. Developed initial Tenable certification for Nessus and Enterprise products.

Taught Security+ class for one semester.

Built and maintained Hewitt Open Source security appliance platforms in physical datacenters globally. Had a lot of fun writing Ruby and running OpenBSD and FreeBSD on HP rack hardware.

Performed sponsored security research in ICS and SCADA Security. Developed first Tenable Nessus SCADA vulnerability checks and partnered with US-CERT on first disclosed SCADA CVEs. Did onsite pentesting at some notable control centers. Contributed scenario elements and served as an observer at INL during the first DHS CyberStorm exercise in 2006. Wrote crude Python fuzzers and deployed SCADA Honeynets to simulate PLCs.

Performed security architecture reviews and security implementation testing of multiple Cisco products, protocols, and platforms. Developed security tools in Python.

Served as 98C (SIGINT Analyst), 96B (All Source Analyst), and 74B (Information Operations) in multiple U.S. Army Reserve Units in San Antonio and Austin. Honorably discharged before stop loss.