As an L7 senior engineering manager leading the Security Validation team at Google, it is my privilege to deliver a product backed by world-class threat intelligence that enables our customers to be confident in their security posture. My impact in this role includes the following:- Driving vision and execution of our Breach and Attack Simulation (BAS) product to improve the cybersecurity posture for 250+ of the Global 1000. MSV leads the BAS market, enabling organizations to improve threat detection from 30% to 60% within the first year of use. - Increasing MSV SaaS product adoption while growing sales 15-20% annually, going from 0 to over 80 active organizations in ~3 months.- Integrating MSV into Chronicle Security within 1 year, enabling users to continuously conduct security validation exercises because they could safely separate attack simulations from real cyber attacks. - Coordinating operations, support, sales, and sustainment efforts to establish metrics to track and improve issue resolution 2x and customer retention by 10% for a > $60m book of direct business with indirect business of > $100m across consulting, support, and managed service sales. - Growing a global team from 38 to 52 members in under two years, measuring manager performance and team health to create an environment of productivity and psychological safety. Our team received the highest manager responsibility scores in our division and in our most recent survey 100% of team members agree management values their contributions.

As Senior Director of Mandiant Security Validation (MSV), I led a team of engineers and security analysts producing a best-in-class Breach and Attack Simulation product with a ~$50M ARR book of business, delivering technical roadmaps, budgets, project plans, resource management, staffing, support, and operations. I led the transformation from an on-premise product delivery model into a SaaS delivery model, architecting the service while quantifying product performance at 10x and 100x increased orders of magnitude over standalone product scale. Defined a migration utility to seamlessly move on-premise customers to the cloud in a matter of hours. I delivered Ransomware Defense Validation, a novel product based on MSV which enabled organizations to quickly assess the readiness of endpoint security controls for the latest extortion-driven threats. A coordinated effort across threat intelligence and engineering teams, it leveraged the reverse engineering capabilities of the Mandiant FLARE team to use inoculated ransomware binaries to execute real-world gap analysis tests without specialized methods of deployment.

I continued in the same capacity for this role after the divestiture of the FireEye brand from Mandiant.As a Director of Software Engineering for Mandiant Security Validation (MSV), I led the engineering team responsible for delivering the brains of MSV called the Director. Within my first 90 days, I delivered an early SaaS deployment capability for MSV, supporting demonstration of the Mandiant Advantage platform at RSAC.I led design of SaaS services for attack simulation content delivery, reducing the typical time for delivery of content into the product from 2-3 days to under one hour. The content service not only saved engineering time by automated the content deployment process, but also eliminated accidental errors in content using automated quality checks.I established best practices for team planning and execution, including design, planning, estimation, and execution tracking, resulting in increased product releases from about one per quarter to about four per quarter.

As a Director of Software Engineering for Mandiant Security Validation (MSV), I led the engineering team responsible for delivering the brains of MSV called the Director. Within my first 90 days, I delivered an early SaaS deployment capability for MSV, supporting demonstration of the Mandiant Advantage platform at RSAC.I led design of SaaS services for attack simulation content delivery, reducing the typical time for delivery of content into the product from 2-3 days to under one hour. The content service not only saved engineering time by automated the content deployment process, but also eliminated accidental errors in content using automated quality checks.I established best practices for team planning and execution, including design, planning, estimation, and execution tracking, resulting in increased product releases from about one per quarter to about four per quarter.

As product owner and architect for the FortiSASE cloud portal, managed a product providing a secure-by-design zero-trust network infrastructure in a cloud-hosted service offering. The ForitSASE product combined service-based management of security controls with a global network boasting top-20 peering, resulting in greater performance and security than enterprises received using SD-WAN or self-managed VPN services. Led efforts to simplify FortiSASE configuration for customers by enabling users to use identity and compute resources as the building blocks for policy, combining configuration of Next-Generation Firewall, Web Application Firewall, Micro-segmentation, and Endpoint Detection and Response controls into a unified console. For one case-study, FortiSASE simplified customer security policy by replacing over 2000 rules with just over 100 rules. Defined a ground-up implementation of security monitoring and analytics capabilities, including a global-scale log collection platform capable of over 100k messages per second and a terabyte-scale log analytics system which could generate dashboards using one year of security data on-demand in under 10 seconds. Managed project planning efforts for a team of over 20 engineers. My responsibilities included product planning, requirements definition, user experience design, data analysis and storytelling, systems architecture, engineering team leadership, and product lifecycle management.

As Product Owner and Chief Architect at OPAQ Networks, I led product engineering efforts to deliver the management portal and automation capabilities for a Secure Access Service Edge (SASE) security offering. The offering enables channel partners and their customers access to a full security control stack and a secure global network boasting top-20 peering, resulting in greater performance and security than enterprises received using SD-WAN or self-managed VPN services. For one case-study customer, the OPAQ service replaced over 2000 security policy rules with just over 100 rules, simplifying management and maintenance efforts for the network and security teams.As a Product Owner, I developed product roadmaps, sales and training collateral for our channel sales program, and partnered with engineering teams on product delivery. I helped grow our MSSP partnerships from zero to our initial ten partners. I actively supported sales efforts, including training sales leadership and performing product sales pitches to executives at organizations such as Motorola, ULTA, and McDonalds. As Chief Architect, I designed and implemented the OPAQ SASE enterprise security portal with a team of 12 engineers. Within one year post-acquisition of FourV Systems by OPAQ networks, we delivered a global-scale log collection with standard SLAs of 99.9% uptime platform capable of processing over 50k messages per second and a terabyte-scale log analytics system which could generate dynamic dashboards from over one year of security data on-demand in under 10 seconds. The new log management and analytics capabilities simplified testing security policy and identified anomalous behavior using machine learning analytics.

Co-founder of company and chief architect for GreySpark™ cybersecurity risk measurement and reporting product. Designed, patented, built, and delivered a novel cybersecurity metrics measurement and reporting platform that provided alerts and automated reporting for CISOs to understand gaps in security telemetry and quantify security control effectiveness. As a partner / co-founder, I led selection of the corporate headquarters, laid network wiring, hired the initial leadership and engineering team, established engineering best practices, and built our team culture.We deployed GreySpark in environments with tens of thousands of hosts and processed data from customers producing terabytes of data per day. For an early customer we identified anomalous traffic undetected by their SIEM, resulting in an extensive internal incident response effort. I led the company through a successful exit, being acquired by OPAQ Networks in February 2018. During this journey I gained experience in mergers and acquisitions, including understanding the due diligence process. Through our board of advisors that consisted of CISOs and CSOs from the likes of Fannie Mae and Rackspace, I learned what success looks like for the executives and their team. I also received two patents for the risk assessment methodology and cyber maturity measurement algorithms applied in GreySpark.I also received two patents - one for a risk analysis system and one for an information retrieval system - and he has two patents-pending for the risk assessment methodology and cyber maturity measurement algorithms applied in GreySpark.

As team lead I propose new program ideas, organize business pursuits, develop program plans, perform presentations, and direct technology architecture and development. I focus on developing applications that provide cost savings, decision support, and planning insight for our customers. I lead programs on insider threat detection, personnel and cyber risk assessment, and cyber security audit information extraction. Leader: Passionate builder of team culture, processes, and tools that help us succeed. Pioneered agile software development at SRC, including use in CMMI 3 programs.Entrepreneur: Transform ideas into real capabilities. Managed 5-10 people, processes, and budget. Developed product business models. Marketed ideas to customers. Software Architect: Model complex domains like cyber security. Built big-data systems (terabytes). Developed models using UML, XSD, SQL and NOSQL paradigms.Applied Researcher: Develop and apply data mining and reasoning methods. Created new algorithms and analysis methods, including two patents-pending.

As Lead Software Engineer I led software architecture and development efforts for the Information Analytics team. During this time I led an effort to deploy our RiskTracer risk assessment system from a research and development effort into a full production system used by the US Government. This systems resulted in more efficient processing of personnel security adjudication records, enabling the government to highlight areas of concern more quickly and re-visit areas of risk as underlying documents from background checks and public records indicated areas of concern.During this time I also led a cross-division initiative to build a real-time data distribution framework for radar data processing. The effort resulted in a real-time command and control and radar plot visualization platform utilizing Google Maps which was used to monitor defined geographic areas for objects, track them in real-time, slew cameras to track the objects, and pass all track and camera data back to a secure operations center, all while operating on high-latency and potentially unreliable cellular network links. The system included a custom domain specific language (DSL) to define complex quality of service policies for data simply and with auto-correction, translating those language models into code and configuration for real-time data processing.

As a level III software engineer, I began to lead other engineers on our insider threat risk analysis project, defining the product architecture, including translating system designs into code using model-driven architecture concepts. I led design and development to create a new risk analytics system that could process thousands of personnel security records in minutes, analyze risk factors, and produce recommendations for adjudicative outcome automatically in seconds for a new case. The research efforts translated into a new contract with a government agency worth over $1m.I applied various software engineering concepts in the Java programming language such as expert system development using JESS (a Rete rule engine), object-relational mapping (ORM), aspect-oriented programming, dependency injection with Spring, user-interface development using SWT and Flash, and database query processing.During this time I also drove implementation of agile project management and development using the IBM Rational Team Concert tools, resulting in improved source code management and tracking of project initiatives.

As a Software Engineer I led design and implementation of software systems for applied research purposes, implementing social network analysis algorithms, expert systems and inference engines for insider threat detection, and similarity detection and vector-based classifiers for personnel risk assessment using Java, Perl, and relational databases. Developed a novel risk assessment system that became the early version of the RiskTracer decision support system as part of the Advanced Countermeasures for Insider Threat program with ARDA / DTO. This research led to a multi-year, $2M+ to deliver our research prototype as a production capability in the intelligence community. I developed methods for structuring knowledge about security risk along with unique visualizations enabling insider threat detection to be more efficient and effective. I developed novel methods for anomaly detection of social behavior, machine behavior, and semantic analysis of textual documents, including an expert system to perform inference on evidence of insider threat risks.Developed the Cyber Situational Awareness Workbench (CSAW) research tool to monitor machine-level activity and model organizational level workflows in the Intelligence Community. Instrumented over 50 intelligence analyst computers to extracted social network relationships, discovered document relationships using search algorithms, and applied machine learning techniques combined with ontological models to classify day-to-day behaviors of analysts with respect to the modeled organizational workflows.

As a teaching assistant for CSE 442: Software Engineering, my responsibilities included guiding teams in their project implementations, developing questions for and scoring examinations, preparing material for group lab time, and delivering lectures on human interface design.