- Responsible for Cloud Security on AWS- Implemented and managed AWS Config, Guard Duty, Inspector, Route 53 Resolver Firewall and Security Hub- Performed threat modeling of new and legacy systems and security reviews of upcoming products and features

- Cyber Threat Intelligence architect & principal security engineer- Incident response and investigative support across cyber, physical, insider and mass fraud incidents- Performed cyber threat investigations, threat hunting, security assessments and OSINT research & analysis- Founding member of PayPal's intelligence Fusion center, which facilitated collaboration and information sharing across physical security, information security, financial crimes investigations, risk/anti-fraud teams and brand risk management.- Assisted in defining scope and initial processes for PayPal's Fraud Defense Command Center, which was launched to track and mitigate mass fraud incidents, synthetic account creation and other automated fraud abuse. Supported FDCC in a multitude of incidents, providing expert analysis of data, investigative support and mitigation recommendation.- Cyber Threat hunting & Threat Modeling- Designed and maintained system for collecting external cyber threat intelligence for PayPal and distribution internally- Architected an advanced URL classification and mitigation system as described in patent US20210203691A1. System analyzes tens of thousands of URLs daily for malicious behaviors, including phishing, and submits identified malicious URL's to safe browsing lists, anti-phishing vendors, etc.

- Administered and architected Splunk Enterprise Security as SIEM past initial deployment state to utilization by the PayPal SOC- Built and deployed numerous security alerts using Splunk- Built an Ansible based system for backing up and deploying Splunk Enterprise Security configurations to GitHub- Built an asset discovery system using Splunk & NMAP. Identified significant gaps in log collection and aggregation.- Devised security alerting strategy and methodology for PayPal's SOC- Founding member of current PayPal SOC organization (CyberDefense Center)- Part of eBay breach incident response team.- Built a system in 2014 for identifying and mitigating malicious IP addresses interacting with the PayPal website. Successive generation of this system still in use 7 years later for mitigating abuse on PayPal.com- Presented on identifying automated abuse in web logs at Splunk .conf 2013- Member of Splunk's Enterprise Security Product Customer Advisory Council in 2014 & 2015• Implemented threat intelligence sharing of IP and URL data with Facebook Threat Exchange and APWG• Implemented and managed Soltra (STIX/TAXII) for intelligence sharing with FS-ISAC

Technical oversight and task management for tools and automation team. Team was responsible for monitoring production & development environments, as well as automation.- Grew Splunk from 50 GB/day to over 250 GB/day.- Automated code pipeline for Splunk configuration files.- Developed alerts and playbooks for StubHub NOC monitoring.- Designed a system that leveraged Splunk to monitor likely credential stuffing attacks by individual IPv4 addresses and then automatically lock impacted customer accounts to prevent fraud and abuse.- Oversaw deployment of Puppet to configure over 80% of StubHub production environment and all dev environments. Reduced development environment deployment from weeks to hours.- Designed a numeric risk system inside Splunk to score IP addresses by characteristics of abuse. Inspiration for current Splunk Enterprise Security Risk System.- Team was additionally responsible for the administration of Foglight, AppDynamics, Perforce and Nagios

- Inaugural member of StubHub's new site reliability engineering function.- Identified, triaged and remediated defects on production website. Remediation typically involved identification of suspect code and development and deployment of patches.- Developed and deployed system for preventing duplicate checkout submissions.- Developed an automated system for identifying fraudulent tickets and remediation of both ticket inventory, fraudulent seller accounts and linked seller account.- Partnered with database teams for query and database table optimization.- Designed a new event creation tool to simplify and automate creation of events on StubHub.- Performed initial Splunk roll-out and adoption by operational teams, including dashboards, alerts, data ingestion and system administration.- Assisted with migration of primary data center cut-over and recovery efforts.

- Web development tasks customizing Apache OffBiz platform for differing e-commerce websites, primarily in Java with limited HTML and Javascript- Performed limited database administration, network debugging- Designed and executed ETL tasks for migrating clients from prior e-commerce platform to customized Offbiz platform

Programmed new features & performed bug fixes to a project management web app for the US Air Force.