Security EngineeringDeveloped Secure Development Lifecycle Process– Incorporated 3rd Party Review of new SaaS integration into purchasing process including developing a Relative Risk Matrix, allowing for baselining new SaaS applications against known existing a market examples– Developed and conducted Secure Design Reviews with engineering teams. I prioritized Security Guidance to achieve product goals and while understanding and mitigating riskPentesting Lead for Internal and External tests. Discovered multiple complex issues requiring multi-team resolution and coordinationSecrets in Code– Automated Pattern Based detection of secrets in code – Developed secrets libraries and Infrastructure to assists Engineering teams– Led engineering wide effort of secret removal and drive to zeroCompany Security Education– Wrote and delivered Engineering Technical Talks on Secure Design Process, Pentesting, and Security Incidents– Developed and taught engineering Intro to Security course– Partnership with IT on developing corporate wide Annual Security Training—---------------------------------------------------Corporate Security, DFIR, GRCEnterprise GitHub Migration and Admin– Drove integration of SSO– Designed and implemented permission restrictions– Designed and deployed repository restrictions and rulesAuthentication and Authorization– Assisted the formation of an Authentication Team– Part of Team to provide Guidance and RequirementsLead the Open Source Policy team– Primary Author and Leader to develop Policies or OSS Use, Contribution, and Publishing– Performed Audit and Analysis of Uses and LicensesSecurity Incident Response–Lead multiple major security incident responses including, Log4J, CircleCi breach, and internal misuse of resources for cryptoPrimary Security Leader for Fraud Investigations– Unauthorized 3rd Party Spoofing of APIs– External Data and Web Scraping

Working in Window and Devices Group, Platform Security & Research and Development doing Security Assurance Tooling and Automation at Scale.Responsible for design, development, deployment and integration of security tooling to enable static and dynamic analysis with engineering systems. Developed tooling to wrap Semmle snapshot creation into the Windows developer build tooling and automatically execute suites of Semmle rules. Developed and integrated tooling for processing SAIRF output, reducing multiple results into single actionable issues, and making reported issues more actionable by adding specific context source code snippets, and pipelined into to Azure Dev Ops for the Windows organizationCreated a universal Attack Surface database and automation infrastructure that allows for multiple tools to report attack surface to a centralized DB and then correlate data between different releases/builds and other data sources, using Azure CosmosDB and Azure Batch.

Software Engineer in Quality for the OS Security team within the Windows and Devices Group.Worked on Enterprise Data Protection. focusing on Networking and Policy Deployment.

PlayReady Media DRM for First Party Ports (Android, iOS, Windows Phone, Xbox)

Authentication and Security for Microsoft Office SharePoint Server, Office 365, SharePoint Online.

Engineering Co-Op 3: Wrote serial sd card drivers for DSP platformsDSP Applications EngineerAccomplishment: Designed an interface for programming external flash memory using existing IDE tools- Executed several projects involving Digital Signal Processor development board and peripherals- Developed proprietary software for an embedded system to create a GUI taking advantage of an existinggraphics package- Characterized and tested preproduction DSP silicon for worst case scenario delays- Provided pre and post sale support for issues and opportunities for existing and potential customers

Engineering Co-Op 2: Working on testing of online simultaneous collaboration platform.Groove Networks was purchased by Microsoft in March of 2005Accomplishment: Increased the product reliability through identifying and resolving errors in product- Executed mandatory mandatory automated testing on daily builds of the Groove Virtual Office Product- Collaborated directly with developers to trouble shoot and resolve bugs to improve product stability before release, resulting in increased customer satisfaction- Tested various quality aspects of the product on multiple operating systems and hardware setups- Worked under strict deadlines for releasing products and successfully completed all tasks required

Engineering Co-Op I: Working as tier 1 tech support of Machine Vision SystemsHandled front line response to all customer issues, managing a significant case load- Identified, tested and resolved customer issues involving in the In-Sight® product line- Optimized product capabilities for optical recognition to meet rigorous pass/fail requirements for enterprise level customers- Set up communications using Ethernet, Serial, and Discrete digital I/O between product line and PLCs- Created sample code in C# for communication using TCP/IP in a .Net framework