Incident Response & Vulnerability Management: Led the Vulnerability Disclosure Program, handling vulnerability research, root cause analysis, and remediation with SOC, CSIRT, CTI, and pen testing teams. Communicated findings to leadership and ensured effective incident response.Security Tool Expertise: Managed SAST (Checkmarx, CodeQL), SCA (Nexus IQ), CVA (Prisma Cloud Compute), MAST (Data Theorem), and DAST (OWASP ZAP). Proficient with SIEM tools (Splunk, Graylog, ELK) and played a key role in deploying GitHub Advanced Security.API & Cloud Security: Led the enterprise API Security Program, serving as the SME for API security, outage resolution, and cloud security across Azure, GCP, and AWS. Skilled with API gateways (IBM APIC, Kong) and WAF/WAAP platforms (Imperva, Akamai, Cloudflare).Governance, Risk & Compliance (GRC): Ensured alignment with industry best practices and standards (PCI, HIPAA, HITRUST, NIST), and maintained compliance across implementations. Governed Archer Control Standards for my area.Cross-functional Collaboration: Collaborated with cybersecurity teams (WAF Engineering, CTI, CSIRT, IAM) on incident response and security architecture, fostering cohesive security strategies across the organization.

Dev lead for an infrastructure-facing software development group. We wrote and supported software for the infrastructure engineers supporting Infrastructure as Code (IaC) and Software Defined Infrastructure (SDI).

Established a Center of Excellence for .NET, providing enterprise-wide best practices. Researched and published technical guidelines; developed and delivered training curriculum and taught many in-person and online training sessions.Infrastructure and Emerging Technologies: Conducted infrastructure Proofs of Concept for technologies like Docker, OpenShift, K8s, blockchain, and DevOps tools like GitHub Enterprise, TeamCity, Octopus Deploy, Jenkins, etc. This R&D area is where we would explore a technology to help develop a plan on how best to roll it out.

I was a credited technical reviewer for the book Banana Pro Blueprints, a book on IoT projects for the Banana Pro single-board-computer, which is very similar to a Raspberry Pi.https://www.packtpub.com/hardware-and-creative/banana-pi-blueprintshttps://www.amazon.com/Banana-Pro-Blueprints-Ruediger-Follmann-ebook/dp/B017XSFKJC

Technical Leadership: Co-founded a profitable web-based training solutions company, overseeing all technical operations. Developed and managed five business-critical web applications with a focus on security and compliance.Infrastructure and Security: Managed hardware infrastructure, acted as DBA, and implemented streaming technologies with robust security measures. Ensured all systems complied with industry standards and regulatory requirements.Multi-role Responsibilities: Served as sysadmin, developer, and business analyst to support sales and operational teams.

Led development teams specializing in public-facing ASP and then ASP.NET web applications. Managed the company's primary internal portal web application. Designed and developed a public-facing brokerage application for clients to track balances and transaction history. Architected security frameworks to ensure data integrity, compliance with financial regulations, and alignment with contractual rules and GRC policies.

Provided technical support to developers, DBAs, systems managers, and network infrastructure teams. Managed projects including overhauling the time and attendance system and migrating legacy technologies.

Server Management and Automation: Managed over 200 Windows NT servers, overseeing operations and administration. Developed ASP and C++ applications to automate server management, security, and performance reporting.Active Directory Expertise: Gained extensive experience with Active Directory, which was further enhanced through hands-on projects in my home lab environment.Security and Monitoring: Engineered automated backup solutions and established monitoring systems with the ops center.

Network Management and Automation: Started as an IBM AS/400 operator; expanded role to manage Novell NetWare and Token Ring networks. Wrote scripts and C programs to automate network management and enhance security.Field Deployment and Infrastructure: Deployed to remote offices to install cabling, data communication, telecommunications, and phone systems for new branches.