At Nomura, I am leading DevSecOps including AppSec for Wholesale. As part of my responsibilities, I am building out application security practices (SAST, SCA, DAST) as well as an Application Security Champion program to ensure close alignment of DevSecOps with our developer and DevOps community of 3000+ developers. Amongst other things, my team is setting best practices and standards, automates risk scoring of findings across all tools, integrates security into the build and deploy pipelines, advises the firm in security related areas, helps developers with remediation or mitigation suggestions, and provides a roadmap to mature DevSecOps while keeping up with cloud, infrastructure as code, and AI related innovations.In my short time at Nomura, my impact includes* security awareness of development teams and leadership with education, training, and reporting* creation and establishment of an application security champion program* automating the gathering, normalization, enrichment, and risk scoring of findings across our secure coding practices* promoting the value of AppSec and DevSecOps to leadership* socializing a risk based approach to security* mentoring my team and security professionals outside my teamI am looking forward to extend impact into our global organization and be instrumental in maturing our organizations DevSecOps practices.

At Wells Fargo, I am leading security & compliance across our newly formed Enterprise Application Services organization.

During my time at Goldman Sachs, I lead the Security Engineering team in the Technology Risk Advisory Function. My team is working out of New York (NY), Dallas (TX), and Warsaw (Poland) offices of Goldman Sachs. In my position as a VP Senior Engineer and Manager, I closely collaborated with the security advisory, risk-governance, incident response, and vulnerability management functions of the firm.Major team responsibilities included: * Security Requirements testing automation, supporting test and behavior driven development technologies (TDD, BDD) in an agile environment * Application security tooling to implement and tune SDLC security touchpoints (SAST, DAST, IAST, RASP), related disciplines, procedures, vendor relationships, and exploring of innovative security solutions that align with the business strategy * Automating, stream-lining and integrating security into the firm-wide SDLC processes, while minimizing distractions to developers or businessDuring my tenure at Goldman Sachs, I had the honor to work with some of the brightest minds in Engineering and Security and I am very grateful to have expanded my technical knowledge in areas including Agile, Test Driven Development, Java Spring Boot, and SDLC automation in an organization that is providing technology and specifically DevOps leadership beyond the financial industry.

During my tenure at BBH, I was leading three teams to design and implement cyber security solutions and managing their operations in the areas of * Secure Coding, Web Application and Portal Security and testing* Monitoring, Forensics, Data Analysis, Investigation Support* Privileged access and insider threat protection* Web Access DesignWhile much of my time was consumed with leadership and management tasks, I remained passionate about technology and kept hands-on experience with several broadly deployed security tools. My interests included applying cyber security technology and related processes to regulatory compliance and risk in any industry.My responsibilities at BBH also included security budget planning, cyber security strategy, selection and on boarding of tools supporting our cyber strategy, and coordination of cyber security efforts with development and business teams, and hiring talent that fits our culture and needs.

Key areas of leadership and technical impact included people development and technology innovation in the fields of cyber security and advanced threat detection, virtualization-based security services for cloud and datacenter, computer forensics, security assessment and penetration testing, and malware and security analysis. Major responsibilities:• Assisting IBM CIO organization, IBM Managed Security Services organization, and IBM Security Systems organization within IBM in identifying opportunities to solve customer problems.• Leading a team of world-class researchers and senior technical staff members in cyber security research, security and risk assessment, and transferring research technology into IBM products and services.• Educating customer executives (CEOs/CIOs/CISOs) on innovative IBM Research cyber security defenses developed under my leadership.Major contributions:• Contributed key parts to the technical security strategies to achieve innovative cyber defenses protecting enterprise and cloud.• Delivered highly scalable techniques to detect evolving and evasive cyber threats.• Built a research team to deliver next generation big data analytics solutions and data management system addressing critical customer security requirements.• Worked with IBM CIO Incident Response Team on several occasions to discuss findings, and led my team to create rich context with our big data security analytics to support effective remediation of those findings.• Presented and discussed innovative IBM Research cyber security analytics solutions for enterprise and cloud at IBM Japan Think Forum 2013 (CEOs), at IBM Pulse 2012, and to many Fortune 500 customers (CIOs/CISOs) over the past 3 years.

Key areas of impact include innovative cloud security and management, hypervisor- and kernel security, virtualization and datacenter security, system security, crypto co-processors, and trusted computing.Accomplishments:• Trusted Virtual Data Center for simplified cloud security management and related ongoing productization efforts (2006-2008). Key design and implementation, with strong impact on technical security strategy.• sHype Hypervisor Security Architecture for consistent tenant-wide security policy enforcement in virtualized environments and implementation for Xen / PHYP (2005-2008). Contributed related software to the Xen open source hypervisor project.• Integrity Measurement Architecture for reliable finger-printing of the run-time of computer systems and implementation for Linux (2003-2009), now part of main stream Linux kernel audit system.• IBM 4764 PCI-X Cryptographic Coprocessor High-Speed Host-Card Communication Protocol reference implementation for Linux (1999-2001).Experience:• Linux kernel programming; Python, C and Java application programming; network programming; secure network protocols; embedded systems; Xen and other hypervisor and VM management programming; security policy management and applications; trusted computing and applications; technically leading trusted virtual data center project across research and product teams.

Teaching Graduate Course: “Cyber and System Security in Theory & Practice” (Fall 2010)Also: "System Security in Theory & Practice (Spring 2008, Fall 2005)

Creating and supervising network management hands-on training in Communication Networks & Design of ISDN telephony and data service once a semester.

Bi-Weekly tutoring undergraduate students on following topics: Computability, Automata and formal languages, Lisp, Prolog, Lambda Calculus