* Participating in Responsible AI Red Team assessments on GitHub Advanced Security Artificial Intelligence (AI) capabilities, such as the “Autofix” functionality that was launched in private beta to customers in January of 2024.* Guiding businesses on the adoption of DevSecOps practices at scale with the GitHub Advanced Security product suite across various industry verticals, including Technology, FinTech, Insurance, Financial, Healthcare, Automotive, and Systems Integration companies.

* Developed novel CodeQL queries to identify exploitable vulnerabilities in customer’s native code.* Customized and Remediated issues within public CodeQL queries in support of open source static analysis at scale.* Acted as a subject matter expert on the practices of Static Analysis, DevSecOps, and Application Security during internal meetings with Product Management and Engineering.

* Led the Collaboration Technologies, Global Messaging, and Service Technologies teams as we strive to deliver a great experience through the software our colleagues leverage to do business.* Drove the core principles of "security by design” by reducing friction between Security and IT, while expediting the development and/or adoption of innovative and secure technologies.* Enabled holistic management of technology use by colleagues in order to create a universal digital experience that is centered around the needs of the business and its customers.* Created both dynamic and stable technology platforms that integrate practices from development, security, and operations to increase automation, scalability, and reliability.

* Led the Conference, Office, and Service Technologies teams as we strive to deliver a great colleague experience through the software they leverage to do business.* Implemented the core principles of "security by design” by reducing friction between Security and IT, while expediting the development and/or adoption of innovative and secure technologies.* Enabled holistic management of technology use by colleagues in order to create a universal digital experience that is centered around the needs of the business and its customers.* Developed both dynamic and stable technology platforms that integrate practices from development, security, and operations to increase automation, scalability, and reliability.

* Led a globally distributed team of senior managers, managers, engineers, and researchers responsible for software security testing across all company business units and products.* Authored the company's original “Security by Design” program; responsible for providing guidance on how to architect and build security into the software development lifecycle.

* Built a distributed team of engineers and researchers to address core technical and administrative capabilities within the software security domain.* Authored the company's original software security strategy; responsible for architecting and implementing security testing as part of the software development lifecycle.* Architected the company's centralized version control strategy, designed to improve software development efficiency and security across the organization.* Designed training toward building a secure software development lifecycle; implemented multiple paid and open source solutions to add breadth of coverage at scale.

https://infosecmentors.net

Host, Application Security Weekly (episodes 0-55)

* Administered training to internal resources regarding complex application security concepts.* Built and maintained automation tools to enhance the quality and speed of program launches.* Engaged in technical guidance to both executives and practitioners toward establishing and maintaining effective Bug Bounty programs at scale.

* Designed and engineered proof-of-concept applications and security research tooling.* Led development of Bugcrowd’s security researcher training initiative as Project Manager.* Spoke at (or acted as a technical resource for) industry trade shows and conferences, including BSides Las Vegas, Black Hat, DEFCON, DerbyCon, and HackFest Canada.

* Provided guidance to CISOs, Executive Directors, and security practitioners on how to develop vulnerability management programs at scale across global corporations.* Led training engagements for Penetration Testing and Web Application Security practitioners.* Consulted with executives on how to build effective corporate information security programs.