As a Principal Security and Compliance Analyst at Oracle, I specialized in driving PCI DSS compliance across multiple lines of business, including IaaS, PaaS, and SaaS certifications. In this role, I leveraged both my compliance architecture and audit expertise to ensure Oracle’s cloud services met stringent regulatory standards while supporting business agility and security.During my time at Oracle, I:• Designed and implemented compliance frameworks that aligned with PCI DSS requirements, providing secure, scalable solutions for Oracle's cloud services.• Collaborated with cross-functional teams, including product development, legal, and security operations, to integrate compliance controls into cloud offerings.• Led audit preparation, evidence gathering, and assessments, ensuring successful certification renewals and regulatory adherence.• Provided expert guidance on compliance strategy, risk mitigation, and continuous monitoring to maintain ongoing PCI DSS compliance.• Drove innovation by streamlining compliance processes and leveraging automation to reduce complexity and improve efficiency.

As a Senior Security Engineer at Nordstrom, I significantly contributed to the organization’s security and compliance programs, focusing on risk assessments, compliance, and security infrastructure improvements.Senior Security Engineer – Threat Assessment and Consulting• Designed and built the Security Risk Assessment Program based on NIST and the Critical Controls, reducing assessment time by 75%.• Developed a Risk Assessment Framework to ensure consistency and thoroughness in all security evaluations.• Created a Security Knowledge Base to support self-service and training, promoting transparency in security practices.• Contributed to the internal penetration testing team, identifying and addressing critical vulnerabilities.Senior Security Engineer – Information Security and Compliance• Led the design and implementation of an Enterprise Certificate Authority (PKI), acting as the subject matter expert (SME) for secure digital identity management.• Architected and deployed an Enterprise Audit and Logging Solution for PCI compliance, providing essential logging and audit capabilities.• Designed and implemented a WPA2 Enterprise wireless network for Mobile Point of Sale and BYOD support.• Served as the lead Security Engineer for SOX and PCI audits, ensuring compliance and regulatory alignment.Senior Systems Engineer – Windows• Architected and implemented Tripwire Enterprise for File Integrity Monitoring, improving detection of unauthorized changes.• Designed and deployed a comprehensive Enterprise Anti-Virus Solution using McAfee EPO.• Implemented a VMWare Infrastructure to support test and production environments.• Led Windows systems remediation efforts during SOX and PCI audits, ensuring compliance.• Developed and enforced Corporate Server Security Standards to bolster overall security.

Intrusion Detection/Network Security Analyst Security Operations • Monitor real-time IDS events on disparate networks consisting of over two hundred thousand individual nodes • Perform network traffic & protocol analysis for investigation of network intrusion events• Evaluate new security software and systems• Manual correlation of events through various systems (firewall, syslog, proxylogs)• Report daily activities and threat levels to senior management• Enforce policy deviations by escalating internally-sourced events to forensics team• Ad-hoc penetration testing to determine validity of attacks• Work with management to improve existing processes, and develop new ones• Perform detailed investigative analysis on alerts sourced via IDS, Netscout, Netscreen, Checkpoint, Cisco, NFR, LogLogic and escalations from System AdministratorsNetwork AnalystTelecommunications and Networking• Installed, configured and supported WAN hardware/software across multiple sites• Partnered with design team to produce end-to-end design specifications, long-haul carrier services and routing specifications across multiple service areas• Administered and maintained enterprise-critical data circuits throughout the area• Performed systems maintenance including hardware, firmware, and software upgrades• Analyzed and resolved LAN and WAN issues• Maintained WAN technical documentation such as design documentation, device inventories, and maintenance and emergency procedures• Provided End to End connectivity from Data Center to the Green light• Communicated infrastructure and network updates to National Data and Voice Network partners for continued improvement• Mentored and guided technicians in providing excellent support to end users

Key areas of expertise include:Network design and architectureNetwork security and firewall managementRemote Access TechnologiesTroubleshooting and performance optimization