StackAware is the leader in artificial intelligence governance, risk, and compliance. We help you win with AI while protecting your data, your customers, and your reputation.

Managing complex cloud-based software dependencies is table stakes for effective AI governance. So I was honored to help the CSA:• Set industry standards for Software-as-a-Service (SaaS) risk management while spearheading the publication of the software supply chain section of CSA’s widely-hailed and comprehensive guide for securely using SaaS products.• By contributing to the paper "Securing LLM Backed Systems: Essential Authorization Practices" as a reviewer.

AI security is all about data governance. My time at Privacera showed me what it takes to protect sensitive data of Fortune 500 customers like Nike, Autodesk, and Corning. As leader on the product management team, I:• Drove the product roadmap for Privacera UserSync, merging business and technical insights to ensure release of market-leading platform for identifying, classifying, and protecting sensitive data in cloud- and on premises-based sources.• Spearheaded the company's Software-as-a-Service (SaaS) improvement effort, developing detailed telemetry, security, and observability requirements.• Created and implemented the company shared security model, explicitly identifying cybersecurity responsibility for various stakeholders, including customers and third-party service providers.• Launched our first coordinated vulnerability disclosure program to facilitate confidential receipt of reports from cybersecurity researchers and ensure rapid remediation of identified security issues.• Developed, coordinated, and oversaw publication of the first official product support policy, clarifying software end-of-life timelines, 3rd party software support plans, and backward/forward compatibility contracts.• Overhauled the Privacera Platform pricing model to reflect value derived by customers while also capturing maximum revenue possible.

Securing data flows is an absolute must for cyber-physical products. And in support of enterprise customers like Caterpillar, Volvo, and Flowserve, I:• Ensured the secure development and deployment of ThingWorx Industrial IoT platform.• Coordinated with software engineers, quality assurance testers, and other stakeholders while applying the Agile development process.• Improved customer security by ensuring delivery of edge device connection monitoring, file upload management, enhanced auditing, and Azure Active Directory integration features.• Led the company-wide, multi-product identity and access management (IAM) strategy, roadmap, and partner program.• Supervised implementation of application security program including static, dynamic, and software composition analysis as part of product continuous integration pipeline as well as regular threat modeling, penetration testing, and other vulnerability prevention and detection methods.• Reduced median time to resolution of potential security defects by 60% through overhaul of company vulnerability management policy and procedures.• Developed and oversaw implementation of containerized software security, maintenance, and continuous delivery procedures as part of company Software-as-a-Service (SaaS) transition strategy.• Spearheaded the ThingWorx Compliance Hub, providing detailed guidance for customers seeking compliance with System and Organization Controls (SOC) 2, International Organization for Standardization (ISO) 27001, Department of Defense Cybersecurity Maturity Model Certification (CMMC), and other regulatory frameworks.• Conceived and launched the ThingWorx Shared Security Model, clarifying cybersecurity responsibilities for PTC, customers, partners, and other stakeholders.• Designed, built, and implemented an automated bug triage system. Developed and coded the algorithm that factored in customer satisfaction, past and anticipated bookings, as well as functional and security impacts.

You know who has the most complex data sets and systems in the world? The federal government. Dealing with this sprawl drove home for me the importance of clear policies and guidance. While working on Capitol Hill, I:• Advised the Chair of the Committee on Homeland Security, other Members of Congress, and staff regarding cybersecurity and counterterrorism issues. • Provided policy analysis briefings to the Committee Chair in preparation for 60+ national media appearances.• Drafted Public Law 115-331, the Homeland Security Data Framework Act, codifying government data sharing processes.• Led a yearlong investigation of information exchange among 13 government organizations; authored a report with 34 oversight recommendations entitled "Reviewing the Department of Homeland Security’s Intelligence Enterprise."• Represented the Committee during bilateral discussions with European Union Commission, Council, and Parliament regarding transatlantic cooperation in the fields of cyber crime, counterterrorism, and border security.

Founded after 9/11 to stop future attacks, the National Counterterrorism Center sits at the crossroads of a huge amount of sensitive data. After being personally selected by the senior Marine officer to serve as active duty military detailee to NCTC, I:• Briefed the NCTC Director – counterterrorism advisor to President of the United States – on key threats.• Was personally commended by Federal Bureau of Investigation (FBI) Director for “outstanding assistance” to FBI investigative efforts.• Identified terrorist leaders and operatives by applying financial, communications, and social network analysis techniques to Intelligence Community data; disseminated leads to operational customers.• Tracked extremist propaganda, messaging, and intentions via social media.• Trained 10 analysts in novel techniques to parse and analyze intelligence datasets with Palantir’s Gotham software.• Became an expert in computer network exploitation threats from nation-state, terrorist, and criminal actors as well as digital network intelligence tools, methods, exploitation, and outputs.

While serving as second-in-command of a Marine reconnaissance company, I honed my ability to oversee complex programs, synthesize data, and manage risk while I:• Led Joint Riverine Training Team on mission to Perú and trained 300+ Infantes de Marina (Peruvian Marines), entirely in Spanish.• Managed 2000+ weapons, radios, and optics during the transition from a legacy equipment database to its cloud-based replacement.

I had the honor of commanding 1st Platoon of Charlie Company before and during its overseas deployment. In this capacity, I:• Led a 23 person cross-functional team during 20 counterinsurgency missions in southwestern Afghanistan.• Achieved a 100% success rate in avoiding improvised explosive devices by custom building an integrated hardware-software patrol tracking system to analyze Global Positioning System (GPS) data. I developed the product roadmap from existing designs, collected user requirements, built and deployed a prototype, and evaluated performance data prior to real-world employment. Subsequently, I trained additional platoons in system use, increasing adoption by 300%.• Was awarded the Navy and Marine Corps Achievement Medal with Combat Distinguishing Device.

In preparation for taking command of one of the Marine Corps' most fearsome fighting units, I finished the Basic Reconnaissance Course (BRC) ranked 2 of 36 students and graduated from the Survival, Evasion, Resistance, and Escape (SERE) school.

During my first overseas tour as new Marine lieutenant, I:• Drove the operations of a 10,000+ person organization by personally advising its Commanding General.• Presented him with 200 daily intelligence briefings and 8 detailed battlefield assessments.• Supervised 5 analysts during the production of 145 daily intelligence summaries, 27 political-military studies, and 10 quantitative visualizations.• Was awarded the Navy and Marine Corps Achievement Medal for “inspirational leadership.”