-Contributor to the following workstreams:- Zero Trust Architecture & Maturity Model ("Communicating the Business Value of Zero Trust")- Zero Trust Identity Pillar

- Co-inventor for a patent "Framework for Automated Penetration Testing": https://uspto.report/patent/app/20210357507- Provide security guardrails by creating and providing technical input to security policies and procedures- Provide security input to blueprints including IaC and edge services

- Led multiple organization wide, cross-functional security related projects - Winner of the Q3 2020 CFO Magician Award

- Participate in architecture blueprint reviews and provide security related input- Implemented static scanning using Checkmarx for the majority of Twilio's codebase- Perform threat modeling, code reviews and penetration testing for complex AWS based architectures and esoteric telecom based protocols- Co-created a Python, Celery, Flask-restful and Redis based automation tool called night-owl for automated vulnerability scanning that integrates its results into the CI/CD pipeline. night-owl is a customizable, scalable and Dockerized application that can be deployed in a few clicks and can be customized to scan networks, applications, APIs and telecom based protocols.- Gave in-person hands-on Secure Development Training to Twilio engineers. Also launched an online Secure Development Training program for new Twilio engineers using Codebashing.

Director of Security Assessments at Dun & Bradstreet with global responsibilities for application security and vulnerability management.• Manage an agile distributed team of application security, network security and vulnerability management experts with global responsibilities for all of Dun & Bradstreet’s applications and network infrastructure. • Implemented continuous authenticated dynamic scanning of D&B's internet facing web applications. Implemented a next-generation WAF to protect D&B's web applications, APIs and microservices. • Designed and implemented an application security testing automation and metric automation framework using Agile processes. The framework is based on Jenkins/Fortify SCA and Jira. Presented work on automation and metrics at AppSec EU 2016 (Rome) and AppSec EU 2017 (Belfast) (http://sched.co/A66h). • Automated metrics generation using Jira labels significantly reducing the time it takes to generate metrics and dashboards. Used weighted risk trends to measure the technical risk to the organization.• Developed a methodology for tiering applications based on a custom criteria. This tiering methodology is now being adopted by other teams and organizations.• Developed a Secure Development Training curriculum for Dun & Bradstreet. Gave the training at all major software development centers.• Developed and implemented secure software development policies and standards. Provide security expertise for the implementation of information security management frameworks, such as ISO 27001, OWASP, SOX, PCI. Provide strategic and tactical security consultancy for projects, security engineering, TechOps• Developed a Python3/Boto3 based AWS scanner that scans all of Dun & Bradstreet’s AWS accounts for open buckets and security groups.• Q1 2016 D&B Content and Technology Recognition award winner

Senior Security Consultant with Trustwave responsible for working with clients in various countries to address their security needs. Responsible for performing network penetration testing, application penetration testing (web and client/server), application security reviews, virtualization assessments and secure development training

Senior Technical Architect for J2EE, J2ME and .NET based applications for Adidas, Vanguard, Sprint and Simon Malls. Responsible for integrating enterprise applications with Portal frameworks (BEA Portal), Content Management System (Interwoven, Documentum), application servers and legacy systems. Consulted with clients on matters of web application security. Responsibilities include creating security specifications, designing secure components, performing security code audits, reviewing security test plans.

Design and lead development team for J2EE applications including an online publishing engine, corporate trouble ticket system and a Perl/Unix based website.

Lead engineer on a $14 million redesign of Sprint’s Merged Call Processor, a Tier 1 platform which collects and processes Call Detail Records (CDRs) from Sprint’s entire long-distance Nortel DMS-250 / SS7 voice network. The platform was designed using a High-Availability (HA) clustered configuration with the capability for geographic fail-over. Lead a team of Software Engineers, System Administrators, Network Engineers and vendors to work through and complete the design. Presented design to Chief Technology Officer and other executives for approval. Received a Sprint Values Excellence award for the design effort.