Cyber Security Incident Coordinator
As a member of the Cyber Security Incident Response Team (CSIRT), my role as an Incident Coordinator is to lead the CSIRT team in resolving the incident and act as the primary point of contact for the Cyber Security Incident Management Team (CSIMT). The CSIRT Coordinator’s first and most important task is working with the CSIRT team to triage the incident and determine the category, type, severity and risk impact. Once this has been accomplished, the CSIRT Coordinator’s main responsibility is to facilitate the gathering of additional resources while removing any roadblocks that the CSIRT may experience. This includes establishing meeting bridges and points of contact between members, obtaining resources, and communicating any necessary information to the team or the CSIMT.
Editor, Host of #DevSecOpsLIFE
The DevSecOps Community is a place where passionate InfoSec minds can collaborate around doing continuous security at DevOps speed.
Host of the DevSecOpsLIFE show, published on YouTube at https://www.youtube.com/channel/UCZl_YoLSrB-kwiDHNbq345A
Creator of original content and code centered around solving problems related to the security and need for speed of DevOps pipelines.
Represent the DevSecOps Community as a speaker featured at RSA Conference 2018, talk titled 'Oh SNAP! There's Crap in Your App!'.
Frequent speaker at various OWASP and ISSA chapters across the US.
SourceClear is a leader in Software Composition Analysis software
Application Security Architect
Cambia Health Solutions is a group of more than 25 health care companies and includes software and mobile applications, health insurance, non-traditional health care marketplaces and delivery models, pharmacy benefit management, wellness solutions and more. I was brought on to bootstrap an Application Security program, introducing automated analysis built into the software development pipeline, training programs to turn developers into secure code champions, and policies & procedures to tie it all together, all in months rather than years.
When I started at Cambia there was no formal AppSec program. In addition to conducting initial assessment using Qualys, BurpSuite and Checkmarx I pioneered the adoption of a more robust automated testing suite utilizing both SourceClear for open source software composition analysis as well as Veracode for both static analysis and dynamic analysis. I engaged dozens of app teams to assess their applications on an ongoing basis including manual testing, and had 88% of teams doing continuous security by the time I left. The average scan frequency across all apps was 7.6 scans per month.
Set up the company's first ever Capture the Flag event, demonstrating attack techniques to developer using BurpSuite, Postman, and NMAP to attack the OWASP Juice Shop.
Created a Secure Code Champions program to teach software developers, managers, and architects elements of a comprehensive application security program.
Spoke at 5 conferences/events since I started on topics from 'AppSec Zero to Hero' - how to create a program, launch it, and keep it running; to 'What's hiding in your app?' - a review of the open source dangers lurking in today's applications
Conducted regular penetrations tests of web applications across the enterprise using BurpSuite, Postman, & NMAP scripts to verify mitigation of results from Veracode scans third-party pentests as well as known vulnerabilities from open source findings.
Security Solutions Architect
Veracode is a leader in the Gartner Magic Quadrant for Application Security testing. In my time there I have worked with Americas biggest brands identifying risk in the SDLC and helping them design solutions that empower development teams to innovate quickly while identifying vulnerabilities and mitigating risk early.
Designed a solution to empower over 100 application teams at Sabre, Inc. to test software at the earliest stages of each Agile sprint, mitigating risk while it's still cost effective to fix it. Closed the largest freshman deal in Veracode history, a multi-year agreement nearly $1M in total revenue.
Coached the global Solution Architecture team on ways to engage earlier with software development groups vs. the typical route through information security, creating security champions during the design phase of projects.
Marketing Solutions Architect
HP Software is a leader in the Gartner Magic Quadrant for Enterprise Content Management systems, digital personalization, and media asset management. My role was helping customers understand how to integrate digital solutions to automate their existing workflows, give marketing groups an understanding of customer sentiment, and empower content authors to deliver dynamic and personalized content, to the right person, at the right time.
Spearheaded a large-scale integration effort for FOX Entertainment, Inc., bringing together social media sentiment, targeted social media marketing, and media asset management built to scale for all of FOX's movie, television, and archive brands.
Successfully designed and kicked off a $7.2M engagement with Hilton Hotels Worldwide, integrating web content personalization, customer relationship management, upsell/cross-sell, and dynamic content.
Drove revenue generation to over 110% of plan 2 years in a row.
Development & Operations Manager
US Bank is the national leader in wholesale lockbox processing. The platform I oversaw processed over $3.2 Billion per month in check and credit card payments for wholesale customers with 24x7 shift overlay in 9 operations centers across the United States. When I overtook the leadership role of this group they had no disaster recovery, poor cross-functional collaboration, and a reputation within the company of not caring about the customer. I oversaw a successful transformation across all of these areas making the group into a respected and high performing asset to the company.
Built DR platforms and recovery strategies from the ground up, successfully demonstrating 100% recovery within 6 months of owning the team
Went from unstable platform with no recovery plan to 99.999% (5 nines) availability within the first 6 months
Implemented first ever security audit, assuring compliance with PCI, SOX, and all regulatory standards within 9 months
Implemented Agile development methodologies, streamlined development processes, and improved time to delivery, code quality, and code reuse. Time to deliver customizations per customer went from 4 months on average to about 2 weeks with 50% fewer defects.
Created team training, engagement, and collaboration strategies earning the team respect and trust
Enterprise Content Solutions Architect
The Enterprise Content Management group at US Bank maintains a platform and development for over 300 web properties across the banking enterprise. The platform supports the creation and delivery of content for 1000+ users on a 24x7 zero latency delivery schedule allowing the business to drive content marketing change and configuration management at the speed of business. Before I joined the team had developers manually deploying their own code to production, maintaining their own databases, and certifying their own code.
Created an administration and recovery team to certify all builds prior to deployment, maintain the platform, and ensure segregation of duties.
Built self-serve and automated configuration management processes for developers to implement changes ensuring accuracy and instant automated rollback in case of error.
Spearheaded and completed the successful migration off end-of-life software versions running on physical devices to modern versions on scalable virtual machines.
Documented all new administration processes, recovery plans, and hired and trained staff to maintain platforms for this newly created team managing administration and training for this enterprise platform
VP, Director of Engineering
Prior to when I joined, Earthbound was a boutique marketing and design firm focused largely on one client in the Southern California Higher Education space. I helped transform Earthbound into a digital media solution provider with new business in entertainment, retail, and higher ed.
Built a strong team starting with 1 Jr. web designer to over 10 seasoned web, application, and multimedia engineering professionals
Drove project execution and business development for engineering engagements bringing in over $1.4 Million dollars in the year I was there
Owner, Principal Solutions Architect
After starting my career in software development I quickly became a highly sought after architect of web content management solutions for some of the worlds biggest brands such as:
Qualcomm, Inc. - Converted outdated and home grown legacy content management solution to Interwoven TeamSite, an enterprise solution. Created a team to convert all legacy content onto the new platform and built templating and workflow solutions to allow the team at Qualcomm to maintain going forward.
DOW Chemical - Oversaw a complete site conversion of over 5,000 pages of content in under 3 months.
Northrop Grumman - Built a new content management system from the ground up, trained a team of content editors, and launched the site for a classified aerospace project near Washington, DC.
In the years prior to owning my business I also held the following roles:
Sr. Application Engineer, TeamSite - AmerisourceBergen Corporation, 2000-2005
Sr. Art Director, Human Factors - US Interactive, 1998-2000
User Interface Designer - GDI (Garg Data International), 1996-1998