Experience

 
 
 
 
 

Lead Infrastructure Security Engineer

Salesforce

May 2019 – Present Herndon, Virginia

Responsibilities include:

  • Security Automation

    • Discover, define, and drive security automation projects
    • Develop working technical proof of concepts to help teams envision end-state integration
    • Evangelize security automation initiatives
  • Security Architecture:

    • Perform security architecture, design, and component reviews for Salesforce infrastructure
    • Provide security guidance and oversight to engineering and operational teams by participating in design reviews and threat modeling
  • Security Research:

    • Research new security technologies and build new tools to make everyone’s lives easier
  • Document and communicate discovered issues; work with teams to resolve them in a manner which improves security and encourages agility

Technologies:

  • Terraform, Packer
  • Open Policy Agent
  • Spinnaker
  • Jenkins
 
 
 
 
 

Interim Cloud Security Practice Lead

Synopsys Software Integrity Group

August 2018 – May 2019 Dulles, Virginia

After previous practice lead left the company, served as Interim Practice Lead from August 2018 to May 2019. Leadership accomplishments as interim practice lead include:

  • Drove internal training efforts to increase team from 7 consultants to 22.
  • Delivered presentations to small groups of executive decision makers as well as 100+ client managers on several occasions to drive team goals.
  • Attained approval from internal decision makers for 3-month Infrastructure as Code development project, Cloud Maturity Action Plan efforts, and improvements to internal training agenda.
  • Trained 22 consultants in AWS Landing Zone in preparation for customizing client Landing Zones.
  • Increased revenue from $1 million in 2017 to $3 million during first quarter of leadership (Q4 2018).

Top Project: Automating Continuous Security Testing

Developed Infrastructure-as-Code blueprint that provides clients with code to repeatably deploy testing infrastructure for individual teams. Allows clients to start automating their continuous security testing within 30 days. Deliverables included:

  • Automated Application Security Testing Library: Carefully engineered Jenkins Shared Library that performs various AppSec activities (DAST, SAST, SCA, report delivery, automated issue tracking, metrics aggregation).
  • Built-in tool integrations: Supports BlackDuck, Coverity, Checkmarx, Seeker, Contrast, Fortify, and open source tools out of the box.
  • Reusable infrastructure stack: deploy Jenkins CI Server and supporting infrastructure, so clients can redeploy this blueprint as often as they want.
  • Automated Reporting and Issue Tracking: JIRA and SonarQube Integration
  • Documentation and Training: materials to support client adoption of the blueprint and train consultants in delivery

 
 
 
 
 

Senior Security Consultant

Synopsys Software Integrity Group

November 2017 – May 2019 Dulles, Virginia

Responsibilities include:

  • Co-Lead of Cloud Security Consulting Practice
  • Developing Secure Infrastructure as Code for clients
  • Deploying CI/CD Pipelines in AWS for Secure Image builds and AppSec testing (SAST, DAST, IAST, etc.)

Developed expertise in the following technologies:

  • Terraform
  • Packer
  • Ansible
  • HashiCorp Vault
  • AWS, Azure

Other activities:

 
 
 
 
 

Security Consultant

Synopsys Software Integrity Group

September 2015 – October 2017 Dulles, Virginia
Responsibilities include:

  • Manual Web Application Security Testing
  • Threat Modeling
  • Architecture Risk Analysis
  • Team lead for Microsoft Azure Security consulting team

 
 
 
 
 

Security Consultant

Sirius Business Systems

September 2014 – September 2015 McLean, Virginia
Responsibilities include:

  • Worked with small business clients to write and implement new security policies.
  • Performed security audits and penetration testing to evaluate initial security stature.