[ 01. PROFESSIONAL_SUMMARY ]
CISSP/CCSP certified engineer with a SANS-published whitepaper and two discovered CVEs. Over a decade of experience progressing from systems administration and vulnerability management into cloud and application security. Currently an Application Security Engineer at Southern New Hampshire University, focused on securing software at every stage of the development lifecycle through threat modeling, security tooling integration, code review, and developer enablement.
[ 02. EXPERIENCE_LOG ]
Perform threat modeling and application/API security reviews using OWASP Top 10 and STRIDE methodologies, delivering actionable remediation guidance to development teams. Design and validate security controls for authentication, authorization, encryption, and input validation across cloud-native applications and containerized workloads. Integrate and maintain security tooling across CI/CD pipelines including SAST, DAST, SCA, secrets detection, and IaC scanning, enforcing policy-as-code and pipeline gating. Conduct source code reviews to identify vulnerabilities and collaborate directly with developers on remediation strategies and compensating controls. Establish automated secure configuration baselines, drift detection, and security monitoring to support Security Operations.
Automated quality checks by integrating SonarQube Cloud into the CI/CD pipeline, improving the overall enterprise code grade from a D to a B within six months. Integrated TruffleHog for automated secret detection, successfully identifying and remediating 100% of verified live credentials in production. Established the organization's first formal GitHub Security Standard and Application Security Policy. Strengthened Kubernetes security by deploying Falco for runtime threat detection and Trivy for image scanning, providing deep visibility into 100% of production containerized workloads. Utilized STRIDE threat modeling to analyze core system architecture, identifying and mitigating over 50 high-impact design flaws. Streamlined multi-account security by deploying Orca Security across 200+ AWS accounts, ensuring continuous monitoring and a 20% increase in alignment with CIS Benchmarks.
Standardized security controls across AWS, Azure, and OCI for 3,000+ resources, reducing misconfigurations by 30%. Created a library of 25+ incident response playbooks, formalizing recovery procedures and significantly reducing response times for cloud-native security events. Conducted mandatory security reviews for all cloud-based projects, preventing over 100 misconfigurations and ensuring Secure-by-Design principles. Served as lead investigator for cloud security incidents, driving end-to-end remediation and conducting post-mortem analyses.
Conducted deep-dive security assessments on 25+ applications, identifying and remediating 50+ high-severity vulnerabilities prior to production release. Deployed SAST scanning to 15 development teams by embedding security tools directly into the development workflow, enabling earlier vulnerability detection. Developed a streamlined assessment framework, reducing security assessment turnaround time by 20%.
Deployed Rapid7 InsightVM/IDR across 1,500+ assets, establishing the organization's first enterprise SIEM and vulnerability management programs. Maintained banking systems with 99.999% availability through proactive monitoring, orchestrating monthly patching cycles with zero unplanned downtime. Developed 250+ PowerShell and Bash scripts to automate administration tasks, reducing daily manual overhead by 75% and ensuring 100% consistency across server configurations. Architected the recovery strategy for core banking systems, reducing the Recovery Time Objective (RTO) by 30% and ensuring zero data loss during annual failover testing.
Operationalized efficiency by redesigning 50+ manual workflows. Served as technical lead for Symitar core banking support and infrastructure hardware lifecycle projects.
Managed GFI Cloud deployment for 500+ endpoints. Orchestrated enterprise-wide migration of 200+ systems from Windows XP to Windows 7.
[ 03. ACADEMIC_HISTORY ]
[ 04. VULNERABILITY_DISCLOSURES ]
[ 05. SKILLS_MATRIX ]
[ 06. VALIDATED_CREDENTIALS ]
EXTERNAL SECURE RECORDS IDENTIFIED...
[ 07. PUBLICATIONS ]
[ 08. RESUME ]
DOCUMENT AVAILABLE FOR DOWNLOAD...