whoami

>

[ 01. PROFESSIONAL_SUMMARY ]

CISSP/CCSP certified engineer with a SANS-published whitepaper and two discovered CVEs. Over a decade of experience progressing from systems administration and vulnerability management into cloud and application security. Currently an Application Security Engineer at Southern New Hampshire University, focused on securing software at every stage of the development lifecycle through threat modeling, security tooling integration, code review, and developer enablement.

[ 02. EXPERIENCE_LOG ]

Application Security Engineer
Southern New Hampshire University // May 2026 — Present

Perform threat modeling and application/API security reviews using OWASP Top 10 and STRIDE methodologies, delivering actionable remediation guidance to development teams. Design and validate security controls for authentication, authorization, encryption, and input validation across cloud-native applications and containerized workloads. Integrate and maintain security tooling across CI/CD pipelines including SAST, DAST, SCA, secrets detection, and IaC scanning, enforcing policy-as-code and pipeline gating. Conduct source code reviews to identify vulnerabilities and collaborate directly with developers on remediation strategies and compensating controls. Establish automated secure configuration baselines, drift detection, and security monitoring to support Security Operations.

Senior Application Security Analyst
Credit Acceptance // March 2023 — May 2026

Automated quality checks by integrating SonarQube Cloud into the CI/CD pipeline, improving the overall enterprise code grade from a D to a B within six months. Integrated TruffleHog for automated secret detection, successfully identifying and remediating 100% of verified live credentials in production. Established the organization's first formal GitHub Security Standard and Application Security Policy. Strengthened Kubernetes security by deploying Falco for runtime threat detection and Trivy for image scanning, providing deep visibility into 100% of production containerized workloads. Utilized STRIDE threat modeling to analyze core system architecture, identifying and mitigating over 50 high-impact design flaws. Streamlined multi-account security by deploying Orca Security across 200+ AWS accounts, ensuring continuous monitoring and a 20% increase in alignment with CIS Benchmarks.

Cloud Security Engineer
Credit Acceptance // August 2021 — March 2023

Standardized security controls across AWS, Azure, and OCI for 3,000+ resources, reducing misconfigurations by 30%. Created a library of 25+ incident response playbooks, formalizing recovery procedures and significantly reducing response times for cloud-native security events. Conducted mandatory security reviews for all cloud-based projects, preventing over 100 misconfigurations and ensuring Secure-by-Design principles. Served as lead investigator for cloud security incidents, driving end-to-end remediation and conducting post-mortem analyses.

Application Security Analyst
Credit Acceptance // November 2020 — August 2021

Conducted deep-dive security assessments on 25+ applications, identifying and remediating 50+ high-severity vulnerabilities prior to production release. Deployed SAST scanning to 15 development teams by embedding security tools directly into the development workflow, enabling earlier vulnerability detection. Developed a streamlined assessment framework, reducing security assessment turnaround time by 20%.

Systems Administrator / Cybersecurity Engineer
Michigan Schools & Gov Credit Union // April 2015 — November 2020

Deployed Rapid7 InsightVM/IDR across 1,500+ assets, establishing the organization's first enterprise SIEM and vulnerability management programs. Maintained banking systems with 99.999% availability through proactive monitoring, orchestrating monthly patching cycles with zero unplanned downtime. Developed 250+ PowerShell and Bash scripts to automate administration tasks, reducing daily manual overhead by 75% and ensuring 100% consistency across server configurations. Architected the recovery strategy for core banking systems, reducing the Recovery Time Objective (RTO) by 30% and ensuring zero data loss during annual failover testing.

Systems Operations Specialist
Michigan Schools & Gov Credit Union // May 2014 — April 2015

Operationalized efficiency by redesigning 50+ manual workflows. Served as technical lead for Symitar core banking support and infrastructure hardware lifecycle projects.

Technical Support Specialist
Extra Credit Union // September 2013 — May 2014

Managed GFI Cloud deployment for 500+ endpoints. Orchestrated enterprise-wide migration of 200+ systems from Windows XP to Windows 7.

[ 03. ACADEMIC_HISTORY ]

M.S. Information Security Engineering
SANS Technology Institute // November 2022
M.S. Information Technology Management
Western Governors University // July 2019
B.S. Cybersecurity and Information Assurance
Western Governors University // June 2018

[ 04. VULNERABILITY_DISCLOSURES ]

[CVE-2021-38602] PluXML v5.8.7 — Stored Cross-Site Scripting (XSS): Unsanitized input in Headline fields allowed persistent script execution and administrative session compromise.
[CVE-2021-38603] PluXML v5.8.7 — Stored Cross-Site Scripting (XSS): Persistent XSS flaw in user profiles allowed widespread delivery of malicious payloads to site visitors.

[ 05. SKILLS_MATRIX ]

Application Security: SAST/DAST Integration, SonarQube Cloud, TruffleHog, Burp Suite Professional, ZAP, Threat Modeling (STRIDE), OWASP Top 10, Security Assessment Frameworks, GitHub Security Standards, CI/CD Pipeline Security
Cloud Security & Audit: AWS (Multi-account), Azure, Oracle Cloud (OCI), Orca Security, Prowler, CIS Benchmark Auditing, Cloud Security Posture Management (CSPM), Wiz
Security Architecture: Threat Modeling (STRIDE), Security Architecture Review, Secure-by-Design Principles, Kubernetes Security Standards, GitHub Security Standards, KPI Development
Security Operations: Incident Response Playbooks, Vulnerability Management (InsightVM/Qualys/Nessus), MITRE ATT&CK, Falco, Trivy, SIEM Tuning & Alert Management, Rapid7 InsightVM/IDR
Governance, Risk & Compliance: Application Security Policy Development, Security Program Maturity Modeling, KPI Development & Reporting, CIS Benchmarks, NIST Frameworks, Security Standards Development, GIAC Advisory Board
Penetration Testing: Metasploit, Nmap, Burp Suite Professional, SQLMap, Gobuster, Impacket, Cloud Penetration Testing, API Security Testing, Red Team Operations
Security Research & CVEs: Exploit Research (CVE Discovery), Hashcat, John the Ripper, Reverse Engineering, CTF Competition
Automation & Engineering: Python, PowerShell, Bash Scripting, System Hardening (Windows/Linux), Active Directory, Docker, Kubernetes

[ 06. VALIDATED_CREDENTIALS ]

EXTERNAL SECURE RECORDS IDENTIFIED...

[ 07. PUBLICATIONS ]

[ 08. RESUME ]

DOCUMENT AVAILABLE FOR DOWNLOAD...

[ 09. KEY_ACHIEVEMENTS ]

> GIAC Advisory Board Member — 2020
> National Cyber League (NCL) Fall 2021: Ranked 66/6,480 (Individual) and 18/3,910 (Team)
> National Cyber League (NCL) Spring 2021: Ranked 81/4,180 (Individual) and 7/922 (Team)
> Improved enterprise code quality grade from D to B within six months via SonarQube Cloud integration
> Identified and remediated 100% of verified live credentials in production via TruffleHog integration
> Reduced Recovery Time Objective (RTO) by 30% through DR architecture at MSGCU