A motivated and passionate individual with an advanced education, 30+ years of technology and security experience and a long list of quality skills and accomplishments. I bring strategic planning, threat assessment/threat modeling, ethical hacking, and a rich background across several industries to any organization.
• Cloud Security Alliance (Founder/Former President Triangle Chapter)
• SANS GSEC certified
• SAST, DAST, IAST, SCA tools and remediation
• NIST and OWASP Top 10 standards
• Systems and Solutions Architecture
• Azure Architecture Technologies AZ-300
• Vulnerability and Configuration Management
• Penetration Testing and Threat Assessment
• Threat Modeling
• Cloud Technologies
• Open Source Security
• Software development background
MetLife [Insurance] Cary, NC 12/12/2022 – Present
• Lead core application security testing and engineering team
• Drive alignment to BSIMM framework, SANS/CWE Top 25 and OWASP Top 10 for 4000 applications
• Lead mission of improving application security practices using MITRE ATT&CK and the Cyber Kill Chain
Optum [Healthcare] Raleigh, NC 2/1/2022 – 12/1/2022
• Lead Security Guild as part of the Open Source Program Office
• Drive strategic vision and implementation of turn-key mechanisms to develop and use secure open-source applications
Optum [Healthcare] Raleigh, NC 5/2020 – 2/1/2022
• Accredited into the Technology Leadership Career Program TLCP
• TLCP is a recognized career path for individuals with deep technical subject matter expertise in critical, modern and transformative technologies
• Designing a Policy as Code framework to enforce governance policies for data
• Researching methods to integrate GANs into data security
• Presenter at All Things Open 2020
• Founder of Optum Threat Modeling course curriculum in Optum Tech University.
Optum [Healthcare] Raleigh, NC 2/2017 – 5/2020
• Founder of Optum Security Advocate program an internal Security Champion program
• Design and update architecture supporting contract-based automation
• Increased security footprint across CI/CD delivery work streams by driving the adoption of Contrast and Twistlock
• Influenced security requirements and best practices across all business lines
• Captured security metrics from security tools and leverage results to drive remediation
• Drove adoption of application security in DevOps and Cloud initiatives
• Created, curated and delivered security focused training within the organization, including Optum's first capture the flag challenge
• Frequent speaker on security in DevOps
Credit Suisse, AG [Finance] Raleigh, NC 1/2014 – 12/2016
• Engineering design, implementation of systems used to protect, detect, respond, monitor and report violations of corporate standards based on NIST and OWASP standards
• SME on product evaluation, application and mobile policy for security governance board
• Designed and supported initiation of Tanium endpoint monitoring solution to enable IOC detection and threat vulnerability
• Architected a vulnerability management system tracking violations from Splunk scans using RSA Archer for key indicators, security vulnerabilities and IT assets and integrated with Service Now Incident Handling
• Reported metrics and findings to executive level management
Credit Suisse, AG [Finance] Raleigh, NC 8/2009 – 1/2014
• Managed an annual 2.5mn CHF budget leading a global team of 35 onshore/offshore software architects and engineers, managing and executing releases and peer reviews. Delivered a 20% increase in defect rate by improving key areas of testing protocols including configuration and internal penetration testing for 33 projects
• Lead software solutions architect that created architecture design of automation, design patterns, delivery, scope, secure application development, functional and technical documentation, test plans, application level penetration testing and cost of various end-to-end solutions as a managed service offering to the bank
• Architected and implemented a security driven mobile testing framework covering native and non-native applications using cloud technology and single sign-on to test mobile banking apps and reduced the company’s testing footprint by 80%
EW Hart Consulting [Software Services] Raleigh, NC 1/2008 – 8/2009
• Composed code, development scope, requirements, test cases and release documentation for code drops for a Canadian insurance company and a U.S. credit union
M3 Technology Group [IT Services] Charlotte, NC 3/2007 – 1/2008
• AGILE SCRUM Master, QA team lead/developer of commercial support ticketing and CRM systems
bioMerieux, NA [Healthcare/Biotechnology] Durham, NC 6/2004 – 2/2007
• Developed and supported internal sales force software, ERP, and ETL (integration) systems
Syngenta Crop Protection [Agriculture] Greensboro, NC 2/2003 – 6/2004
• Database integration and performance analysis, QA testing for component implementation between an in-house built CRM system, an Oracle data warehouse and Peoplesoft ERP systems
EW Hart Consulting [Software Services] Raleigh, NC 2002 – 2002
• Developed client scripts, server side code and testing scripts for proprietary software systems
Clarkston Consulting [IT Services] Durham, NC 2000 – 2001
• Lead developer. Built support infrastructure in 6 months and increased profitability by 40%
Inacom [IT Services] Durham, NC 1998 – 2000
Technical Team Lead – Call Tracking Project
• Configuration and Incident Response lead. Implemented wireless IR response system built in Visual FoxPro
ATS Onsite Technical – GE [IT Services] Wilmington, NC 1996 – 1998
• Windows desktop support, Windows and Unix server support
• Master of Science – Information Security Engineering (currently on hiatus)
• SANS 401 / Security Essentials – GSEC Certification
• SANS 560 / Penetration Testing and Ethical Hacking
• SANS 503 / Intrusion Detection – In Depth
• 3.5 GPA
All Things Open 2020
Optum Dev Days 2018, 2019, 2020
Cloud Security Alliance - Triangle Chapter
• Bachelors in Arts
• Major: Organizational Communications
• Minor studies: Business Management
• 2.8 GPA
• Associates in Arts Degree
• Music Composition and Theory
• Music Department Scholarship Winner
GIAC GSEC
ISTQB foundations accredited
Scrum Alliance Certified Scrum Master
SAfe Agile Practitioner Certified
Credit Suisse 2014 Global Partnership Award
University of North Carolina at Greensboro
2014 WC Legacy Award Winner