WORK EXPERIENCE 

Microsoft (Contract)                                                                                                             Mar. 2024 – Current

Security Design Engineer 4                                                                                                            Redmond, WA (Remote)

• Operating in a high excellence team responsible for managing security and compliance operations for the entire Corporate, External, and Legal Affairs (CELA) Division, always maintaining above 98% in GRC KPI metrics.
• Lead threat modeling activities using STRIDE framework to identify and address TTPs pertaining to software solutions and network architectures for all Organizations within the CELA Division including Law Enforcement and National Security, Digital Crimes Unit, AI For Good, and Non-Profit organizations.
• Matured Risk Management practices by integrating CSF mapping capabilities, automating risk documentation tasks, and adding processes to track and remediate existing risks.
• Monitor and remediate security red-flags such as secret rotations, certificate expirations, persistent access violations, and unauthorized access.
• Assist in maturing early Agile methodology adoption by educating and training team members on Agile best practices and Azure DevOps operations.
• Host daily office hours sessions to provide technical and security support for all CELA teams.

Interos                                                                                                                                    Aug. 2023 – Jan. 2024

Principal Application Security Engineer                                                                                           Arlington, VA (Remote)

• As the Mission Owner for DoD IL-5 and SOC 2 Type II accreditations, I led Interos’ improvement efforts pertaining to security operations and standards across DevSecOps, IT, and compliance.
• Integrated multiple security checks and standardized security controls in existing CI/CD pipeline to rapidly ship hardened DoD IL-5 compliant container images using Iron Bank, Gitlab, ArgoCD, and Docker.
• Built a new DoD IL-5 compliant environment in AWS GovCloud using Terraform. 
• Managed a well-architected Infrastructure-as-Code (IaC) environment using AWS Control Tower and Account Factory for Terraform (AFT) to standardize cloud security operations and automate regulatory/industry compliance requirements.
• Developed the Interos.ai application System Security Plan (SSP) to maintain strict alignment with IL-5 requirements.
• Redesigned Interos’ manual yearly security awareness training program to an automated monthly program.
  1. Incorporated digestible security trend reports to quarterly Board meeting decks.

Infoworks                                                                                                                                 Oct. 2021 – Jul. 2023

IT and Security Manager                                                                                                                Palo Alto, CA (Remote) 

• Confidently managed IT, Information Security, and cloud operations with a lean task force.
• Pioneered Infoworks’ first AWS GovCloud and Azure Government environments connecting them together by Transit and VNet Gateways, mimicking security requirements from Defense Industry and Public Sector clients.
• Reduced 42% (~900k/yr.) of growing cloud expenses by designing multi-layered cloud cost controls and practices.
• Orchestrated full-scale risk assessments that led to the discovery and rectification of various high-level risks.
• Developed and automated the Security Awareness Training and Education program reducing phish-prone % by ~50% within 4 months.
• Deployed and managed EDR solution (SentinelOne) across all endpoints in US and India.
• Implemented IDS and Vulnerability Management solutions (Lacework) allowing for swift org-wide security gap closures and product vulnerability remediation efforts.
• Designed, implemented, and automated secure IAM onboard/offboard processes, SSO, and role-based access controls across all cloud services including AWS, Azure, and GCP.
• Redesigned VPN architecture with failover capabilities, advanced security controls, and rapid user provisioning which significantly reduced risk and end-user frustration.
• Developed IT and Information Security policies, programs, standards, and procedures aligning with NIST 800-53, CIS, SOX, and SOC control frameworks, prioritizing control alignment in a staged approach with current and future states of organization maturity.
• Standardized a myriad of technical and administrative controls in alignment with related control frameworks.
• Maximized ROI after building out the full capabilities of existing services that were previously unmanaged.
• Scaled IT and Information Security programs to support business objectives and customer requirements.

Cisoshare                                                                                                                              Nov. 2019 – Feb. 2022

Sr. Cybersecurity Consultant                                                                                                                   San Clemente, CA

• Within my first year in a consulting role, I propelled my knowledge and skillset becoming the lead security consultant for our top Managed Service clients.
• Achieved Employee of the Quarter for team collaboration, bringing new ideas to the table to improve efficiencies, raising client satisfaction, and taking ownership of new client engagements of various industries.
• Taught IT security training and education seminars for individuals looking to enter the cybersecurity space through our CyberForward program.
• Successfully lead multiple client projects to prepare for and acquire/maintain industry standard security certifications including SOC 2 Type I/II, ISO 27001, and CMMC.
• Led a team of analysts and architects to assess client’s security posture and develop security programs and processes in strategic alignment with applicable industry, regulatory, and business requirements.
• Provided proactive and reactive security advisory to clients in a wide range of industries. Advisory included threat awareness, process improvement, control implementation, risk mitigation, new technologies, and compliance navigation.
• Addressed client requirements and/or pain points through process development and training workshops while identifying new opportunities for client and company growth.
• Owned the development and operations of client security programs and initiatives to drive continuous growth of security posture maturity.
• Led tactical internal and client operations including security architecture designs, third-party risk assessments, project assessments, vulnerability management, executive level dashboarding, Phishing campaigns, training and awareness, risk management, and IT workshops.

Opus Bank                                                                                                                            Aug. 2015 – Nov. 2019

Sr. IT Compliance Analyst | Aug. 2015 – Nov. 2019                                                                                        Irvine, CA

• As the SME for information security, IT compliance, BCP/DR, SOX, GITC, and FDIC, I owned various technical and administrative responsibilities across the IT, Information Security, Project Management, and Internal Audit teams.
• Built and managed the Vulnerability Management Program resulting in a ~60% decrease of vulnerabilities within 6 months of implementation.
• Owned numerous project implementations including IDR, SIEM, Vulnerability Management, data security, insider threat protection, and privileged account management solutions.
• Automated and centralized existing access provisioning, access review, and audit processes eliminated three months (annually) of manual effort and reduced resource impact across multiple departments.
• Assumed the role of lead coordinator during all IT audits and FDIC IT Examinations resulting in ratings of “Meets Expectations” or greater for four consecutive years.
• Identified and addressed security and compliance gaps in IT controls, remediated with a defense-in-depth approach.
• Led external penetration tests and conducted remediation efforts.
• Developed and presented IT performance metrics to C-Suite Executive Committees.
• Created and maintained documented policies, standards, procedures, and guidelines.

EDUCATION

Western Governors University                                                                                             Aug. 2017 – Jun. 2019 

B.S., Cybersecurity and Information Assurance                                                                                        Salt Lake City, UT

CERTIFICATIONS, SKILLS & INTERESTS