• Analytical, highly skilled, and multifaceted IT professional offering more than 30 years of experience in Information Technology with the past 25 years devoted to security and risk management.
• Expert in Cloud Security and Compliance: Experience with Azure and AWS. Team leadership and implementation of a DevSecOps Practice for a leading Logistics company. Implementation of a Software Security strategy to increase application security maturity for a major retailer.
• Expert in AppSec: Application Security Engineer/Consultant with experience building CI/CD Pipelines with security controls (SAST/DAST/SCA) with tools such as: Jenkins, Fortify, AppScan, BurpSuite, BlackDuck, Snyk and others.
• Expert in implementing program-level solutions: Creation of security baselines and programs with KPIs/KRIs to improve and measure risk posture and maturity over time.

CAREER HIGHLIGHTS

• Produced a cloud security baseline service for HP (HP Cloud Protection Foundation) to enable the delivery of a “Secure Cloud in 30 days”.
• NIST Cloud Computing Security Working Group Member
• NIST SP 500-299: “Cloud Computing Security Reference Architecture” Contributor/Editor.
• NIST SP 800-152: “Federal Cryptographic Key Management Systems (FCKMS)”
• NIST SP 800-173: “Cloud-adapted Risk Management Framework: Guide for Applying the Risk Management Framework to Cloud-based Federal Information Systems.”
• Provided FedRAMP System Security Plans (SSP) and Authority to Operate (ATO) guidance for multiple clients.
• Member of Sovrin Technical Governance Board (TGB) to govern the technical design, architecture, implementation, and governance of Sovrin Network for Self-Sovereign Identity
• Wrote operating system code for laserdisc players and spatial audio in support of Francesc Torres’ “Too Late for Goya” which is the permanent collection of the Guggenheim Museum in Bilbao, Spain.