SUMMARY

Dedicated information security engineer, advanced in monitoring networked environments to detect, identify, and prevent breaches. Accomplished in working with complex systems and proactively addressing security threats. Thorough, methodical, and attentive to technical details with the proven ability to manage undefined challenges, establish direction through data-driven analysis, and create processes to address issues. Strategic and solutions-driven, adept in maintaining an agile and adaptable work approach.

KEY SKILLS

Information Security Architecture | System and Network Protocols and Technologies | Operatin System Administration and Hardening | Process Automation | Intrusion Detection | Incident Response and Management | Threat Hunting | Python | Perl | Ruby | C#/.NET | PowerShell | Bash

EDUCATION

AMERICAN INTERCONTINENTAL UNIVERSITY

Remote
Master of Information Technology  
Concentration in: Information Security  
 

BREVARD COLLEGE

Brevard, NC
Bachelor of Arts, Music Composition  

EXPERIENCE
COSTAR GROUPRichmond, VA
Senior Security Engineer07/2025 - Present
  • Engineered robust detection methodologies and security frameworks for AI and Model Context Protocol (MCP) systems, ensuring the end-to-end security of both consumed and produced AI services.
  • Designed and implemented a custom vulnerability prioritization framework within identical severity classes, delivering highly actionable data that empowered remediation teams to target and eliminate the largest risk sets first.
  • Spearheaded a comprehensive lifecycle management program to mitigate and remove End-of-Life (EOL) and End-of-Support (EOS) software, successfully eradicating critical legacy risks including Internet Explorer and Windows Server 2016.
  • Automated vulnerability reporting and tracking across CI/CD pipelines, streamlining asset and exposure management via the Axonius platform for business IT and DevOps stakeholders.
  • Accelerated team efficiency and security alignment by authoring a comprehensive Vulnerability Management knowledge base, providing secure development pathways with ngrok, and guiding Agile/Scrum project methodologies.
CAPITAL ONERichmond, VA (Hybrid)
Principal Associate, Endpoint Security Engineer06/2024 - 07/2025
  • Deployed BeyondTrust Endpoint Privilege Management (EPM) for Windows and macOS allowing for the retirement of homegrown privilege elevation solution.
  • Developed multiple policies for production endpoint environments resulting in better alighnment with least privilege best practices.
  • Designed and implemented application control policies with BeyondTrust EPM for Windows and macOS.
  • Automated critical analysis and administration processes reducing manpower requirements and streamlining tasks.
GREATCALL/BEST BUYRemote
Senior Security Engineer10/2019 - 3/22/2024
  • Whitelisted applications and granted user privilege elevation via BeyondTrust EPM
  • Automated user group membership lookups via PowerShell scripting reducing approval time of requests by 90%.
  • Drove penetration of endpoint protection and logging technologies via technical metrics, paving the way for HIPAA compliance and HITRUST certification. This resulted in 95% security tooling penetration in legacy environments.
  • Built MISP instance for normalization, automation, and dissemination of threat intelligence.
  • Onboard endpoints and configure security policy settings in Microsoft Defender to manage security settings on devices.
  • Coordinated closely with data leak protection (DLP) teams, leveraging Symantec DLP solutios to proactively detect and prevent data loss and inadvertant disclosure of sensitive and company data.
  • Ensured seamless integration of DLP policies across communication channels, including cloud, email, web, endpoints, and storage.
SEMPRA ENERGYSan Diego, CA
Senior Cybersecurity Specialist03/2014 - 10/2019
  • Solved niche problems and reduced human workload through scripting and automation projects in Ruby and python
  • Verified vulnerabilities through authorized exploitation leveraging enterprise scanning infrastructure, Free and Open Source Software (FOSS) and home-grown tools.
  • Built and configured virtualized scanning infrastructure increasing scan cadence from monthly to weekly (Tenable)
  • Increased vulnerability scan accuracy and precision through custom scan templates.
  • Lead quarterly Red Team exercises to identify gaps in security controls and procedures.
  • Wrote credential verification tool to test scan credentials for authenticated vulnerability scanning (python).
  • Proficiently tracked and documented vulnerabilities using the RSA Archer Risk Catalog. Recorded granular details about incidents, vulnerabilities, and near misses, including monetary loss and root cause analysis.
RAYTHEON COMPANYSan Diego, CA
Cyber Engineering Lead08/2006 - 02/2014
  • Identified and reduced "Shadow IT" activity via scripting and automation projects (C#/.NET).
  • Developed and maintained an integration library to the nCircle VnE API allowing for creation of an advanced vulnerability scanning and reporting system.
  • Simplified analysis, reporting and management of vulnerabilities, resulting in greater system administration adoption and more comprehensive vulnerability remediation.
  • Conceptualized, developed and managed "Big Data" project, internally called NetDB, providing unparalleledvisibility into he company's information technology environment in terms of asset management, vulnerability management and asset "care and feeding".
  • Reduced headcount requirements by streamlining and automating information security management tasks (perl, C#/.NET).

PROFESSIONAL DEVELOPMENT

Certifications:
  • BeyondTrust Certified Administrator for Windows
  • BeyondTrust Certified Administrator for Mac
  • GIAC Certified Incident Handler (GCIH), #27444 - expired 2020
  • GIAC Security Essentials Cetificate (GSEC) - expired 2012
Professional Training:
  • Amazon AWS Certified Cloud Professional (AWS CCP)
  • Offensive Security Certified Professional (OSCP)
  • SANS Web Application Penetration Testing and Ethical Hacking (GWAPT)
  • SANS Incident Handling and Hacker Tools (GCIH)
  • SANS Network Penetration Testing and Ethical Hacking (GPEN)
  • SANS Intrusion Detection In-Depth (GCIA)

COMMUNITY
  • Contributor: Lynis linux auditing tool, including security checks and bugfixes.
  • Former Contributor: Fedora Linux Security Documentation Project
  • Former Contributor: Smoothwall Express community firewall project.
  • Authored many Github projects, including:
    • lynis-report-converter - convert lynis auditing tool report data to more human readable formats.
    • nmap2db.rb - Convert nmap XML output to various database formats.