| EXPERIENCE |
| COSTAR GROUP | Richmond, VA |
| Senior Security Engineer | 07/2025 - Present |
- Prioritized and reported vulnerabilities to business IT and DevOps audiences utilizing CI/CD automation.
- Secured production and consumption of AI and MCP services. Provided secure development pathways leveraging ngrok.
- Streamlined vulnerability and asset management via the Axonius platform.
- Created framework for prioritizing vulnerabilities within the same criticality class, enabling prioritized reduction of largest vulnerability sets first.
- Developed dashboards and metrics to drive down End of Life/End of Support software titles and operating systems (Windows/Linux) reducing overall threat vectors.
|
| CAPITAL ONE | Richmond, VA (Hybrid) |
| Principal Associate, Endpoint Security Engineer | 06/2024 - 07/2025 |
- Deployed BeyondTrust Endpoint Privilege Management (EPM) for Windows and macOS allowing for the retirement of homegrown privilege elevation solution.
- Developed multiple policies for production endpoint environments resulting in better alighnment with least privilege best practices.
- Designed and implemented application control policies with BeyondTrust EPM for Windows and macOS.
- Automated critical analysis and administration processes reducing manpower requirements and streamlining tasks.
|
| GREATCALL/BEST BUY | Remote |
| Senior Security Engineer | 10/2019 - 3/22/2024 |
- Whitelisted applications and granted user privilege elevation via BeyondTrust EPM
- Automated user group membership lookups via PowerShell scripting reducing approval time of requests by 90%.
- Drove penetration of endpoint protection and logging technologies via technical metrics, paving the way for HIPAA compliance and HITRUST certification. This resulted in 95% security tooling penetration in legacy environments.
- Built MISP instance for normalization, automation, and dissemination of threat intelligence.
- Onboard endpoints and configure security policy settings in Microsoft Defender to manage security settings on devices.
- Coordinated closely with data leak protection (DLP) teams, leveraging Symantec DLP solutios to proactively detect and prevent data loss and inadvertant disclosure of sensitive and company data.
- Ensured seamless integration of DLP policies across communication channels, including cloud, email, web, endpoints, and storage.
|
| SEMPRA ENERGY | San Diego, CA |
| Senior Cybersecurity Specialist | 03/2014 - 10/2019 |
- Solved niche problems and reduced human workload through scripting and automation projects in Ruby and python
- Verified vulnerabilities through authorized exploitation leveraging enterprise scanning infrastructure, Free and Open Source Software (FOSS) and home-grown tools.
- Built and configured virtualized scanning infrastructure increasing scan cadence from monthly to weekly (Tenable)
- Increased vulnerability scan accuracy and precision through custom scan templates.
- Lead quarterly Red Team exercises to identify gaps in security controls and procedures.
- Wrote credential verification tool to test scan credentials for authenticated vulnerability scanning (python).
- Proficiently tracked and documented vulnerabilities using the RSA Archer Risk Catalog. Recorded granular details about incidents, vulnerabilities, and near misses, including monetary loss and root cause analysis.
|
| RAYTHEON COMPANY | San Diego, CA |
| Cyber Engineering Lead | 08/2006 - 02/2014 |
- Identified and reduced "Shadow IT" activity via scripting and automation projects (C#/.NET).
- Developed and maintained an integration library to the nCircle VnE API allowing for creation of an advanced vulnerability scanning and reporting system.
- Simplified analysis, reporting and management of vulnerabilities, resulting in greater system administration adoption and more comprehensive vulnerability remediation.
- Conceptualized, developed and managed "Big Data" project, internally called NetDB, providing unparalleledvisibility into he company's information technology environment in terms of asset management, vulnerability management and asset "care and feeding".
- Reduced headcount requirements by streamlining and automating information security management tasks (perl, C#/.NET).
|
|