Member of four-person development team responsible for all aspects of development on https://fiveable.me/ and related sites. Implemented application features (both frontend and backend) in two different applications, primarily JavaScript/TypeScript/React-based. Highly involved in setting architecture direction for the overall application. Led code maturity project, guiding team in migrating significant portions of legacy JavaScript code to TypeScript, and modernized backend code-base to use a well-structured architecture. Refactored local development experience to provide for a straightforward "check out and run" onboarding experience into the code.
Spearheaded migration of platforms from disparate and chaotic hosting environments into Google Cloud Platform, with consolidated and robust CI/CD pipelines. Implemented highly-scalable video-conferencing system using Jitsi software running in Google Kubernetes Engine. Consolidated numerous disparate logging sources into single cloud log sink and implemented traceability within code to provide for better visibility of issues and troubleshooting.
Principal developer and customer liaison for New Context's LS/IQ virtual CISO SaaS product. Responsible for ground-up rewrite of aging Ember/Ruby on Rails/Postgres application into modern Vue.JS/TypeScript/GraphQL/MongoDB application, as well as implementation Infrastructure as Code for AWS-based infrastructure. Re-implemented legacy Jira integration and worked with Product Manager to design and develop new application features.
Worked directly with customers as "virtual CISO", to set direction and prioritize steps in their DevSecOps journey. Provided white-glove security and DevOps consulting to C-levels at multiple clients.
Consultant and team lead on multiple client projects, including Application Security program review and revitalization for worldwide insurance company, proof-of-concept secure IoT device provisioning system development; full-stack application development and support for production IoT platform.
Statement of Work & Project Proposal authoring/review, solution design and architecture, project estimation and project management.
Technical interviewing of candidates for employment; member of Hiring Committee for design/review of interview process; worked closely with HR to drive focus on Diversity and Inclusion in hiring process.
Application development and support for RiskIQ's primary SaaS application. Full-stack development work in an Agile SDLC on a React-based application with Java/Grails backend. Responsible for end-to-end implementation of PingFederate-based SSO solution, including SAML2 integrations with multiple partners. Dealt with day-to-day application support, enhancements, troubleshooting, and bugfixes. Responsible for continued support and expansion of reporting system. Worked with fellow developers to remediate application security vulnerabilities within the application, and implement processes to prevent them from reoccurring. Actively engaged in day-to-day support of other departments based around the globe.
Worked directly with RiskIQ customers to solve complex issues around application support and integration into customer environments. Developed RiskIQ's original Splunk and ArcSight integrations. Used Angular, jsreport, node.js, and Docker in AWS to create a custom reporting solution for Customer Success organization, including report templates, user interface, and back-end integration with company data services.
Spearheaded design and implementation of Enterprise XML Gateway functionality using IBM DataPower Appliances and X.509 Certificates as part of Enterprise SOA initiative. Acted as Information Security specialist on commercial banking upgrade project utilizing SOA architecture.
Acted as architect for Application Security decisions and projects within the Information Security team, as well as working heavily with other teams to create architecture standards to be used across the bank. Member of Enterprise Architectural Review Committee, providing architecture-level input and gate-level decision-making for new projects being implemented within the bank. Worked with many teams across the enterprise to maintain a good working relationship with other departments and to ensure Information Security's involvement in projects at an architectural level.
Successfully launched monthly Application Security training program based on OWASP Top 10, open to interested parties across the UMB footprint, with average monthly attendance of 50 people.
Lead for enterprise Application Security initiative. Responsible for creating, presenting, and implementing strategy and roadmaps for Application Security and Cloud Security, and developing policy and process documents for Encryption and Secure Coding Standards. Interfaced with senior management and enterprise architecture team to integrate roadmaps and strategy plans into corporate strategies. Acted as Information Security representative on enterprise projects to create awareness of potential application security issues.
Engaged in application and network penetration testing activities, including hands-on penetration testing of embedded systems and web applications, liaising with third-party penetration testers, and working with application developers to provide guidance and direction for remediation of vulnerabilities.
Actively involved in day-to-day administration, configuration, and troubleshooting of application gateway systems, including Imperva Web Application Firewalls (WAFs) and Cisco ACE XML Gateways. Developed requirements for XML gateway replacement project and aided in planning for WAF upgrade through multiple major versions.
Designed and developed audit log aggregation and analysis infrastructure, to facilitate passing of user event stream to outside partner for analysis. Developed Java Data Access Object (DAO) interface to Splunk log aggregation system to enable querying of Splunk from Java code. Wrote python scripts to augment log data from LDAP directly in Splunk. Configured parsing and querying within Splunk.
Rebuilt/upgraded Java revision-control and continuous integration (CI) infrastructure to enable a higher level of automation for code deployments. Worked with Network Engineering team to implement F5 iRules for SSL certificate-based authentication for SOAP- and REST-based web services.
Acted as a liaison between Application Development and Data Security teams, presenting relevant web application security and infrastructure topics to development teams. Worked closely with many parts of the IT organization to quickly troubleshoot, fix, and provide recommendations for remediation of customer-impacting issues.
Member of a six-person team responsible for all aspects of Data Security. Acted as subject matter expert for web application security and authentication/access control, making strategic and architectural decisions in those areas and working closely with development and systems teams to implement directives. Active in most day-to-day operations of the team, including Identity Management, authentication, encryption, firewalls and network security, and intrusion detection systems (IDS). Responsible for providing guidance to QA and development teams on identifying and remediating application security vulnerabilities.
Chief driver for multiple technology refresh and implementation projects, including Novell Access Manager deployment and Identity Management System upgrades. Worked closely with members of multiple departments and teams as well as outside contractors to coordinate and manage implementations of infrastructural projects. Developed numerous tools, libraries, and systems to close security vulnerabilities, improve incident response, and eliminate day-to-day workload for the entire team.
Planning monthly meetings, scheduling meeting location, contacting speakers, and providing content for local chapter of global Application Security organization.
Volunteer software developer and technology adviser for various non-profit and progressive political organizations.