Wrote custom tooling to verify and enforce security controls across many 1,000s of AWS accounts. The tooling detects and remediates findings within seconds of a non-compliant event, and notifies responders of the potentially malicious activity.
Refactored usage of AWS security services, achieving over $3M in annual cost savings while maintaining security posture.
Designed and built tooling that provides real-time AWS account information up to 99% faster than the AWS Organizations API.
Embedded with data infrastructure organization for multiple projects, including implementing improvements to how PII is protected, and to add controls protecting the data analysis infrastructure from exfiltration attacks.
Designed and implemented internal tooling to provision and automatically secure all AWS accounts across multiple AWS organizations, and to continually monitor for discrepancies which are then automatically brought back into compliance.
Wrote a collection of AWS dashboards that aggregate information across all AWS accounts, allowing teams to quickly filter and query information from every account and region in the fleet, resulting in greater visibility and faster incident response.
Liaised with teams across the entire organization on a variety of security issues; from reviewing customer contracts and questions, performing risk assessments, engaging with auditors, to training executive teams on incident response procedures.
Created an extensive library of example least-privilege IAM policies for engineering teams to use with their services.
Implemented SSH 2FA across entire infrastructure, working with all teams to provide a pain-free experience using Yubikeys.
Leveraged AWS CloudTrail, Config, GuardDuty, IAM, and Lambda to automate security and compliance within AWS.
Wrote Terraform tooling to enable self-service AWS permission management, allowing teams to manage their own permissions while also ensuring policies are secure-by-default and protect against privilege escalation techniques.
Responsible for automating and improving PagerDuty's infrastructure, utilizing Chef for configuration management.
Seamlessly transitioned AWS infrastructure from EC2-Classic to EC2-VPC, overhauled AWS accounts to follow latest security best practices, reduced AWS costs by over 30%, provided training on AWS best practices, and wrote extensive documentation.
Major Incident Response Lead; Acted as Incident Commander, provided training, and built chat tooling used during incidents.
Strong focus on security; Wrote formal security incident response plan, overhauled public vulnerability reporting process, and wrote comprehensive documentation on security processes and best practices.
Led the Server Engineering and Operations team for Global Professional Services at Gracenote's San Francisco office.
Responsibilities included designing and developing new back-end services, maintaining and expanding their AWS infrastructure, and providing mentorship to others within the organization.
Responsible for application and system security. Continually performed reviews to ensure compliance with InfoSec directives.
Built a suite of prototypes to demonstrate Gracenote's latest APIs and tech, used as demos at trade shows and conferences.
Managed team resources, and liaised with other teams to provide project scopings and deliverables.
Designed and developed a new baggage messaging framework, interacting with sortation, reconciliation, tracking and security screening systems at airports around the world. The new framework resulted in faster and easier to maintain code, compatibility with more baggage systems, fewer corrupted messages, and fewer lost bags for passengers.
Constructed a variety of internal monitoring/investigative tools using Java and PHP, in my spare time. My tools became the preferred method of investigating baggage issues amongst development and support teams worldwide.
Heavily involved in airline cut-overs, ranging from small domestic airlines to large international carriers.
On-call for production systems, providing real-time support to airlines, often under very tight time requirements.
Projects
PagerDuty Security Training· Open-source security training courses covering both general and engineer-specific topics.