Resume

Product Security Engineer and OSCP holder with over 10 years of experience in secure software development, secure coding best practices, developer training, code security tooling and implementation in CI/CD pipelines and local workflows, metrics and KPIs, team management, manual testing and exploitation, threat modeling, secure software architecture, usable security features, automation and security utility development, red teaming, and offensive security.

Experience

iHerb

Principal Product Security Engineer

Apr 2020 — Dec 2025 · Irvine, CA

iHerb is a global online retailer of nutritional supplements and health products. As iHerb's first senior hire I spearheaded their first appsec program.

Self Employed Consultant

Security Engineering / DevOps Engineer / SRE / Cloud Engineer

Jun 2021 — Jan 2024

Provided freelance consulting services to various clients, focusing on application security, DevOps, and cloud infrastructure.

L'Oréal USA

Application Security Senior Manager

Jan 2019 — Apr 2020 · New York, NY

L'Oréal USA is the American subsidiary of L'Oréal Group, the world's largest cosmetics and beauty company. As the first appsec hire globally I championed the first program for eCommerce and eMarketing sites for hundreds of brands on the SFCC platform and CMS systems like Sitecore and Wordpress while also starting the first red team to exploit internal systems including POS devices in stores.

L'Oréal USA

Application Security Consultant

Aug 2015 — Dec 2018 · New York, NY

L'Oréal USA is the American subsidiary of L'Oréal Group, the world's largest cosmetics and beauty company. As a full time consultant I focused solely on security for their global eCommerce initiative.

CTI Global

Consultant

Jan 2013 — Aug 2015 · New Town, PA

CTI helps customers solve their Identity challenges through advisory services and assessments, focused IAM projects, support services, and staff augmentation. At CTI I was a GRC consultant, Postini email security specialist, MobileIron BYOD specialist, and Google Workspace specialist performing sales engineering, migrations, implementations, and support for large clients like the UNFPA.

PCG Digital Marketing

Web Developer

Sep 2010 — Dec 2012

A full-service automotive digital marketing agency committed to delivering exceptional customer service and tailored, data-driven strategies that drive results and empower dealerships of all sizes. At PCG I started as an SEO specialist but quickly found passion in web development and moved to that team in my first year, teaching myself how to code at night. I eventually was building wordpress themes, plugins, and bespoke marketing apps in the LAMP stack.

Intron Group

Consultant

Jan 2004 — Dec 2010

A boutique IT consulting firm specializing in small to large enterprise IT solutions. Here I implemented and support small to medium size business IT needs from networking, active directory, email, firewalls, printers, etc.

Skills

Software I've Worked On

Containerized backend web services
CLIs
Automation systems
API clients
Event consumers and producers
Exploits
Web and mobile front ends

Languages I've Reviewed

Python (Django, FastAPI, Flask, ML)
JavaScript (React, Next.JS, TypeScript)
Golang (Cobra, APIs)
C# (.NET)
Swift
Kotlin
Java (Spring)

Languages I've Coded

Python (Django, FastAPI, click, celery)
Golang (Cobra, Gorm, native HTTP)
JavaScript/TypeScript (web crawlers, bots, Atlassian Forge, CDK)
Rust (serde, actix)
Shell
PHP (WordPress themes and plugins, CodeIgniter, CakePHP)
C (exclusively for exploitation development or modification)
HTML/CSS
Google Apps Script

Application Security Tools

SAST: Coverity, Checkmarx, Snyk, Semgrep, Veracode, Bandit
SCA: Snyk, OSVscanner, Lacework Codescan, JFrog Xray, DependencyTrack
SBOM: CycloneDX

CI/CD

Jenkins (declarative or scripted)
Bitbucket Pipelines
Azure Pipelines

Infrastructure as Code

Terraform
AWS CDK

Cloud

Azure AKS
AWS EKS
AWS ECS with Fargate
AWS Lambda
Cloudflare Workers
AWS SNS
AWS SQS
AWS S3

Certifications

Offensive Security Certified Professional (OSCP)