Patrick M K.

Experience

• 

  Loyola University Chicago

  Aug 1998 - Dec 1999

  Computer Lab Assistant/Advisor
• 

  United States District Court Northern District of Illinois

  May 1999 - Aug 1999

  Computer Technician & Software Programmer
• 

  Governors State University

  Jan 2000 - Oct 2000

  Computer Lab Assistant
• 

  JPMorganChase

  May 2000 - Oct 2000

  Commercial Banking Customer Service Representative

  Worked as operations team liaison for Chase at American National Bank and Trust Company post-acquisition by Chase

• 

  Merrill Lynch

  Oct 2000 - Oct 2006

  Senior Technology Specialist

  Information Technology Site Management, Web Development, Software Engineering, Software Development, Database Development, Perimeter Information Security Management, Database Administration, Systems Administration, Network Engineering, Technology Acquisition Management, Technology Support and Services for Merrill Lynch’s presence at the Chicago Board of Trade(CBOT), Chicago Board Options Exchange (CBOE), Chicago Mercantile Exchange (CME), Merrill Lynch’s Global Financial Futures and Options, Equities, Municipal Bonds, hedge fund traders, risk and compliance teams, institutional sales, money markets, debt, mortgage, investment managers, and investment bankers. Managed, designed, developed and maintained Merrill Lynch’s internal technology asset database and user interface front-end Managed, designed, developed and secured the web site that hosted video recorded presentations, and other presentation materials from the Managing Directors and other members of management.Planned, managed, designed and implemented internal real-time web training sessions between the Global Financial Futures and Options office in Chicago, IL and Merrill Lynch’s Financial Futures and Options office in Sydney, Australia via a desktop sharing web conference application. Planned, managed, documented, distributed and trained and implemented Merrill Lynch’s Financial Futures and Options Disaster Recovery plan with successful tests at Sungard facilities in the western suburbs of Chicago including IBM Mainframe, Windows Servers, and end user workstations. Successfully and independently managed, supported and implemented Merrill Lynch’s Dallas, Texas data center power down and restoration during the fall of 2003 and again in 2004. Managed Technology and Telecommunications Cybersecurity Services Support and Services during the Summer of 2006 at Merrill Lynch’s Houston, Texas office. Received Information Security Award in 2004 Show less

• 

  Information Systems Security Association (ISSA)

  Apr 2004 - May 2006

  Physical Security Working Group Lead

  Lead the physical security workgroup efforts for the ISSA's Information Security best practice risk control matrix for physical security

• 

  Trading Technologies

  Oct 2006 - Dec 2006

  Software Associate
• 

  Société Générale

  May 2007 - Dec 2007

  Sr Business Analyst

  Worked for subsidiary FIMAT USA, LLC and Developed daily trade volume report,Project Lead for CME and CBOT FiXML conversion. Developed SQL Server and Oracle stored procedures and queries. Resolved trading system communication issues. Supported commercial trade clearing software and internally developed ASP.net web applications for multiple exchange (CME, CBOT, CBOE, NYSE,NYMEX ...) trade record keeping and exchange confirmation resolution.

• 

  US Railroad Retirement Board

  Jan 2008 - Dec 2019

  Led application security architecture and implementation of secure SDLC, DevSecOps, secure hybrid cloud, legacy systems modernizationRemediated all known risks in the Retirement Annuity Estimator web app, “Retirement Planner”, achieving FISMA complianceDeveloped an application that finds & automatically fixes security risks in source code Developed a secure “password-less” hybrid encryption application that seamlessly integrates active directory, blockchain, & RDBMS key management features. Managed rules & monitor activity on the web application firewall & database audit manager Serve as a technical authority, delivering secure software applications in support of the agency’s mission & goals. Worked with the agency’s CISO, CIO, & managers in planning, implementing, & maintaining a software applications security assurance program at headquarters & field locations, in compliance with Federal laws, regulations, & Agency directives. Ensured rigorous application of information security assurance policies, privacy, accessibility, & records management principles, & practices to deliver secure application software & services. Worked with all levels of Agency personnel to ensure that software applications security assurance is being appropriately implemented. Monitored all aspects of software applications security assurance procedures affecting information & information technology (IT) system assets, selection & implementation of security software & recommended improvements or changes due to new products & technology. Developed the agency software applications security assurance policy, standards and guidelines & strategic application security plan. Directed security assessment & review of software applications & environments, assisted in handling software applications security assurance-related incidents. Served as point of contact for the agency with other government & private sector organizations on matters of software applications security assurance. Show less Developed a FIPS 140-2 compliant (Security Requirements for Cryptographic Modules) Asymmetric/Symmetric hybrid encryption application for files and folders for securing data at rest while in transport during disaster recovery tests. The application encrypts and decrypts any amount of data as long as the target storage media limits are not exhausted. Detailed to the Legacy Systems Modernization Project migration as a subject matter expert for Data Management. Participated in on-call rotation performed supervisory duties during on-call time. Attended management coordination meetings when on-callLead SQL Server and secondary DB2 Database administration, SQL Server Integration Services (SSIS), SQL Server Reporting Services (SSRS), & Microsoft .Net, ASP.net database admin software development. Developed real-time DBMS alert system, SQL Server Job status messaging & Reporting System, SQL Server Backup reporting system, SQL Server Schema Comparison ASP.Net Web application\Web Service; and a SQL Server CPU, Wait, Agent & Connection Monitor (multi-threaded .Net Application). Served as a member of the Application Vulnerability Assessment team and Secure Software Development Lifecycle teams. Attended SQL Server Training at Global KnowledgeAttended professional DB2 Database Administration training courses from IBM, including DB2 Stored Procedure Development and DB2 Backup and Disaster Recovery. Selected by upper management to audit the Securing Microsoft .Net Applications onsite SANS course. I was also selected by our agency's Information Security team to edit and perform the final review the agencies first edition of our Secure Application Development Lifecycle "living document". Planned SQL Server 2000 migration to SQL Server 2008 R2, and SQL Server 2005 Web Hosting Service Provider migration to SQL Server 2012, & planned 2016 migration Show less Developed Enterprise Microsoft .Net and Asp.net, SQL Server, Javascript, HTML, CSS, Ajax, VisualBasic.Net, & C#.Net web development, client server, windows service, .Net console apps, web applications and web services. Projects include: Imaging Robot, Robot Service, Imaging System "auto-logoff" and "search" Microsoft .Net modules. Imaging Reporter upgrade, ERSNet (Employer Reporting System) .Net Email Module, SQL Server Schema Comparison (an Asp.Net Web/Web Service application), and NETWORX Web Hosting Service Provider project. Attended Microsoft ASP.Net 3.5 Web Application Development official course. Show less

  • IT Specialist(INFOSEC) Applications Security Engineer

    Jan 2017 - Dec 2019

  • Legacy Systems Modernization Data Management , AppSec Policy,AppSec Compliance & Risk Management SME

    Jan 2015 - Dec 2019

  • IT Specialist(DataMgmt)

    Feb 2010 - Jan 2017

  • Web Developer - IT Specialist (INET)

    Jan 2008 - Feb 2010
• 

  PreCharge Inc.

  Oct 2018 - Sept 2021

  Chief Technology Officer and Chief Information Officer

  preCharge Risk Management Solutions, preCharge Inc preCharge.com CTO | Chief Technology Officer | CIO | Chief Information Officer - October 2018 - September 2021Designed digital wallet and prepaid credit card transaction api.Integrate IBM hyper ledger blockchain, AT&T network, Akamai endpoint protection services, and existing API and crypto currency PCPi Lead IBM Developers and Hyperledger blockchain implementation team to plan our blockchain implementation Perform other Global Information Systems and Technology executive duties as Chief Information Officer and Chief Technology OfficerDevelop, customize, audit, manage and secure precharge.com, PreCharge.biz, and precharge.global crypto currency exchange.Migrated PCPi ERC-20 token wallets off of our PreCharge.global exchange and onto the Gokumarket exchange in Singapore.Planned and migrated PCPi ERC-20 tokens off of Gokumarket exchange and onto MetaMask wallet and Bitcratic exchangeCreated Precharge PCPi GitHub repo and validated PCPi Solidity ERC-20 token smart contract source code on etherscan.io Show less

• 

  Contrast Security

  Jan 2020 - Feb 2021

  Sr Solutions Architect, Application Security Architect, Cloud AppSec Architect, DevSecOps Architect

  Drive Customer Value thru analyzing existing customer DevSecOps processes, defining the ideal end state and helping them evolve their SDLC processes, evangelize how Contrast can fit into that process as well as performing the necessary integrations to fully automate security testing and satisfy the governance and compliance required by a security team.Develop solutions working closely with the US sales and engineering team, to understand a prospect’s business, identify solutions based on product offerings, and present those technologies tightly integrated with DevOps tools and processes, and the value proposition of a platform software solution to C-Suite, AppSec leads, and Developers.Architect and engineer software demonstrations addressing prospect’s business needs to technical, security and legal audiencesDevelop and conduct technical presentations in front of C-level executivesProvide technical support to the enterprise sales team to help drive customer wins, renewals and expansions ($5million+ ARR).Manage and assess technical interview process for candidates for SA positionsWorked with R&D & PM to provide feedback on updates and enhancementsEducate and assist customers with vulnerability remediation.Plan and deploy Contrast technology throughout the customer’s SDLC; install, configure, and custom development with Python, Java, Go, C#,Node, Ruby, Angular, React and Typescript on enterprise on premise servers and in AWS and Azure to ensure optimal resultsProvide guidance on advanced application security concepts and features based on a customer’s needsDevelop and maintain customer relationships by serving as a trusted application security advisorProvide ongoing strategic application security consulting and technical assistance for assigned accountsLead risk management & vulnerability remediation training, RASP trainingDesign, deliver, and lead presentations on our REST APIManage and review technical interviews with new Solution Architect candidates Show less

• 

  Drone Industry Systems Corporation

  Feb 2020 - Dec 2021

  Co-Founder, CTO, and CISO

  • Manage, architect, engineer, and lead technology, cybersecurity and physical security as member of the executive team of Drone Industry Systems Corporation.• Designed Technical Architecture, Software Architecture and Contributed to US and International patents for the Smart Drone Rooftop and Ground Airport System: https://patents.google.com/patent/US20200349852A1/en and unattended aerial vehicle, unattended aerial systems, unattended ground control, unattended vehicle safety systems, smart drone systems, drone infrastructure, smart drone landing pads, smart airport, smart urban airport, smart vertiport/vertical takeoff and landing systems, smart delivery drones, unattended traffic management: system architecture, design, development, management, related devices, related infrastructure, and related systems.• Developed and implemented full stack cyber security on boarding process for all accepted partners and third party suppliers• Planned and implemented NIST 800-171 and DoD Cybersecurity Maturity Model Certification policy documents and Software and Hardware Bill of Materials documentation on an ongoing basis• Maintained and updated Risk vs Control Matrix documentation and implementation• Architected and Integrated Cloud, iOS, and Android apps with multiple third party APIs.• Managed software engineers, project managers and expectations of c-suite for delivery timeframes and delivered accurate software and app demos on time, within budget and with confidentiality, integrity, and availability• Architect, engineer, manage and audit Drone Information Systems cloud vendor neutral Architecture on AWS and Azure with quantum, blockchain, hybrid cloud systems and artificial intelligent IoT edge endpoint devices• Full-Stack Cyber onboarding manual and automated application security testing for websites, web applications, iOS and Android Mobile apps and APIs for Drone Industry Systems, its partners and sibling companies. Show less

• 

  ZeroNorth

  Feb 2021 - Nov 2021

  Senior Application Security and DevSecOps Field Engineer

  Proactively deliver solutions for software excellence, application security, DevSecOps orchestration, risk management, enterprise vulnerability aggregation, enterprise vulnerability de-duplication/compression across an organizations on-premise, host, network, cloud, threat vulnerability management, container, source code repository, and application security testing toolset’s results using the ZeroNorth application security SaaS platform.Developed the ZeroNorth Rapid Integration Connector software product that translates, integrates, and ingests data from any security testing or reporting tool into the ZeroNorth SaaS platform. Support sales process and lead customer implementationsSolve security problems and DevSecOps problems for enterprise customers & ensure customer AppSec successWork closely with sales engineers on proof of value & proof of concept demos and enhancements to our platform.Lead tactical product management necessary to address bugs or platform feature requests and advocate actively for customer-facing capability in Product Management discussionsImprove client facing CLI-tools, CI/CD plugins and technology partner integrationsLead, manage and maintain the ZeroNorth knowledge base and platform training.Author/maintain python and shell scripts for platform configuration and useSubject matter expert in Application Security and the ZeroNorth platform’s deployment and use, as well as for the configuration, use and triage of the tools with which we integrate.Develop consulting-ware to enable customer successArchitect and administration of Customer Success AWS cloud environmentPerform Manual and automated Penetration Tests, Dynamic Application Security Testing, on demo and customer web applications, networks, cloud environments, and Web APIs.Assess and analyze vulnerabilities found during application security testing and provide remediation guidance and relay technical vulnerabilities and their impact to technical and non-technical customers Show less

• 

  Chubb

  Jan 2022 - Jun 2022

  Senior Application Security Engineer
• 

  Volvo Trucks

  Jan 2022 - Jan 2022

  Cloud Security Architect
• 

  Veracode

  Jan 2022 - Apr 2022

  Pre-Sales Solution Architect

  Performed customized application security testing and secure code training platform demonstrations for potential customers and existing customers to support the sales process. Improved and enhanced sales enablement documentation and resources. Improved customer service and support operations, customer success and sales process. Delivered pre-sales technical architecture and engineering support, integrating security testing and secure code training and virtual labs into customer SSDF and SDLC DevSecOps processes. Show less

• 

  Blackbaud

  Jan 2022 - Jun 2022

  Senior Principal Security Engineer
• 

  Gratitech

  Jan 2022 - now

  Founder

  Patrick is the founder of Gratitech. Patrick architects, engineers, and develops software for Gratitech and Gratitech customers like, s3cr3tx, an open source project that protects credentials used by software, applications, source code, and configuration files. Gratitech provides software assurance for s3cr3tx that is a public project on GitHub: https://github.com/GratitechInc/s3cr3tx Patrick also works on professional service contracts with large & mid-sized B2B & B2C organizations like United Airlines, Guidepoint Security, Fannie Mae, Berkshire Hathaway, Chubb Insurance, and Volvo & Mack Trucks as Application Security Architect & Advisor; helping make technology and software more secure through NextGen full-stack Application and Cyber Security. Our cutting-edge application security and cybersecurity solutions protect all layers of technology, helping our clients reduce the time and cost of cybersecurity management while simultaneously increasing accuracy, protection, and peace of mind.Our talented team of entrepreneurs, architects, and engineers have deployed innovative and proven NextGen technology and cybersecurity solutions to leading US and multinational firms. We pride ourselves on our obsession with customer service and high-quality cyber risk mitigation strategies. At Gratitech, we believe the right solutions and technological edge can lead companies towards a more successful and secure future, and solidify trust across customers, employees, suppliers, and the general public.After working with technology and cybersecurity firms over two decades, Patrick Kelly founded Gratitech in 2017 with a vision to break through industry silos and develop an end-to-end application and cybersecurity solution. Gratitech was born with the purpose of making the world a better and safer place. We’re grateful for the wealth of technology and how our expertise is helping to move society forward in a more secure way. Show less

• 

  Sprout Learning

  Jan 2022 - Mar 2022

  CTO, CISO, & CIO
• 

  Invata

  Feb 2022 - Mar 2022

  Chief Technology Officer CTO| Chief Information Security Officer CISO| Chief Information Officer CIO
• 

  Berkshire Hathaway Homestate Companies - Workers Compensation Division

  Jun 2022 - Nov 2022

  Cloud Security Architect
• 

  TEKsystems

  Jun 2022 - Nov 2022

  Cloud Security Architect
• 

  Fannie Mae

  Sept 2022 - Oct 2023

  Application Security Advisor, Cloud Security Architect, IAM Threat Detection & Response
• 

  GuidePoint Security

  Oct 2023 - Jun 2024

  Senior Security Analyst
• 

  EC-Council

  Oct 2023 - now

  Author of “AI-Powered Cloud Defense”

  Author of “AI-Powered Cloud Defense” video course

• 

  United Airlines

  Oct 2023 - Jun 2024

  Principal Application Security Architect