Experience

• 

  Kpmg

  Jul 2012 - Jul 2017

  Project Management: Spearheaded projects with a focus on strategic planning, budgeting, and contracting, ensuring all initiatives aligned with client objectives and were delivered with integrity and transparency.Team Management: Led a diverse team, overseeing recruitment and development to foster a culture of honesty, collaboration, and continuous improvement. My leadership emphasized servant leadership principles, empowering team members to contribute effectively while ensuring their professional growth.Industry Consulting: Financial Institutions Technology Firms Power / Utility companies Show less Strategic Transformation Initiatives: Led the development and execution of strategic transformation programs, enhancing cybersecurity postures within IT and OT networks.Comprehensive Security Assessments: Conducted wide-scale penetration testing and red teaming activities across diverse environments (external, internal, and wireless networks including 802.11 a/b/g/n/ac) to identify vulnerabilities and strengthen security measures.Regulatory Compliance Testing: Spearheaded NERC CIPv5 compliance testing efforts, ensuring energy sector clients met critical infrastructure protection standards.Advanced Security Tactics: Executed physical and social engineering assessments to evaluate the human element of cybersecurity defenses in IT and OT environments.Cybersecurity Solutions Development: Integrated and customized blue team tools, conducted custom development, and debugged commercial off-the-shelf (COTS) products to enhance defensive capabilities.Industries Served:Technology Power / UtilityTelecommunications Financial Sectors Show less Penetration Testing and Red Teaming: Led and executed comprehensive penetration testing and red teaming strategies within IT networks to identify and mitigate vulnerabilities.Comprehensive Security Assessments: Conducted thorough assessments across various network types, including external, internal, and wireless (802.11 a/b/g/n/ac), ensuring all aspects of cyber defenses were robust and effective.Advanced Security Practices: Implemented physical and social engineering techniques to test and enhance organizational security awareness and response capabilities.Policy Development and Compliance: Developed and refined security policies in line with NIST standards (800-53 / 800-82), ensuring comprehensive adherence to regulatory requirements and best practices.Defensive Strategy and Tool Implementation: Orchestrated blue team exercises and led the deployment and configuration of security tools, enhancing the organization's defensive posture and response mechanisms.Industries Served:Technology Power / UtilityRetail sector Show less

  • Manager

    Oct 2016 - Jul 2017

  • Senior Associate

    Oct 2014 - Oct 2016

  • Associate

    Jul 2012 - Oct 2014
• 

  Wells fargo

  Jul 2017 - now

  Purple Teaming: Orchestrated threat emulation exercises to bolster defense strategies, emphasizing scalable, automated solutions. Led the creation of data-driven reports to foster continuous improvement.Red Team Operations: Lead realistic cyber threat simulations, focusing on teamwork and technical skill to enhance security measures. Maintained a strong commitment to ethical practices and honest communication.Offensive Security Research: Conducted research on emerging threats, including zero-day vulnerabilities, prioritizing integrity and proactive problem-solving to safeguard our systems. Show less Penetration Testing / Red Teaming: Led comprehensive red teaming exercises, simulating adversarial attacks to evaluate and improve security defenses.Adversarial Consulting: Provided expert consulting services, offering strategic advice and solutions to strengthen security frameworks against potential threats. This involved close collaboration with peers, ensuring that recommendations were actionable, effective, and aligned with best practices in cybersecurity.Purple Team and Retesting Exercises: Initiated and guided purple team exercises, fostering a collaborative environment between offensive and defensive security teams. My leadership in these engagements aimed at refining and enhancing security measures through continuous testing and feedback loops.Offensive Security Research: Conducted in-depth security research to identify and analyze emerging threats. This involved pioneering techniques to uncover and mitigate vulnerabilities, contributing to a safer cyber environment for our organization and stakeholders. Show less

  • Lead Cyber Security Research Consultant / AVP

    Mar 2019 - now

  • Cyber Security Research Scientist 2

    Jul 2017 - Mar 2019